Dobry den mam tu 2 masinky na ktorych po spusteni windows zacne po chvili proces svchost.exe vytazovat cpu na 100%, takze pc su prakticky nepouzitelne.
Prikladam logy
1
Logfile of random's system information tool 1.09 (written by random/random)
Run by brazo at 2013-09-11 15:26:15
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive D: has 205 GB (86%) free of 238 GB
Total RAM: 1527 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:26:37, on 11.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Microsoft Security Client\MsMpEng.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Samsung\Kies\KiesTrayAgent.exe
D:\Program Files\Microsoft Security Client\msseces.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Samsung\Kies\Kies.exe
D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TeamViewer3\TeamViewer_Host.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\TeamViewer3\TeamViewer.exe
D:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\brazo\Desktop\RSIT.exe
D:\Program Files\trend micro\brazo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] D:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [MSC] "D:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KiesPreload] D:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] D:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvoriť mobilnú obľúbenú položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7958496656
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PandoraService (PanService) - Unknown owner - D:\Program Files\PANDORA.TV\PanService\PandoraService.exe (file missing)
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - D:\Program Files\TeamViewer3\TeamViewer_Host.exe
--
End of file - 6554 bytes
======Scheduled tasks folder======
D:\WINDOWS\tasks\Adobe Flash Player Updater.job
D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
D:\WINDOWS\tasks\MpIdleTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"SkyTel"=D:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=D:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"APSDaemon"=D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"KiesTrayAgent"=D:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2013-04-23 311152]
"MSC"=D:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20 995176]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2013-05-31 152392]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"KiesPreload"=D:\Program Files\Samsung\Kies\Kies.exe [2013-04-23 1561968]
"KiesAirMessage"=D:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup []
""=D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-05-08 844168]
"PC Suite Tray"=D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"H/PC Connection Agent"=D:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe"="D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager"
"D:\Program Files\TeamViewer3\TeamViewer.exe"="D:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"D:\Program Files\Yaho's Miranda IM\miranda32.exe"="D:\Program Files\Yaho's Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Program Files\Evik miranda\miranda32.exe"="D:\Program Files\Evik miranda\miranda32.exe:*:Enabled:Miranda IM"
"D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"D:\Documents and Settings\brazo\Application Data\uTorrent\uTorrent.exe"="D:\Documents and Settings\brazo\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"="D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="D:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"
"D:\Program Files\PANDORA.TV\PanService\PanProcess.exe"="D:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe"="D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager"
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"="D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-09-11 14:55:44 ----D---- D:\rsit
2013-09-11 14:55:44 ----D---- D:\Program Files\trend micro
2013-09-11 14:27:11 ----SHD---- D:\RECYCLER
2013-09-11 14:27:08 ----D---- D:\Documents and Settings\All Users\Application Data\TEMP
2013-09-11 14:23:30 ----D---- D:\Program Files\Unlockroot Pro
2013-09-11 14:23:28 ----D---- D:\WINDOWS\system32\searchplugins
2013-09-11 14:23:28 ----D---- D:\WINDOWS\system32\Extensions
2013-09-11 14:23:28 ----D---- D:\Program Files\Optimizer Pro
2013-09-11 14:23:27 ----D---- D:\Program Files\Mozilla Firefox
2013-09-11 14:23:27 ----D---- D:\Documents and Settings\All Users\Application Data\Babylon
2013-09-11 14:22:31 ----D---- D:\WINDOWS\system32\MRT
2013-09-11 14:21:01 ----D---- D:\Documents and Settings\All Users\Application Data\Freemake
2013-09-11 14:21:00 ----D---- D:\Program Files\Freemake
2013-09-11 14:20:56 ----D---- D:\Documents and Settings\brazo\Application Data\Canneverbe Limited
2013-09-11 14:20:56 ----D---- D:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-09-11 11:35:45 ----D---- D:\RECYCLER(2)
2013-09-11 10:32:44 ----A---- D:\ComboFix.txt
2013-09-11 10:03:11 ----D---- D:\Qoobox
2013-09-11 10:02:56 ----D---- D:\WINDOWS\erdnt
2013-09-05 09:31:58 ----D---- D:\WINDOWS\Minidump
2013-09-02 11:23:04 ----A---- D:\WINDOWS\system32\WinUSBCoInstaller2.dll
2013-08-30 15:48:12 ----D---- D:\Program Files\Garmin
2013-08-30 15:48:10 ----D---- D:\Documents and Settings\brazo\Application Data\Garmin
2013-08-28 08:44:27 ----HDC---- D:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-23 15:07:30 ----D---- D:\Program Files\Unlockroot
2013-08-23 15:05:40 ----D---- D:\Documents and Settings\All Users\Application Data\Tarma Installer
2013-08-23 15:04:27 ----D---- D:\Documents and Settings\brazo\Application Data\Babylon
2013-08-14 13:53:34 ----A---- D:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2013-08-14 13:53:25 ----D---- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 12:15:21 ----HDC---- D:\WINDOWS\$NtUninstallKB2862772$
2013-08-14 12:07:06 ----HDC---- D:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 12:06:56 ----HDC---- D:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 12:06:48 ----HDC---- D:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 12:06:34 ----HDC---- D:\WINDOWS\$NtUninstallKB2849470$
======List of files/folders modified in the last 1 month======
2013-09-11 15:25:56 ----A---- D:\WINDOWS\SchedLgU.Txt
2013-09-11 15:24:37 ----D---- D:\WINDOWS\Temp
2013-09-11 15:23:24 ----SD---- D:\WINDOWS\Tasks
2013-09-11 15:14:56 ----D---- D:\WINDOWS\system32\CatRoot2
2013-09-11 15:11:17 ----D---- D:\WINDOWS\system32
2013-09-11 15:11:06 ----A---- D:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-11 15:07:30 ----RD---- D:\Program Files
2013-09-11 14:28:03 ----D---- D:\WINDOWS\system32\config
2013-09-11 14:27:47 ----D---- D:\WINDOWS\system32\wbem
2013-09-11 14:27:47 ----D---- D:\WINDOWS\Registration
2013-09-11 14:27:09 ----D---- D:\WINDOWS
2013-09-11 14:26:40 ----SHD---- D:\WINDOWS\Installer
2013-09-11 14:26:38 ----D---- D:\Program Files\Google
2013-09-11 14:26:15 ----D---- D:\Program Files\LGE Tool
2013-09-11 14:26:05 ----D---- D:\Program Files\SgTool
2013-09-11 14:25:55 ----D---- D:\Program Files\Z3X
2013-09-11 14:25:25 ----HD---- D:\WINDOWS\inf
2013-09-11 14:25:18 ----D---- D:\WINDOWS\system32\drivers
2013-09-11 14:24:23 ----D---- D:\Program Files\SPT
2013-09-11 14:23:10 ----D---- D:\Program Files\Microsoft Security Client
2013-09-11 14:23:10 ----D---- D:\Config.Msi
2013-09-11 14:22:21 ----RSHDC---- D:\WINDOWS\system32\dllcache
2013-09-11 14:21:43 ----D---- D:\WINDOWS\WinSxS
2013-09-11 14:21:05 ----D---- D:\Program Files\iTunes
2013-09-11 14:21:02 ----DC---- D:\WINDOWS\system32\DRVSTORE
2013-09-11 14:20:56 ----D---- D:\Program Files\CDBurnerXP
2013-09-11 14:20:55 ----D---- D:\WINDOWS\system32\drivers\umdf
2013-09-11 14:20:50 ----D---- D:\Program Files\TestImei
2013-09-11 14:19:40 ----RSD---- D:\WINDOWS\Fonts
2013-09-11 14:19:24 ----D---- D:\Program Files\Microsoft ActiveSync
2013-09-11 14:17:10 ----D---- D:\Documents and Settings\brazo\Application Data\uTorrent
2013-09-11 14:17:10 ----D---- D:\Documents and Settings\All Users\Application Data\Nokia
2013-09-11 14:16:40 ----D---- D:\Program Files\MetaTrader - One Financial
2013-09-11 14:15:37 ----HDC---- D:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-09-11 14:15:36 ----HDC---- D:\WINDOWS\$NtUninstallKB2850851$
2013-09-11 14:15:35 ----HDC---- D:\WINDOWS\$NtUninstallKB2845187$
2013-09-11 14:14:07 ----D---- D:\WINDOWS\system32\XPSViewer
2013-09-11 14:14:03 ----HDC---- D:\WINDOWS\$NtUninstallKB2846071$
2013-09-11 13:49:54 ----D---- D:\WINDOWS\system32\CatRoot
2013-09-11 11:37:17 ----D---- D:\Program Files\DIFX
2013-09-11 11:34:43 ----D---- D:\WINDOWS\system32\Restore
2013-09-11 10:32:44 ----D---- D:\WINDOWS\Prefetch
2013-09-11 10:31:18 ----A---- D:\WINDOWS\system.ini
2013-09-11 10:31:10 ----D---- D:\WINDOWS\system32\drivers\etc
2013-09-11 10:28:05 ----D---- D:\WINDOWS\AppPatch
2013-09-11 10:28:02 ----D---- D:\Program Files\Common Files
2013-09-05 16:25:10 ----D---- D:\Program Files\The KMPlayer
2013-09-05 08:58:55 ----D---- D:\Documents and Settings\brazo\Application Data\EurekaLog
2013-08-30 09:48:07 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2013-08-27 10:43:33 ----D---- D:\Documents and Settings\brazo\Application Data\PC Suite
2013-08-15 09:22:32 ----RSD---- D:\WINDOWS\assembly
2013-08-15 09:22:32 ----D---- D:\WINDOWS\Microsoft.NET
2013-08-14 12:15:39 ----A---- D:\WINDOWS\system32\MRT.exe
2013-08-14 12:15:31 ----A---- D:\WINDOWS\imsins.BAK
2013-08-14 12:03:55 ----D---- D:\Program Files\iPod
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; D:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 irda;IrDA Protocol; D:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 StarOpen;StarOpen; D:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 Egatebus;Egatebus; D:\WINDOWS\system32\drivers\egatebus.sys [2003-12-19 11264]
R3 Egaterdr;Egaterdr; D:\WINDOWS\system32\drivers\egaterdr.sys [2003-12-19 10368]
R3 FTDIBUS;USB Serial Converter Driver; D:\WINDOWS\system32\drivers\ftdibus.sys [2010-03-28 57800]
R3 FTSER2K;USB Serial Port Driver; D:\WINDOWS\system32\drivers\ftser2k.sys [2010-03-28 72520]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 irsir;Microsoft Serial Infrared Driver; D:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 R5BaseSmc;USB Token Holder Service; D:\WINDOWS\system32\DRIVERS\smccard.sys [2004-09-28 12800]
R3 Rasirda;WAN Miniport (IrDA); D:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 token;USB Token Service; D:\WINDOWS\system32\DRIVERS\eps2kt1.sys [2004-10-14 21888]
R3 usbstor;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; D:\WINDOWS\System32\Drivers\ssadadb.sys [2013-04-03 32064]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-04-03 83864]
S3 Egatecard;Egatecard; D:\WINDOWS\System32\Drivers\egate.sys [2003-12-19 13312]
S3 FlashUSB;FlashUSB; D:\WINDOWS\system32\DRIVERS\FlashUSB.sys [2013-04-03 16384]
S3 ggflt;SEMC USB Flash Driver Filter; D:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
S3 ggsemc;SEMC USB Flash Driver; D:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-04-06 25512]
S3 HTCAND32;HTC Device Driver; D:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 Netaapl;Apple Mobile Device Ethernet Service; D:\WINDOWS\system32\DRIVERS\netaapl.sys [2012-09-10 18432]
S3 nmwcd;Nokia USB Phone Parent Driver; D:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; D:\WINDOWS\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; D:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 ntportio;ntportio; \??\E:\!GSM!\Ericsson\USB_SMRAD\SEMC_Tool_v87\ntportio.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 riffbox;RIFFBOX_2010; D:\WINDOWS\system32\DRIVERS\riffbox.sys [2010-05-04 27648]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); D:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 SamUsb;MTBox Device; D:\WINDOWS\System32\Drivers\mtbox.sys [2005-09-07 31452]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); D:\WINDOWS\system32\DRIVERS\ss_bus.sys [2013-04-03 98560]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; D:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2013-04-03 14848]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; D:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2013-04-03 123776]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); D:\WINDOWS\system32\DRIVERS\ssadbus.sys [2013-04-03 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); D:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2013-04-03 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; D:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2013-04-03 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); D:\WINDOWS\system32\DRIVERS\ssadserd.sys [2013-04-03 130248]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); D:\WINDOWS\system32\DRIVERS\sscdbus.sys [2013-04-03 136776]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; D:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2013-04-03 17864]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; D:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2013-04-03 153672]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); D:\WINDOWS\system32\DRIVERS\sscebus.sys [2013-04-03 136904]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; D:\WINDOWS\system32\DRIVERS\sscemdfl.sys [2013-04-03 17864]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; D:\WINDOWS\system32\DRIVERS\sscemdm.sys [2013-04-03 153672]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); D:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2013-04-03 104448]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; D:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2013-04-03 14848]
S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers; D:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2013-04-03 132608]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-04-03 181912]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudobex.sys [2013-04-03 181912]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudserd.sys [2013-04-03 181912]
S3 UFS2XX;UFS2XX.SYS UFS2 device driver; D:\WINDOWS\system32\drivers\UFS2XX.sys [2007-06-27 53184]
S3 UIUSys;Conexant Setup API; D:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2012-12-13 45056]
S3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; D:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSMARTPrj;USB Smart device driver; D:\WINDOWS\System32\Drivers\UsbSmart.sys [2005-09-15 7680]
S3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WinUSB;SAMSUNG Android USB Driver; D:\WINDOWS\system32\DRIVERS\WinUSB.sys [2009-07-13 34944]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 HTCMonitorService;HTCMonitorService; D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
R2 MsMpSvc;Microsoft Antimalware Service; D:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-06-20 22208]
R2 TeamViewer;TeamViewer 3; D:\Program Files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 181544]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2013-05-31 553288]
R3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-14 116648]
S2 Irmon;Infrared Monitor; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 PanService;PandoraService; D:\Program Files\PANDORA.TV\PanService\PandoraService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11 257416]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-14 116648]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-10 117144]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-16 755880]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
2
Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2013-09-11 15:35:13
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 98 GB (83%) free of 118 GB
Total RAM: 1983 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:35:31, on 11.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\GSM Service\GSM_servis.exe
C:\Omega\INTRO.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Omega\CRV2Kros.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... R}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.2\pdfforgeToolbarIE.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.2\pdfforgeToolbarIE.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8104210351
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8104613109
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 6398 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =302398&p="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
C:\Program Files\Mozilla Firefox\plugins\
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
yahoo.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\7.2\pdfforgeToolbarIE.dll [2013-06-07 1353536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\7.2\pdfforgeToolbarIE.dll [2013-06-07 1353536]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-11 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-11-04 163840]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-11-08 6756048]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-07-18 995184]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2013-06-07 1302336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Yaho's Miranda Pack\miranda32.exe"="D:\Yaho's Miranda Pack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Yaho's Miranda Pack\miranda32.exe"="C:\Program Files\Yaho's Miranda Pack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-09-11 13:47:59 ----SHD---- C:\Config.Msi
2013-09-11 13:47:57 ----D---- C:\WINDOWS\Temp28A9947D-D6DA-4348-4C06-70CB8ACA65B9-Signatures
2013-09-11 12:13:18 ----D---- C:\Program Files\Mozilla Firefox
2013-09-11 12:09:52 ----D---- C:\Program Files\pdfforge Toolbar
2013-09-11 12:09:52 ----D---- C:\Program Files\Common Files\Spigot
2013-09-11 12:09:52 ----D---- C:\Program Files\Application Updater
2013-09-11 12:09:51 ----D---- C:\Documents and Settings\Owner\Application Data\Search Settings
2013-09-11 12:06:21 ----SHD---- C:\RECYCLER
2013-09-11 11:51:31 ----D---- C:\Program Files\trend micro
2013-09-11 11:51:30 ----D---- C:\rsit
2013-09-11 10:41:45 ----D---- C:\WINDOWS\temp
2013-09-11 10:41:43 ----A---- C:\ComboFix.txt
2013-09-11 10:31:33 ----A---- C:\Boot.bak
2013-09-11 10:31:28 ----D---- C:\cmdcons
2013-09-11 09:54:29 ----D---- C:\Qoobox
2013-09-11 09:53:44 ----D---- C:\WINDOWS\erdnt
2013-09-05 08:48:37 ----D---- C:\Program Files\Application Updater(2)
2013-09-05 08:48:35 ----D---- C:\Program Files\pdfforge Toolbar(2)
2013-09-05 08:48:35 ----D---- C:\Program Files\Common Files\Spigot(2)
2013-08-28 11:58:12 ----DC---- C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2013-08-14 12:11:44 ----DC---- C:\WINDOWS\$NtUninstallKB2862772$
2013-08-14 12:04:36 ----DC---- C:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 12:04:23 ----DC---- C:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 12:04:13 ----DC---- C:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 12:04:02 ----DC---- C:\WINDOWS\$NtUninstallKB2849470$
======List of files/folders modified in the last 1 month======
2013-09-11 15:35:20 ----D---- C:\WINDOWS\Prefetch
2013-09-11 15:10:51 ----D---- C:\Omega
2013-09-11 14:17:29 ----D---- C:\WINDOWS\system32
2013-09-11 14:17:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-11 14:14:58 ----SD---- C:\WINDOWS\Tasks
2013-09-11 14:13:26 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-11 14:12:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-09-11 14:03:06 ----A---- C:\WINDOWS\gsm.ini
2013-09-11 14:01:30 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-11 13:52:53 ----D---- C:\WINDOWS
2013-09-11 13:49:41 ----D---- C:\Program Files\Microsoft Security Client
2013-09-11 13:49:40 ----SHD---- C:\WINDOWS\Installer
2013-09-11 13:49:15 ----HD---- C:\WINDOWS\inf
2013-09-11 13:49:15 ----D---- C:\WINDOWS\system32\drivers
2013-09-11 13:49:15 ----D---- C:\WINDOWS\system32\CatRoot
2013-09-11 12:14:19 ----D---- C:\WINDOWS\system32\config
2013-09-11 12:14:04 ----D---- C:\WINDOWS\system32\wbem
2013-09-11 12:14:03 ----D---- C:\WINDOWS\Registration
2013-09-11 12:13:26 ----RD---- C:\Program Files
2013-09-11 12:13:11 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-09-11 12:12:36 ----DC---- C:\WINDOWS\$NtUninstallKB2846071$
2013-09-11 12:12:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-11 12:12:32 ----D---- C:\WINDOWS\WinSxS
2013-09-11 12:11:20 ----DC---- C:\WINDOWS\$NtUninstallKB2845187$
2013-09-11 12:11:20 ----DC---- C:\WINDOWS\$NtUninstallKB2803821_WM9$
2013-09-11 12:11:19 ----DC---- C:\WINDOWS\$NtUninstallKB2850851$
2013-09-11 12:09:52 ----D---- C:\Program Files\Common Files
2013-09-11 12:05:47 ----D---- C:\WINDOWS\system32\Restore
2013-09-11 10:40:13 ----A---- C:\WINDOWS\system.ini
2013-09-11 10:38:06 ----D---- C:\WINDOWS\AppPatch
2013-09-11 10:04:26 ----D---- C:\WINDOWS\system32\drivers\etc
2013-08-14 14:03:30 ----D---- C:\WINDOWS\assembly
2013-08-14 13:59:19 ----D---- C:\WINDOWS\Microsoft.NET
2013-08-14 12:11:58 ----A---- C:\WINDOWS\imsins.BAK
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-11-08 99080]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-11-08 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-11-08 32640]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MpKsl74539ef0;MpKsl74539ef0; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E86A3756-9ABD-4A15-9B02-BF952CF42B53}\MpKsl74539ef0.sys []
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2010-06-25 47104]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\WINDOWS\system32\DRIVERS\silabenm.sys [2007-09-06 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\WINDOWS\system32\DRIVERS\silabser.sys [2007-09-06 58368]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-02-11 244352]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2010-06-25 47104]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 mvusbews;USB EWS Device; C:\WINDOWS\System32\Drivers\mvusbews.sys [2011-04-15 17408]
S3 slabbus;CP2101 USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2013-06-07 806776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-11-08 1990464]
R2 HPSIService;HP SI Service; C:\WINDOWS\system32\HPSIsvc.exe [2011-05-18 99896]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-07-18 22216]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11 257416]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-20 117144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
-----------------EOF-----------------
Za akukolvek pomoc vopred dakujem
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
svchost.exe vytazuje procesor na 100%
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119529
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: svchost.exe vytazuje procesor na 100%
Zdravím!
Na obou PC nejprve spusťte tuto utilitu:
Na obou PC nejprve spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: svchost.exe vytazuje procesor na 100%
Dakujem za rekaciu prikladam logy
1
# AdwCleaner v3.003 - Report created 12/09/2013 at 08:47:29
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : brazo - BRAZO_SERVIS_PC
# Running from : D:\Documents and Settings\brazo\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : D:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : D:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : D:\Program Files\optimizer pro
Folder Deleted : D:\Documents and Settings\brazo\Local Settings\Application Data\Conduit
Folder Deleted : D:\Documents and Settings\brazo\Local Settings\Application Data\cre
Folder Deleted : D:\Documents and Settings\brazo\Application Data\Babylon
[!] Folder Deleted : D:\Documents and Settings\brazo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\58ed788bc38bd13
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
-\\ Google Chrome v29.0.1547.66
[ File : D:\Documents and Settings\brazo\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3459 octets] - [12/09/2013 08:46:28]
AdwCleaner[S0].txt - [3398 octets] - [12/09/2013 08:47:29]
########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [3458 octets] ##########
2
# AdwCleaner v3.003 - Report created 12/09/2013 at 08:34:58
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - BRAZO_PC
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : Application Updater
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\pdfforge Toolbar
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Documents and Settings\Owner\Application Data\pdfforge
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
File Deleted : C:\WINDOWS\system32\Uninstall.exe
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-10.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-4.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-5.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-6.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-7.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-8.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-9.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BE7785D6-045F-44FB-A1E4-3FA555874415}
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v21.0 (sk)
[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\prefs.js ]
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.firstTbRun", false);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1378456023);
Line Deleted : user_pref("icqtoolbar.icqgeo", 4201);
Line Deleted : user_pref("icqtoolbar.installTime", "1376295472");
Line Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "21.0");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.uniqueID", "132359440814462387691376295472547");
Line Deleted : user_pref("icqtoolbar.version", "1.5.3");
*************************
AdwCleaner[R0].txt - [5891 octets] - [12/09/2013 08:34:07]
AdwCleaner[S0].txt - [5849 octets] - [12/09/2013 08:34:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5909 octets] ##########
1
# AdwCleaner v3.003 - Report created 12/09/2013 at 08:47:29
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : brazo - BRAZO_SERVIS_PC
# Running from : D:\Documents and Settings\brazo\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : D:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : D:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : D:\Program Files\optimizer pro
Folder Deleted : D:\Documents and Settings\brazo\Local Settings\Application Data\Conduit
Folder Deleted : D:\Documents and Settings\brazo\Local Settings\Application Data\cre
Folder Deleted : D:\Documents and Settings\brazo\Application Data\Babylon
[!] Folder Deleted : D:\Documents and Settings\brazo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\58ed788bc38bd13
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
-\\ Google Chrome v29.0.1547.66
[ File : D:\Documents and Settings\brazo\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3459 octets] - [12/09/2013 08:46:28]
AdwCleaner[S0].txt - [3398 octets] - [12/09/2013 08:47:29]
########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [3458 octets] ##########
2
# AdwCleaner v3.003 - Report created 12/09/2013 at 08:34:58
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - BRAZO_PC
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : Application Updater
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\pdfforge Toolbar
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Documents and Settings\Owner\Application Data\pdfforge
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
File Deleted : C:\WINDOWS\system32\Uninstall.exe
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-10.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-4.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-5.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-6.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-7.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-8.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\icqplugin-9.xml
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BE7785D6-045F-44FB-A1E4-3FA555874415}
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v21.0 (sk)
[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\prefs.js ]
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.firstTbRun", false);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1378456023);
Line Deleted : user_pref("icqtoolbar.icqgeo", 4201);
Line Deleted : user_pref("icqtoolbar.installTime", "1376295472");
Line Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "21.0");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.uniqueID", "132359440814462387691376295472547");
Line Deleted : user_pref("icqtoolbar.version", "1.5.3");
*************************
AdwCleaner[R0].txt - [5891 octets] - [12/09/2013 08:34:07]
AdwCleaner[S0].txt - [5849 octets] - [12/09/2013 08:34:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5909 octets] ##########
-
Rudy
- Site Admin
- Příspěvky: 119529
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: svchost.exe vytazuje procesor na 100%
Dejte nové logy RSIT z obou PC.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: svchost.exe vytazuje procesor na 100%
nech sa paci tuto to je
1
Logfile of random's system information tool 1.09 (written by random/random)
Run by brazo at 2013-09-12 08:57:25
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive D: has 205 GB (86%) free of 238 GB
Total RAM: 1527 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:57:40, on 12.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Microsoft Security Client\MsMpEng.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Samsung\Kies\KiesTrayAgent.exe
D:\Program Files\Microsoft Security Client\msseces.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Samsung\Kies\Kies.exe
D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\TeamViewer3\TeamViewer_Host.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\TeamViewer3\TeamViewer.exe
D:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\brazo\Desktop\RSIT.exe
D:\Program Files\trend micro\brazo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] D:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [MSC] "D:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KiesPreload] D:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] D:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvoriť mobilnú obľúbenú položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7958496656
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PandoraService (PanService) - Unknown owner - D:\Program Files\PANDORA.TV\PanService\PandoraService.exe (file missing)
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - D:\Program Files\TeamViewer3\TeamViewer_Host.exe
--
End of file - 6674 bytes
======Scheduled tasks folder======
D:\WINDOWS\tasks\Adobe Flash Player Updater.job
D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
D:\WINDOWS\tasks\MpIdleTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"SkyTel"=D:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=D:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"APSDaemon"=D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"KiesTrayAgent"=D:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2013-04-23 311152]
"MSC"=D:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20 995176]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2013-05-31 152392]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"KiesPreload"=D:\Program Files\Samsung\Kies\Kies.exe [2013-04-23 1561968]
"KiesAirMessage"=D:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup []
""=D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-05-08 844168]
"PC Suite Tray"=D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"H/PC Connection Agent"=D:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe"="D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager"
"D:\Program Files\TeamViewer3\TeamViewer.exe"="D:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"D:\Program Files\Yaho's Miranda IM\miranda32.exe"="D:\Program Files\Yaho's Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Program Files\Evik miranda\miranda32.exe"="D:\Program Files\Evik miranda\miranda32.exe:*:Enabled:Miranda IM"
"D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"D:\Documents and Settings\brazo\Application Data\uTorrent\uTorrent.exe"="D:\Documents and Settings\brazo\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"="D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="D:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"
"D:\Program Files\PANDORA.TV\PanService\PanProcess.exe"="D:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe"="D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager"
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"="D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-09-12 08:45:49 ----D---- D:\AdwCleaner
2013-09-11 14:55:44 ----D---- D:\rsit
2013-09-11 14:55:44 ----D---- D:\Program Files\trend micro
2013-09-11 14:27:11 ----SHD---- D:\RECYCLER
2013-09-11 14:27:08 ----D---- D:\Documents and Settings\All Users\Application Data\TEMP
2013-09-11 14:23:30 ----D---- D:\Program Files\Unlockroot Pro
2013-09-11 14:23:28 ----D---- D:\WINDOWS\system32\searchplugins
2013-09-11 14:23:28 ----D---- D:\WINDOWS\system32\Extensions
2013-09-11 14:23:27 ----D---- D:\Program Files\Mozilla Firefox
2013-09-11 14:22:31 ----D---- D:\WINDOWS\system32\MRT
2013-09-11 14:21:01 ----D---- D:\Documents and Settings\All Users\Application Data\Freemake
2013-09-11 14:21:00 ----D---- D:\Program Files\Freemake
2013-09-11 14:20:56 ----D---- D:\Documents and Settings\brazo\Application Data\Canneverbe Limited
2013-09-11 14:20:56 ----D---- D:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-09-11 11:35:45 ----D---- D:\RECYCLER(2)
2013-09-11 10:32:44 ----A---- D:\ComboFix.txt
2013-09-11 10:03:11 ----D---- D:\Qoobox
2013-09-11 10:02:56 ----D---- D:\WINDOWS\erdnt
2013-09-05 09:31:58 ----D---- D:\WINDOWS\Minidump
2013-09-02 11:23:04 ----A---- D:\WINDOWS\system32\WinUSBCoInstaller2.dll
2013-08-30 15:48:12 ----D---- D:\Program Files\Garmin
2013-08-30 15:48:10 ----D---- D:\Documents and Settings\brazo\Application Data\Garmin
2013-08-28 08:44:27 ----HDC---- D:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-23 15:07:30 ----D---- D:\Program Files\Unlockroot
2013-08-14 13:53:34 ----A---- D:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2013-08-14 13:53:25 ----D---- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 12:15:21 ----HDC---- D:\WINDOWS\$NtUninstallKB2862772$
2013-08-14 12:07:06 ----HDC---- D:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 12:06:56 ----HDC---- D:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 12:06:48 ----HDC---- D:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 12:06:34 ----HDC---- D:\WINDOWS\$NtUninstallKB2849470$
======List of files/folders modified in the last 1 month======
2013-09-12 08:52:53 ----A---- D:\WINDOWS\SchedLgU.Txt
2013-09-12 08:49:52 ----D---- D:\WINDOWS\Temp
2013-09-12 08:39:35 ----SD---- D:\WINDOWS\Tasks
2013-09-12 08:31:09 ----D---- D:\WINDOWS\system32\CatRoot2
2013-09-11 16:06:39 ----D---- D:\WINDOWS\system32\CatRoot
2013-09-11 15:11:17 ----D---- D:\WINDOWS\system32
2013-09-11 15:11:06 ----A---- D:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-11 15:07:30 ----RD---- D:\Program Files
2013-09-11 14:28:03 ----D---- D:\WINDOWS\system32\config
2013-09-11 14:27:47 ----D---- D:\WINDOWS\system32\wbem
2013-09-11 14:27:47 ----D---- D:\WINDOWS\Registration
2013-09-11 14:27:09 ----D---- D:\WINDOWS
2013-09-11 14:26:40 ----SHD---- D:\WINDOWS\Installer
2013-09-11 14:26:38 ----D---- D:\Program Files\Google
2013-09-11 14:26:15 ----D---- D:\Program Files\LGE Tool
2013-09-11 14:26:05 ----D---- D:\Program Files\SgTool
2013-09-11 14:25:55 ----D---- D:\Program Files\Z3X
2013-09-11 14:25:25 ----HD---- D:\WINDOWS\inf
2013-09-11 14:25:18 ----D---- D:\WINDOWS\system32\drivers
2013-09-11 14:24:23 ----D---- D:\Program Files\SPT
2013-09-11 14:23:10 ----D---- D:\Program Files\Microsoft Security Client
2013-09-11 14:23:10 ----D---- D:\Config.Msi
2013-09-11 14:22:21 ----RSHDC---- D:\WINDOWS\system32\dllcache
2013-09-11 14:21:43 ----D---- D:\WINDOWS\WinSxS
2013-09-11 14:21:05 ----D---- D:\Program Files\iTunes
2013-09-11 14:21:02 ----DC---- D:\WINDOWS\system32\DRVSTORE
2013-09-11 14:20:56 ----D---- D:\Program Files\CDBurnerXP
2013-09-11 14:20:55 ----D---- D:\WINDOWS\system32\drivers\umdf
2013-09-11 14:20:50 ----D---- D:\Program Files\TestImei
2013-09-11 14:19:40 ----RSD---- D:\WINDOWS\Fonts
2013-09-11 14:19:24 ----D---- D:\Program Files\Microsoft ActiveSync
2013-09-11 14:17:10 ----D---- D:\Documents and Settings\brazo\Application Data\uTorrent
2013-09-11 14:17:10 ----D---- D:\Documents and Settings\All Users\Application Data\Nokia
2013-09-11 14:16:40 ----D---- D:\Program Files\MetaTrader - One Financial
2013-09-11 14:15:37 ----HDC---- D:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-09-11 14:15:36 ----HDC---- D:\WINDOWS\$NtUninstallKB2850851$
2013-09-11 14:15:35 ----HDC---- D:\WINDOWS\$NtUninstallKB2845187$
2013-09-11 14:14:07 ----D---- D:\WINDOWS\system32\XPSViewer
2013-09-11 14:14:03 ----HDC---- D:\WINDOWS\$NtUninstallKB2846071$
2013-09-11 11:37:17 ----D---- D:\Program Files\DIFX
2013-09-11 11:34:43 ----D---- D:\WINDOWS\system32\Restore
2013-09-11 10:32:44 ----D---- D:\WINDOWS\Prefetch
2013-09-11 10:31:18 ----A---- D:\WINDOWS\system.ini
2013-09-11 10:31:10 ----D---- D:\WINDOWS\system32\drivers\etc
2013-09-11 10:28:05 ----D---- D:\WINDOWS\AppPatch
2013-09-11 10:28:02 ----D---- D:\Program Files\Common Files
2013-09-05 16:25:10 ----D---- D:\Program Files\The KMPlayer
2013-09-05 08:58:55 ----D---- D:\Documents and Settings\brazo\Application Data\EurekaLog
2013-08-30 09:48:07 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2013-08-27 10:43:33 ----D---- D:\Documents and Settings\brazo\Application Data\PC Suite
2013-08-15 09:22:32 ----RSD---- D:\WINDOWS\assembly
2013-08-15 09:22:32 ----D---- D:\WINDOWS\Microsoft.NET
2013-08-14 12:15:39 ----A---- D:\WINDOWS\system32\MRT.exe
2013-08-14 12:15:31 ----A---- D:\WINDOWS\imsins.BAK
2013-08-14 12:03:55 ----D---- D:\Program Files\iPod
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; D:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 irda;IrDA Protocol; D:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 StarOpen;StarOpen; D:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 Egatebus;Egatebus; D:\WINDOWS\system32\drivers\egatebus.sys [2003-12-19 11264]
R3 Egaterdr;Egaterdr; D:\WINDOWS\system32\drivers\egaterdr.sys [2003-12-19 10368]
R3 FTDIBUS;USB Serial Converter Driver; D:\WINDOWS\system32\drivers\ftdibus.sys [2010-03-28 57800]
R3 FTSER2K;USB Serial Port Driver; D:\WINDOWS\system32\drivers\ftser2k.sys [2010-03-28 72520]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 irsir;Microsoft Serial Infrared Driver; D:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 R5BaseSmc;USB Token Holder Service; D:\WINDOWS\system32\DRIVERS\smccard.sys [2004-09-28 12800]
R3 Rasirda;WAN Miniport (IrDA); D:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 token;USB Token Service; D:\WINDOWS\system32\DRIVERS\eps2kt1.sys [2004-10-14 21888]
R3 usbstor;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; D:\WINDOWS\System32\Drivers\ssadadb.sys [2013-04-03 32064]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-04-03 83864]
S3 Egatecard;Egatecard; D:\WINDOWS\System32\Drivers\egate.sys [2003-12-19 13312]
S3 FlashUSB;FlashUSB; D:\WINDOWS\system32\DRIVERS\FlashUSB.sys [2013-04-03 16384]
S3 ggflt;SEMC USB Flash Driver Filter; D:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
S3 ggsemc;SEMC USB Flash Driver; D:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-04-06 25512]
S3 HTCAND32;HTC Device Driver; D:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 Netaapl;Apple Mobile Device Ethernet Service; D:\WINDOWS\system32\DRIVERS\netaapl.sys [2012-09-10 18432]
S3 nmwcd;Nokia USB Phone Parent Driver; D:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; D:\WINDOWS\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; D:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 ntportio;ntportio; \??\E:\!GSM!\Ericsson\USB_SMRAD\SEMC_Tool_v87\ntportio.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 riffbox;RIFFBOX_2010; D:\WINDOWS\system32\DRIVERS\riffbox.sys [2010-05-04 27648]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); D:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 SamUsb;MTBox Device; D:\WINDOWS\System32\Drivers\mtbox.sys [2005-09-07 31452]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); D:\WINDOWS\system32\DRIVERS\ss_bus.sys [2013-04-03 98560]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; D:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2013-04-03 14848]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; D:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2013-04-03 123776]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); D:\WINDOWS\system32\DRIVERS\ssadbus.sys [2013-04-03 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); D:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2013-04-03 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; D:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2013-04-03 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); D:\WINDOWS\system32\DRIVERS\ssadserd.sys [2013-04-03 130248]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); D:\WINDOWS\system32\DRIVERS\sscdbus.sys [2013-04-03 136776]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; D:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2013-04-03 17864]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; D:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2013-04-03 153672]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); D:\WINDOWS\system32\DRIVERS\sscebus.sys [2013-04-03 136904]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; D:\WINDOWS\system32\DRIVERS\sscemdfl.sys [2013-04-03 17864]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; D:\WINDOWS\system32\DRIVERS\sscemdm.sys [2013-04-03 153672]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); D:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2013-04-03 104448]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; D:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2013-04-03 14848]
S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers; D:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2013-04-03 132608]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-04-03 181912]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudobex.sys [2013-04-03 181912]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudserd.sys [2013-04-03 181912]
S3 UFS2XX;UFS2XX.SYS UFS2 device driver; D:\WINDOWS\system32\drivers\UFS2XX.sys [2007-06-27 53184]
S3 UIUSys;Conexant Setup API; D:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2012-12-13 45056]
S3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; D:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSMARTPrj;USB Smart device driver; D:\WINDOWS\System32\Drivers\UsbSmart.sys [2005-09-15 7680]
S3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WinUSB;SAMSUNG Android USB Driver; D:\WINDOWS\system32\DRIVERS\WinUSB.sys [2009-07-13 34944]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 HTCMonitorService;HTCMonitorService; D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
R2 MsMpSvc;Microsoft Antimalware Service; D:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-06-20 22208]
R2 TeamViewer;TeamViewer 3; D:\Program Files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 181544]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2013-05-31 553288]
R3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-14 116648]
S2 Irmon;Infrared Monitor; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 PanService;PandoraService; D:\Program Files\PANDORA.TV\PanService\PandoraService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11 257416]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-14 116648]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-10 117144]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-16 755880]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
2
Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2013-09-12 08:43:31
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 98 GB (83%) free of 118 GB
Total RAM: 1983 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:43:41, on 12.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
C:\Program Files\trend micro\Owner.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... R}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8104210351
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8104613109
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 5515 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =302398&p="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
C:\Program Files\Mozilla Firefox\plugins\
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\extensions\
{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
yahoo.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-11 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-11-04 163840]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-11-08 6756048]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-07-18 995184]
""= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Yaho's Miranda Pack\miranda32.exe"="D:\Yaho's Miranda Pack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Yaho's Miranda Pack\miranda32.exe"="C:\Program Files\Yaho's Miranda Pack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-09-12 08:34:01 ----D---- C:\AdwCleaner
2013-09-11 13:47:59 ----SHD---- C:\Config.Msi
2013-09-11 13:47:57 ----D---- C:\WINDOWS\Temp28A9947D-D6DA-4348-4C06-70CB8ACA65B9-Signatures
2013-09-11 12:13:18 ----D---- C:\Program Files\Mozilla Firefox
2013-09-11 12:06:21 ----SHD---- C:\RECYCLER
2013-09-11 11:51:31 ----D---- C:\Program Files\trend micro
2013-09-11 11:51:30 ----D---- C:\rsit
2013-09-11 10:41:45 ----D---- C:\WINDOWS\temp
2013-09-11 10:41:43 ----A---- C:\ComboFix.txt
2013-09-11 10:31:33 ----A---- C:\Boot.bak
2013-09-11 10:31:28 ----D---- C:\cmdcons
2013-09-11 09:54:29 ----D---- C:\Qoobox
2013-09-11 09:53:44 ----D---- C:\WINDOWS\erdnt
2013-09-05 08:48:37 ----D---- C:\Program Files\Application Updater(2)
2013-09-05 08:48:35 ----D---- C:\Program Files\pdfforge Toolbar(2)
2013-09-05 08:48:35 ----D---- C:\Program Files\Common Files\Spigot(2)
2013-08-28 11:58:12 ----DC---- C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2013-08-14 12:11:44 ----DC---- C:\WINDOWS\$NtUninstallKB2862772$
2013-08-14 12:04:36 ----DC---- C:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 12:04:23 ----DC---- C:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 12:04:13 ----DC---- C:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 12:04:02 ----DC---- C:\WINDOWS\$NtUninstallKB2849470$
======List of files/folders modified in the last 1 month======
2013-09-12 08:43:38 ----D---- C:\WINDOWS\Prefetch
2013-09-12 08:41:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-09-12 08:41:25 ----D---- C:\WINDOWS\system32
2013-09-12 08:41:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-12 08:35:00 ----RD---- C:\Program Files
2013-09-12 08:33:16 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-11 16:43:22 ----D---- C:\Omega
2013-09-11 16:43:17 ----A---- C:\WINDOWS\gsm.ini
2013-09-11 16:22:01 ----SD---- C:\WINDOWS\Tasks
2013-09-11 14:01:30 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-11 13:52:53 ----D---- C:\WINDOWS
2013-09-11 13:49:41 ----D---- C:\Program Files\Microsoft Security Client
2013-09-11 13:49:40 ----SHD---- C:\WINDOWS\Installer
2013-09-11 13:49:15 ----HD---- C:\WINDOWS\inf
2013-09-11 13:49:15 ----D---- C:\WINDOWS\system32\drivers
2013-09-11 13:49:15 ----D---- C:\WINDOWS\system32\CatRoot
2013-09-11 12:14:19 ----D---- C:\WINDOWS\system32\config
2013-09-11 12:14:04 ----D---- C:\WINDOWS\system32\wbem
2013-09-11 12:14:03 ----D---- C:\WINDOWS\Registration
2013-09-11 12:13:11 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-09-11 12:12:36 ----DC---- C:\WINDOWS\$NtUninstallKB2846071$
2013-09-11 12:12:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-11 12:12:32 ----D---- C:\WINDOWS\WinSxS
2013-09-11 12:11:20 ----DC---- C:\WINDOWS\$NtUninstallKB2845187$
2013-09-11 12:11:20 ----DC---- C:\WINDOWS\$NtUninstallKB2803821_WM9$
2013-09-11 12:11:19 ----DC---- C:\WINDOWS\$NtUninstallKB2850851$
2013-09-11 12:09:52 ----D---- C:\Program Files\Common Files
2013-09-11 12:05:47 ----D---- C:\WINDOWS\system32\Restore
2013-09-11 10:40:13 ----A---- C:\WINDOWS\system.ini
2013-09-11 10:38:06 ----D---- C:\WINDOWS\AppPatch
2013-09-11 10:04:26 ----D---- C:\WINDOWS\system32\drivers\etc
2013-08-14 14:03:30 ----D---- C:\WINDOWS\assembly
2013-08-14 13:59:19 ----D---- C:\WINDOWS\Microsoft.NET
2013-08-14 12:11:58 ----A---- C:\WINDOWS\imsins.BAK
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-11-08 99080]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-11-08 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-11-08 32640]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2010-06-25 47104]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\WINDOWS\system32\DRIVERS\silabenm.sys [2007-09-06 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\WINDOWS\system32\DRIVERS\silabser.sys [2007-09-06 58368]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-02-11 244352]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2010-06-25 47104]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 mvusbews;USB EWS Device; C:\WINDOWS\System32\Drivers\mvusbews.sys [2011-04-15 17408]
S3 slabbus;CP2101 USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-11-08 1990464]
R2 HPSIService;HP SI Service; C:\WINDOWS\system32\HPSIsvc.exe [2011-05-18 99896]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-07-18 22216]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11 257416]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-20 117144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
-----------------EOF-----------------
problem stale pretrvava
1
Logfile of random's system information tool 1.09 (written by random/random)
Run by brazo at 2013-09-12 08:57:25
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive D: has 205 GB (86%) free of 238 GB
Total RAM: 1527 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:57:40, on 12.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Microsoft Security Client\MsMpEng.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Samsung\Kies\KiesTrayAgent.exe
D:\Program Files\Microsoft Security Client\msseces.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Samsung\Kies\Kies.exe
D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\TeamViewer3\TeamViewer_Host.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\TeamViewer3\TeamViewer.exe
D:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\brazo\Desktop\RSIT.exe
D:\Program Files\trend micro\brazo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] D:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [MSC] "D:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KiesPreload] D:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] D:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvoriť mobilnú obľúbenú položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7958496656
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PandoraService (PanService) - Unknown owner - D:\Program Files\PANDORA.TV\PanService\PandoraService.exe (file missing)
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - D:\Program Files\TeamViewer3\TeamViewer_Host.exe
--
End of file - 6674 bytes
======Scheduled tasks folder======
D:\WINDOWS\tasks\Adobe Flash Player Updater.job
D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
D:\WINDOWS\tasks\MpIdleTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"SkyTel"=D:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=D:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"APSDaemon"=D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"KiesTrayAgent"=D:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2013-04-23 311152]
"MSC"=D:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20 995176]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2013-05-31 152392]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"KiesPreload"=D:\Program Files\Samsung\Kies\Kies.exe [2013-04-23 1561968]
"KiesAirMessage"=D:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup []
""=D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-05-08 844168]
"PC Suite Tray"=D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"H/PC Connection Agent"=D:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe"="D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager"
"D:\Program Files\TeamViewer3\TeamViewer.exe"="D:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"D:\Program Files\Yaho's Miranda IM\miranda32.exe"="D:\Program Files\Yaho's Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Program Files\Evik miranda\miranda32.exe"="D:\Program Files\Evik miranda\miranda32.exe:*:Enabled:Miranda IM"
"D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"D:\Documents and Settings\brazo\Application Data\uTorrent\uTorrent.exe"="D:\Documents and Settings\brazo\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"="D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="D:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"
"D:\Program Files\PANDORA.TV\PanService\PanProcess.exe"="D:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe"="D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager"
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"="D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-09-12 08:45:49 ----D---- D:\AdwCleaner
2013-09-11 14:55:44 ----D---- D:\rsit
2013-09-11 14:55:44 ----D---- D:\Program Files\trend micro
2013-09-11 14:27:11 ----SHD---- D:\RECYCLER
2013-09-11 14:27:08 ----D---- D:\Documents and Settings\All Users\Application Data\TEMP
2013-09-11 14:23:30 ----D---- D:\Program Files\Unlockroot Pro
2013-09-11 14:23:28 ----D---- D:\WINDOWS\system32\searchplugins
2013-09-11 14:23:28 ----D---- D:\WINDOWS\system32\Extensions
2013-09-11 14:23:27 ----D---- D:\Program Files\Mozilla Firefox
2013-09-11 14:22:31 ----D---- D:\WINDOWS\system32\MRT
2013-09-11 14:21:01 ----D---- D:\Documents and Settings\All Users\Application Data\Freemake
2013-09-11 14:21:00 ----D---- D:\Program Files\Freemake
2013-09-11 14:20:56 ----D---- D:\Documents and Settings\brazo\Application Data\Canneverbe Limited
2013-09-11 14:20:56 ----D---- D:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-09-11 11:35:45 ----D---- D:\RECYCLER(2)
2013-09-11 10:32:44 ----A---- D:\ComboFix.txt
2013-09-11 10:03:11 ----D---- D:\Qoobox
2013-09-11 10:02:56 ----D---- D:\WINDOWS\erdnt
2013-09-05 09:31:58 ----D---- D:\WINDOWS\Minidump
2013-09-02 11:23:04 ----A---- D:\WINDOWS\system32\WinUSBCoInstaller2.dll
2013-08-30 15:48:12 ----D---- D:\Program Files\Garmin
2013-08-30 15:48:10 ----D---- D:\Documents and Settings\brazo\Application Data\Garmin
2013-08-28 08:44:27 ----HDC---- D:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-23 15:07:30 ----D---- D:\Program Files\Unlockroot
2013-08-14 13:53:34 ----A---- D:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2013-08-14 13:53:25 ----D---- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 12:15:21 ----HDC---- D:\WINDOWS\$NtUninstallKB2862772$
2013-08-14 12:07:06 ----HDC---- D:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 12:06:56 ----HDC---- D:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 12:06:48 ----HDC---- D:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 12:06:34 ----HDC---- D:\WINDOWS\$NtUninstallKB2849470$
======List of files/folders modified in the last 1 month======
2013-09-12 08:52:53 ----A---- D:\WINDOWS\SchedLgU.Txt
2013-09-12 08:49:52 ----D---- D:\WINDOWS\Temp
2013-09-12 08:39:35 ----SD---- D:\WINDOWS\Tasks
2013-09-12 08:31:09 ----D---- D:\WINDOWS\system32\CatRoot2
2013-09-11 16:06:39 ----D---- D:\WINDOWS\system32\CatRoot
2013-09-11 15:11:17 ----D---- D:\WINDOWS\system32
2013-09-11 15:11:06 ----A---- D:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-11 15:07:30 ----RD---- D:\Program Files
2013-09-11 14:28:03 ----D---- D:\WINDOWS\system32\config
2013-09-11 14:27:47 ----D---- D:\WINDOWS\system32\wbem
2013-09-11 14:27:47 ----D---- D:\WINDOWS\Registration
2013-09-11 14:27:09 ----D---- D:\WINDOWS
2013-09-11 14:26:40 ----SHD---- D:\WINDOWS\Installer
2013-09-11 14:26:38 ----D---- D:\Program Files\Google
2013-09-11 14:26:15 ----D---- D:\Program Files\LGE Tool
2013-09-11 14:26:05 ----D---- D:\Program Files\SgTool
2013-09-11 14:25:55 ----D---- D:\Program Files\Z3X
2013-09-11 14:25:25 ----HD---- D:\WINDOWS\inf
2013-09-11 14:25:18 ----D---- D:\WINDOWS\system32\drivers
2013-09-11 14:24:23 ----D---- D:\Program Files\SPT
2013-09-11 14:23:10 ----D---- D:\Program Files\Microsoft Security Client
2013-09-11 14:23:10 ----D---- D:\Config.Msi
2013-09-11 14:22:21 ----RSHDC---- D:\WINDOWS\system32\dllcache
2013-09-11 14:21:43 ----D---- D:\WINDOWS\WinSxS
2013-09-11 14:21:05 ----D---- D:\Program Files\iTunes
2013-09-11 14:21:02 ----DC---- D:\WINDOWS\system32\DRVSTORE
2013-09-11 14:20:56 ----D---- D:\Program Files\CDBurnerXP
2013-09-11 14:20:55 ----D---- D:\WINDOWS\system32\drivers\umdf
2013-09-11 14:20:50 ----D---- D:\Program Files\TestImei
2013-09-11 14:19:40 ----RSD---- D:\WINDOWS\Fonts
2013-09-11 14:19:24 ----D---- D:\Program Files\Microsoft ActiveSync
2013-09-11 14:17:10 ----D---- D:\Documents and Settings\brazo\Application Data\uTorrent
2013-09-11 14:17:10 ----D---- D:\Documents and Settings\All Users\Application Data\Nokia
2013-09-11 14:16:40 ----D---- D:\Program Files\MetaTrader - One Financial
2013-09-11 14:15:37 ----HDC---- D:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-09-11 14:15:36 ----HDC---- D:\WINDOWS\$NtUninstallKB2850851$
2013-09-11 14:15:35 ----HDC---- D:\WINDOWS\$NtUninstallKB2845187$
2013-09-11 14:14:07 ----D---- D:\WINDOWS\system32\XPSViewer
2013-09-11 14:14:03 ----HDC---- D:\WINDOWS\$NtUninstallKB2846071$
2013-09-11 11:37:17 ----D---- D:\Program Files\DIFX
2013-09-11 11:34:43 ----D---- D:\WINDOWS\system32\Restore
2013-09-11 10:32:44 ----D---- D:\WINDOWS\Prefetch
2013-09-11 10:31:18 ----A---- D:\WINDOWS\system.ini
2013-09-11 10:31:10 ----D---- D:\WINDOWS\system32\drivers\etc
2013-09-11 10:28:05 ----D---- D:\WINDOWS\AppPatch
2013-09-11 10:28:02 ----D---- D:\Program Files\Common Files
2013-09-05 16:25:10 ----D---- D:\Program Files\The KMPlayer
2013-09-05 08:58:55 ----D---- D:\Documents and Settings\brazo\Application Data\EurekaLog
2013-08-30 09:48:07 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2013-08-27 10:43:33 ----D---- D:\Documents and Settings\brazo\Application Data\PC Suite
2013-08-15 09:22:32 ----RSD---- D:\WINDOWS\assembly
2013-08-15 09:22:32 ----D---- D:\WINDOWS\Microsoft.NET
2013-08-14 12:15:39 ----A---- D:\WINDOWS\system32\MRT.exe
2013-08-14 12:15:31 ----A---- D:\WINDOWS\imsins.BAK
2013-08-14 12:03:55 ----D---- D:\Program Files\iPod
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; D:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 irda;IrDA Protocol; D:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 StarOpen;StarOpen; D:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 Egatebus;Egatebus; D:\WINDOWS\system32\drivers\egatebus.sys [2003-12-19 11264]
R3 Egaterdr;Egaterdr; D:\WINDOWS\system32\drivers\egaterdr.sys [2003-12-19 10368]
R3 FTDIBUS;USB Serial Converter Driver; D:\WINDOWS\system32\drivers\ftdibus.sys [2010-03-28 57800]
R3 FTSER2K;USB Serial Port Driver; D:\WINDOWS\system32\drivers\ftser2k.sys [2010-03-28 72520]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 irsir;Microsoft Serial Infrared Driver; D:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 R5BaseSmc;USB Token Holder Service; D:\WINDOWS\system32\DRIVERS\smccard.sys [2004-09-28 12800]
R3 Rasirda;WAN Miniport (IrDA); D:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 token;USB Token Service; D:\WINDOWS\system32\DRIVERS\eps2kt1.sys [2004-10-14 21888]
R3 usbstor;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; D:\WINDOWS\System32\Drivers\ssadadb.sys [2013-04-03 32064]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-04-03 83864]
S3 Egatecard;Egatecard; D:\WINDOWS\System32\Drivers\egate.sys [2003-12-19 13312]
S3 FlashUSB;FlashUSB; D:\WINDOWS\system32\DRIVERS\FlashUSB.sys [2013-04-03 16384]
S3 ggflt;SEMC USB Flash Driver Filter; D:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
S3 ggsemc;SEMC USB Flash Driver; D:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-04-06 25512]
S3 HTCAND32;HTC Device Driver; D:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 Netaapl;Apple Mobile Device Ethernet Service; D:\WINDOWS\system32\DRIVERS\netaapl.sys [2012-09-10 18432]
S3 nmwcd;Nokia USB Phone Parent Driver; D:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; D:\WINDOWS\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; D:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 ntportio;ntportio; \??\E:\!GSM!\Ericsson\USB_SMRAD\SEMC_Tool_v87\ntportio.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 riffbox;RIFFBOX_2010; D:\WINDOWS\system32\DRIVERS\riffbox.sys [2010-05-04 27648]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); D:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 SamUsb;MTBox Device; D:\WINDOWS\System32\Drivers\mtbox.sys [2005-09-07 31452]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); D:\WINDOWS\system32\DRIVERS\ss_bus.sys [2013-04-03 98560]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; D:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2013-04-03 14848]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; D:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2013-04-03 123776]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); D:\WINDOWS\system32\DRIVERS\ssadbus.sys [2013-04-03 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); D:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2013-04-03 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; D:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2013-04-03 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); D:\WINDOWS\system32\DRIVERS\ssadserd.sys [2013-04-03 130248]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); D:\WINDOWS\system32\DRIVERS\sscdbus.sys [2013-04-03 136776]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; D:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2013-04-03 17864]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; D:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2013-04-03 153672]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); D:\WINDOWS\system32\DRIVERS\sscebus.sys [2013-04-03 136904]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; D:\WINDOWS\system32\DRIVERS\sscemdfl.sys [2013-04-03 17864]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; D:\WINDOWS\system32\DRIVERS\sscemdm.sys [2013-04-03 153672]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); D:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2013-04-03 104448]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; D:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2013-04-03 14848]
S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers; D:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2013-04-03 132608]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-04-03 181912]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudobex.sys [2013-04-03 181912]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudserd.sys [2013-04-03 181912]
S3 UFS2XX;UFS2XX.SYS UFS2 device driver; D:\WINDOWS\system32\drivers\UFS2XX.sys [2007-06-27 53184]
S3 UIUSys;Conexant Setup API; D:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2012-12-13 45056]
S3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; D:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSMARTPrj;USB Smart device driver; D:\WINDOWS\System32\Drivers\UsbSmart.sys [2005-09-15 7680]
S3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WinUSB;SAMSUNG Android USB Driver; D:\WINDOWS\system32\DRIVERS\WinUSB.sys [2009-07-13 34944]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 HTCMonitorService;HTCMonitorService; D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
R2 MsMpSvc;Microsoft Antimalware Service; D:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-06-20 22208]
R2 TeamViewer;TeamViewer 3; D:\Program Files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 181544]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2013-05-31 553288]
R3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-14 116648]
S2 Irmon;Infrared Monitor; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 PanService;PandoraService; D:\Program Files\PANDORA.TV\PanService\PandoraService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11 257416]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-14 116648]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-10 117144]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-16 755880]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
2
Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2013-09-12 08:43:31
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 98 GB (83%) free of 118 GB
Total RAM: 1983 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:43:41, on 12.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
C:\Program Files\trend micro\Owner.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... R}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8104210351
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8104613109
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 5515 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =302398&p="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
C:\Program Files\Mozilla Firefox\plugins\
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\extensions\
{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
yahoo.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-11 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-11-04 163840]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-11-08 6756048]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-07-18 995184]
""= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Yaho's Miranda Pack\miranda32.exe"="D:\Yaho's Miranda Pack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Yaho's Miranda Pack\miranda32.exe"="C:\Program Files\Yaho's Miranda Pack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-09-12 08:34:01 ----D---- C:\AdwCleaner
2013-09-11 13:47:59 ----SHD---- C:\Config.Msi
2013-09-11 13:47:57 ----D---- C:\WINDOWS\Temp28A9947D-D6DA-4348-4C06-70CB8ACA65B9-Signatures
2013-09-11 12:13:18 ----D---- C:\Program Files\Mozilla Firefox
2013-09-11 12:06:21 ----SHD---- C:\RECYCLER
2013-09-11 11:51:31 ----D---- C:\Program Files\trend micro
2013-09-11 11:51:30 ----D---- C:\rsit
2013-09-11 10:41:45 ----D---- C:\WINDOWS\temp
2013-09-11 10:41:43 ----A---- C:\ComboFix.txt
2013-09-11 10:31:33 ----A---- C:\Boot.bak
2013-09-11 10:31:28 ----D---- C:\cmdcons
2013-09-11 09:54:29 ----D---- C:\Qoobox
2013-09-11 09:53:44 ----D---- C:\WINDOWS\erdnt
2013-09-05 08:48:37 ----D---- C:\Program Files\Application Updater(2)
2013-09-05 08:48:35 ----D---- C:\Program Files\pdfforge Toolbar(2)
2013-09-05 08:48:35 ----D---- C:\Program Files\Common Files\Spigot(2)
2013-08-28 11:58:12 ----DC---- C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2013-08-14 12:11:44 ----DC---- C:\WINDOWS\$NtUninstallKB2862772$
2013-08-14 12:04:36 ----DC---- C:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 12:04:23 ----DC---- C:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 12:04:13 ----DC---- C:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 12:04:02 ----DC---- C:\WINDOWS\$NtUninstallKB2849470$
======List of files/folders modified in the last 1 month======
2013-09-12 08:43:38 ----D---- C:\WINDOWS\Prefetch
2013-09-12 08:41:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-09-12 08:41:25 ----D---- C:\WINDOWS\system32
2013-09-12 08:41:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-12 08:35:00 ----RD---- C:\Program Files
2013-09-12 08:33:16 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-11 16:43:22 ----D---- C:\Omega
2013-09-11 16:43:17 ----A---- C:\WINDOWS\gsm.ini
2013-09-11 16:22:01 ----SD---- C:\WINDOWS\Tasks
2013-09-11 14:01:30 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-11 13:52:53 ----D---- C:\WINDOWS
2013-09-11 13:49:41 ----D---- C:\Program Files\Microsoft Security Client
2013-09-11 13:49:40 ----SHD---- C:\WINDOWS\Installer
2013-09-11 13:49:15 ----HD---- C:\WINDOWS\inf
2013-09-11 13:49:15 ----D---- C:\WINDOWS\system32\drivers
2013-09-11 13:49:15 ----D---- C:\WINDOWS\system32\CatRoot
2013-09-11 12:14:19 ----D---- C:\WINDOWS\system32\config
2013-09-11 12:14:04 ----D---- C:\WINDOWS\system32\wbem
2013-09-11 12:14:03 ----D---- C:\WINDOWS\Registration
2013-09-11 12:13:11 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-09-11 12:12:36 ----DC---- C:\WINDOWS\$NtUninstallKB2846071$
2013-09-11 12:12:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-11 12:12:32 ----D---- C:\WINDOWS\WinSxS
2013-09-11 12:11:20 ----DC---- C:\WINDOWS\$NtUninstallKB2845187$
2013-09-11 12:11:20 ----DC---- C:\WINDOWS\$NtUninstallKB2803821_WM9$
2013-09-11 12:11:19 ----DC---- C:\WINDOWS\$NtUninstallKB2850851$
2013-09-11 12:09:52 ----D---- C:\Program Files\Common Files
2013-09-11 12:05:47 ----D---- C:\WINDOWS\system32\Restore
2013-09-11 10:40:13 ----A---- C:\WINDOWS\system.ini
2013-09-11 10:38:06 ----D---- C:\WINDOWS\AppPatch
2013-09-11 10:04:26 ----D---- C:\WINDOWS\system32\drivers\etc
2013-08-14 14:03:30 ----D---- C:\WINDOWS\assembly
2013-08-14 13:59:19 ----D---- C:\WINDOWS\Microsoft.NET
2013-08-14 12:11:58 ----A---- C:\WINDOWS\imsins.BAK
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-11-08 99080]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-11-08 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-11-08 32640]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2010-06-25 47104]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\WINDOWS\system32\DRIVERS\silabenm.sys [2007-09-06 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\WINDOWS\system32\DRIVERS\silabser.sys [2007-09-06 58368]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-02-11 244352]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2010-06-25 47104]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 mvusbews;USB EWS Device; C:\WINDOWS\System32\Drivers\mvusbews.sys [2011-04-15 17408]
S3 slabbus;CP2101 USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-11-08 1990464]
R2 HPSIService;HP SI Service; C:\WINDOWS\system32\HPSIsvc.exe [2011-05-18 99896]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-07-18 22216]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11 257416]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-20 117144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
-----------------EOF-----------------
problem stale pretrvava
-
Rudy
- Site Admin
- Příspěvky: 119529
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: svchost.exe vytazuje procesor na 100%
PC1:
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
----------------------------------------------------------------------------------------------------------------------
PC2:
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.:files
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
:commands
[Purity]
[Emptytemp]
[Emptyflash]
----------------------------------------------------------------------------------------------------------------------
PC2:
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.:files
C:\Program Files\pdfforge Toolbar(2)
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: svchost.exe vytazuje procesor na 100%
PC1
All processes killed
========== FILES ==========
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: brazo
->Temp folder emptied: 7604188 bytes
->Temporary Internet Files folder emptied: 7295076 bytes
->Google Chrome cache emptied: 138477360 bytes
->Flash cache emptied: 3922 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 63602 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 577456 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1251 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 149,00 mb
[EMPTYFLASH]
User: All Users
User: brazo
->Flash cache emptied: 0 bytes
User: Default User
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 09132013_085310
Files moved on Reboot...
D:\WINDOWS\temp\TMP00000001CE2858036140C038 moved successfully.
Registry entries deleted on Reboot...
Logfile of random's system information tool 1.09 (written by random/random)
Run by brazo at 2013-09-13 10:02:21
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive D: has 204 GB (86%) free of 238 GB
Total RAM: 1527 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:02:26, on 13.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Microsoft Security Client\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Samsung\Kies\KiesTrayAgent.exe
D:\Program Files\Microsoft Security Client\msseces.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Samsung\Kies\Kies.exe
D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TeamViewer3\TeamViewer_Host.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\brazo\Desktop\RSIT.exe
D:\Program Files\trend micro\brazo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] D:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [MSC] "D:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KiesPreload] D:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] D:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvoriť mobilnú obľúbenú položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7958496656
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PandoraService (PanService) - Unknown owner - D:\Program Files\PANDORA.TV\PanService\PandoraService.exe (file missing)
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - D:\Program Files\TeamViewer3\TeamViewer_Host.exe
--
End of file - 6379 bytes
======Scheduled tasks folder======
D:\WINDOWS\tasks\Adobe Flash Player Updater.job
D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
D:\WINDOWS\tasks\MpIdleTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"SkyTel"=D:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=D:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"APSDaemon"=D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"KiesTrayAgent"=D:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2013-04-23 311152]
"MSC"=D:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20 995176]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2013-05-31 152392]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"KiesPreload"=D:\Program Files\Samsung\Kies\Kies.exe [2013-04-23 1561968]
"KiesAirMessage"=D:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup []
""=D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-05-08 844168]
"PC Suite Tray"=D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"H/PC Connection Agent"=D:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe"="D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager"
"D:\Program Files\TeamViewer3\TeamViewer.exe"="D:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"D:\Program Files\Yaho's Miranda IM\miranda32.exe"="D:\Program Files\Yaho's Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Program Files\Evik miranda\miranda32.exe"="D:\Program Files\Evik miranda\miranda32.exe:*:Enabled:Miranda IM"
"D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"D:\Documents and Settings\brazo\Application Data\uTorrent\uTorrent.exe"="D:\Documents and Settings\brazo\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"="D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="D:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"
"D:\Program Files\PANDORA.TV\PanService\PanProcess.exe"="D:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe"="D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager"
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"="D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-09-13 09:55:16 ----HDC---- D:\WINDOWS\$NtUninstallKB2870699$
2013-09-13 09:36:10 ----HDC---- D:\WINDOWS\$NtUninstallKB2876315$
2013-09-13 09:32:16 ----HDC---- D:\WINDOWS\$NtUninstallKB2876217$
2013-09-13 09:28:01 ----HDC---- D:\WINDOWS\$NtUninstallKB2864063$
2013-09-13 08:53:10 ----D---- D:\_OTM
2013-09-12 08:45:49 ----D---- D:\AdwCleaner
2013-09-11 14:55:44 ----D---- D:\rsit
2013-09-11 14:55:44 ----D---- D:\Program Files\trend micro
2013-09-11 14:27:11 ----SHD---- D:\RECYCLER
2013-09-11 14:27:08 ----D---- D:\Documents and Settings\All Users\Application Data\TEMP
2013-09-11 14:23:30 ----D---- D:\Program Files\Unlockroot Pro
2013-09-11 14:23:28 ----D---- D:\WINDOWS\system32\searchplugins
2013-09-11 14:23:28 ----D---- D:\WINDOWS\system32\Extensions
2013-09-11 14:23:27 ----D---- D:\Program Files\Mozilla Firefox
2013-09-11 14:22:31 ----D---- D:\WINDOWS\system32\MRT
2013-09-11 14:21:01 ----D---- D:\Documents and Settings\All Users\Application Data\Freemake
2013-09-11 14:21:00 ----D---- D:\Program Files\Freemake
2013-09-11 14:20:56 ----D---- D:\Documents and Settings\brazo\Application Data\Canneverbe Limited
2013-09-11 14:20:56 ----D---- D:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-09-11 11:35:45 ----D---- D:\RECYCLER(2)
2013-09-11 10:32:44 ----A---- D:\ComboFix.txt
2013-09-11 10:03:11 ----D---- D:\Qoobox
2013-09-11 10:02:56 ----D---- D:\WINDOWS\erdnt
2013-09-05 09:31:58 ----D---- D:\WINDOWS\Minidump
2013-09-02 11:23:04 ----A---- D:\WINDOWS\system32\WinUSBCoInstaller2.dll
2013-08-30 15:48:12 ----D---- D:\Program Files\Garmin
2013-08-30 15:48:10 ----D---- D:\Documents and Settings\brazo\Application Data\Garmin
2013-08-28 08:44:27 ----HDC---- D:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-23 15:07:30 ----D---- D:\Program Files\Unlockroot
2013-08-14 13:53:34 ----A---- D:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2013-08-14 13:53:25 ----D---- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 12:15:21 ----HDC---- D:\WINDOWS\$NtUninstallKB2862772$
2013-08-14 12:07:06 ----HDC---- D:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 12:06:56 ----HDC---- D:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 12:06:48 ----HDC---- D:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 12:06:34 ----HDC---- D:\WINDOWS\$NtUninstallKB2849470$
======List of files/folders modified in the last 1 month======
2013-09-13 10:01:58 ----D---- D:\WINDOWS\system32\CatRoot2
2013-09-13 10:01:57 ----D---- D:\WINDOWS\Temp
2013-09-13 10:00:48 ----D---- D:\WINDOWS
2013-09-13 10:00:07 ----D---- D:\WINDOWS\system32
2013-09-13 09:59:20 ----A---- D:\WINDOWS\SchedLgU.Txt
2013-09-13 09:55:33 ----HD---- D:\WINDOWS\inf
2013-09-13 09:55:26 ----RSHDC---- D:\WINDOWS\system32\dllcache
2013-09-13 09:50:26 ----SD---- D:\WINDOWS\Tasks
2013-09-13 09:38:08 ----A---- D:\WINDOWS\imsins.BAK
2013-09-13 09:12:19 ----A---- D:\WINDOWS\system32\MRT.exe
2013-09-12 14:51:25 ----D---- D:\Program Files\The KMPlayer
2013-09-11 16:06:39 ----D---- D:\WINDOWS\system32\CatRoot
2013-09-11 15:11:06 ----A---- D:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-11 15:07:30 ----RD---- D:\Program Files
2013-09-11 14:28:03 ----D---- D:\WINDOWS\system32\config
2013-09-11 14:27:47 ----D---- D:\WINDOWS\system32\wbem
2013-09-11 14:27:47 ----D---- D:\WINDOWS\Registration
2013-09-11 14:26:40 ----SHD---- D:\WINDOWS\Installer
2013-09-11 14:26:38 ----D---- D:\Program Files\Google
2013-09-11 14:26:15 ----D---- D:\Program Files\LGE Tool
2013-09-11 14:26:05 ----D---- D:\Program Files\SgTool
2013-09-11 14:25:55 ----D---- D:\Program Files\Z3X
2013-09-11 14:25:18 ----D---- D:\WINDOWS\system32\drivers
2013-09-11 14:24:23 ----D---- D:\Program Files\SPT
2013-09-11 14:23:10 ----D---- D:\Program Files\Microsoft Security Client
2013-09-11 14:23:10 ----D---- D:\Config.Msi
2013-09-11 14:21:43 ----D---- D:\WINDOWS\WinSxS
2013-09-11 14:21:05 ----D---- D:\Program Files\iTunes
2013-09-11 14:21:02 ----DC---- D:\WINDOWS\system32\DRVSTORE
2013-09-11 14:20:56 ----D---- D:\Program Files\CDBurnerXP
2013-09-11 14:20:55 ----D---- D:\WINDOWS\system32\drivers\umdf
2013-09-11 14:20:50 ----D---- D:\Program Files\TestImei
2013-09-11 14:19:40 ----RSD---- D:\WINDOWS\Fonts
2013-09-11 14:19:24 ----D---- D:\Program Files\Microsoft ActiveSync
2013-09-11 14:17:10 ----D---- D:\Documents and Settings\brazo\Application Data\uTorrent
2013-09-11 14:17:10 ----D---- D:\Documents and Settings\All Users\Application Data\Nokia
2013-09-11 14:16:40 ----D---- D:\Program Files\MetaTrader - One Financial
2013-09-11 14:15:37 ----HDC---- D:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-09-11 14:15:36 ----HDC---- D:\WINDOWS\$NtUninstallKB2850851$
2013-09-11 14:15:35 ----HDC---- D:\WINDOWS\$NtUninstallKB2845187$
2013-09-11 14:14:07 ----D---- D:\WINDOWS\system32\XPSViewer
2013-09-11 14:14:03 ----HDC---- D:\WINDOWS\$NtUninstallKB2846071$
2013-09-11 11:37:17 ----D---- D:\Program Files\DIFX
2013-09-11 11:34:43 ----D---- D:\WINDOWS\system32\Restore
2013-09-11 10:32:44 ----D---- D:\WINDOWS\Prefetch
2013-09-11 10:31:18 ----A---- D:\WINDOWS\system.ini
2013-09-11 10:31:10 ----D---- D:\WINDOWS\system32\drivers\etc
2013-09-11 10:28:05 ----D---- D:\WINDOWS\AppPatch
2013-09-11 10:28:02 ----D---- D:\Program Files\Common Files
2013-09-05 08:58:55 ----D---- D:\Documents and Settings\brazo\Application Data\EurekaLog
2013-08-30 09:48:07 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2013-08-27 10:43:33 ----D---- D:\Documents and Settings\brazo\Application Data\PC Suite
2013-08-15 09:22:32 ----RSD---- D:\WINDOWS\assembly
2013-08-15 09:22:32 ----D---- D:\WINDOWS\Microsoft.NET
2013-08-14 12:03:55 ----D---- D:\Program Files\iPod
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; D:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 irda;IrDA Protocol; D:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 StarOpen;StarOpen; D:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 Egatebus;Egatebus; D:\WINDOWS\system32\drivers\egatebus.sys [2003-12-19 11264]
R3 Egaterdr;Egaterdr; D:\WINDOWS\system32\drivers\egaterdr.sys [2003-12-19 10368]
R3 FTDIBUS;USB Serial Converter Driver; D:\WINDOWS\system32\drivers\ftdibus.sys [2010-03-28 57800]
R3 FTSER2K;USB Serial Port Driver; D:\WINDOWS\system32\drivers\ftser2k.sys [2010-03-28 72520]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 irsir;Microsoft Serial Infrared Driver; D:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 R5BaseSmc;USB Token Holder Service; D:\WINDOWS\system32\DRIVERS\smccard.sys [2004-09-28 12800]
R3 Rasirda;WAN Miniport (IrDA); D:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 token;USB Token Service; D:\WINDOWS\system32\DRIVERS\eps2kt1.sys [2004-10-14 21888]
R3 usbstor;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; D:\WINDOWS\System32\Drivers\ssadadb.sys [2013-04-03 32064]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-04-03 83864]
S3 Egatecard;Egatecard; D:\WINDOWS\System32\Drivers\egate.sys [2003-12-19 13312]
S3 FlashUSB;FlashUSB; D:\WINDOWS\system32\DRIVERS\FlashUSB.sys [2013-04-03 16384]
S3 ggflt;SEMC USB Flash Driver Filter; D:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
S3 ggsemc;SEMC USB Flash Driver; D:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-04-06 25512]
S3 HTCAND32;HTC Device Driver; D:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 Netaapl;Apple Mobile Device Ethernet Service; D:\WINDOWS\system32\DRIVERS\netaapl.sys [2012-09-10 18432]
S3 nmwcd;Nokia USB Phone Parent Driver; D:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; D:\WINDOWS\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; D:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 ntportio;ntportio; \??\E:\!GSM!\Ericsson\USB_SMRAD\SEMC_Tool_v87\ntportio.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 riffbox;RIFFBOX_2010; D:\WINDOWS\system32\DRIVERS\riffbox.sys [2010-05-04 27648]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); D:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 SamUsb;MTBox Device; D:\WINDOWS\System32\Drivers\mtbox.sys [2005-09-07 31452]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); D:\WINDOWS\system32\DRIVERS\ss_bus.sys [2013-04-03 98560]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; D:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2013-04-03 14848]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; D:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2013-04-03 123776]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); D:\WINDOWS\system32\DRIVERS\ssadbus.sys [2013-04-03 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); D:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2013-04-03 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; D:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2013-04-03 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); D:\WINDOWS\system32\DRIVERS\ssadserd.sys [2013-04-03 130248]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); D:\WINDOWS\system32\DRIVERS\sscdbus.sys [2013-04-03 136776]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; D:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2013-04-03 17864]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; D:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2013-04-03 153672]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); D:\WINDOWS\system32\DRIVERS\sscebus.sys [2013-04-03 136904]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; D:\WINDOWS\system32\DRIVERS\sscemdfl.sys [2013-04-03 17864]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; D:\WINDOWS\system32\DRIVERS\sscemdm.sys [2013-04-03 153672]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); D:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2013-04-03 104448]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; D:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2013-04-03 14848]
S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers; D:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2013-04-03 132608]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-04-03 181912]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudobex.sys [2013-04-03 181912]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudserd.sys [2013-04-03 181912]
S3 UFS2XX;UFS2XX.SYS UFS2 device driver; D:\WINDOWS\system32\drivers\UFS2XX.sys [2007-06-27 53184]
S3 UIUSys;Conexant Setup API; D:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2012-12-13 45056]
S3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; D:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSMARTPrj;USB Smart device driver; D:\WINDOWS\System32\Drivers\UsbSmart.sys [2005-09-15 7680]
S3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WinUSB;SAMSUNG Android USB Driver; D:\WINDOWS\system32\DRIVERS\WinUSB.sys [2009-07-13 34944]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 HTCMonitorService;HTCMonitorService; D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
R2 Irmon;Infrared Monitor; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MsMpSvc;Microsoft Antimalware Service; D:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-06-20 22208]
R2 TeamViewer;TeamViewer 3; D:\Program Files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 181544]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2013-05-31 553288]
R3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-14 116648]
S2 PanService;PandoraService; D:\Program Files\PANDORA.TV\PanService\PandoraService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11 257416]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-14 116648]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-10 117144]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-16 755880]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
PC2
All processes killed
========== FILES ==========
C:\Program Files\pdfforge Toolbar(2)\Res(2) folder moved successfully.
C:\Program Files\pdfforge Toolbar(2)\FF(2)\chrome(2) folder moved successfully.
C:\Program Files\pdfforge Toolbar(2)\FF(2) folder moved successfully.
C:\Program Files\pdfforge Toolbar(2) folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 180358 bytes
User: NetworkService
->Temp folder emptied: 10201896 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Owner
->Temp folder emptied: 1089033 bytes
->Temporary Internet Files folder emptied: 152553 bytes
->FireFox cache emptied: 426156856 bytes
->Flash cache emptied: 38473 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5756188 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 14755386 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 439,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Owner
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 09132013_084553
Files moved on Reboot...
Registry entries deleted on Reboot...
Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2013-09-13 11:20:35
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 97 GB (82%) free of 118 GB
Total RAM: 1983 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:20:38, on 13.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... R}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8104210351
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8104613109
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 5345 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =302398&p="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
C:\Program Files\Mozilla Firefox\plugins\
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\extensions\
{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
yahoo.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-11 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-11-04 163840]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-11-08 6756048]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-07-18 995184]
""= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Yaho's Miranda Pack\miranda32.exe"="D:\Yaho's Miranda Pack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Yaho's Miranda Pack\miranda32.exe"="C:\Program Files\Yaho's Miranda Pack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-09-13 11:16:31 ----D---- C:\WINDOWS\system32\MRT
2013-09-13 11:07:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2870699$
2013-09-13 11:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2876315$
2013-09-13 11:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$
2013-09-13 09:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$
2013-09-13 08:45:53 ----D---- C:\_OTM
2013-09-12 14:45:24 ----D---- C:\Program Files\Mozilla Firefox
2013-09-12 08:34:01 ----D---- C:\AdwCleaner
2013-09-11 13:47:57 ----D---- C:\WINDOWS\Temp28A9947D-D6DA-4348-4C06-70CB8ACA65B9-Signatures
2013-09-11 12:06:21 ----SHD---- C:\RECYCLER
2013-09-11 11:51:31 ----D---- C:\Program Files\trend micro
2013-09-11 11:51:30 ----D---- C:\rsit
2013-09-11 10:41:45 ----D---- C:\WINDOWS\temp
2013-09-11 10:41:43 ----A---- C:\ComboFix.txt
2013-09-11 10:31:33 ----A---- C:\Boot.bak
2013-09-11 10:31:28 ----D---- C:\cmdcons
2013-09-11 09:54:29 ----D---- C:\Qoobox
2013-09-11 09:53:44 ----D---- C:\WINDOWS\erdnt
2013-09-05 08:48:37 ----D---- C:\Program Files\Application Updater(2)
2013-09-05 08:48:35 ----D---- C:\Program Files\Common Files\Spigot(2)
2013-08-28 11:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2013-08-14 12:11:44 ----DC---- C:\WINDOWS\$NtUninstallKB2862772$
2013-08-14 12:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 12:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 12:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 12:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2849470$
======List of files/folders modified in the last 1 month======
2013-09-13 11:18:15 ----D---- C:\WINDOWS\system32
2013-09-13 11:18:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-13 11:16:32 ----D---- C:\WINDOWS\Prefetch
2013-09-13 11:15:53 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-13 11:15:18 ----D---- C:\WINDOWS
2013-09-13 11:12:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-09-13 11:11:48 ----HD---- C:\WINDOWS\inf
2013-09-13 11:09:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-13 11:03:09 ----A---- C:\WINDOWS\imsins.BAK
2013-09-13 11:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2845187$
2013-09-13 11:01:04 ----D---- C:\WINDOWS\assembly
2013-09-13 10:53:25 ----D---- C:\WINDOWS\Microsoft.NET
2013-09-13 10:39:09 ----SD---- C:\WINDOWS\Tasks
2013-09-13 10:23:44 ----SHD---- C:\WINDOWS\Installer
2013-09-13 10:18:19 ----D---- C:\WINDOWS\WinSxS
2013-09-13 10:01:34 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-13 08:47:26 ----RD---- C:\Program Files
2013-09-13 08:37:27 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-09-12 16:56:46 ----D---- C:\Omega
2013-09-12 16:56:34 ----A---- C:\WINDOWS\gsm.ini
2013-09-11 13:49:41 ----D---- C:\Program Files\Microsoft Security Client
2013-09-11 13:49:15 ----D---- C:\WINDOWS\system32\drivers
2013-09-11 13:49:15 ----D---- C:\WINDOWS\system32\CatRoot
2013-09-11 12:14:19 ----D---- C:\WINDOWS\system32\config
2013-09-11 12:14:04 ----D---- C:\WINDOWS\system32\wbem
2013-09-11 12:14:03 ----D---- C:\WINDOWS\Registration
2013-09-11 12:12:36 ----DC---- C:\WINDOWS\$NtUninstallKB2846071$
2013-09-11 12:11:20 ----DC---- C:\WINDOWS\$NtUninstallKB2803821_WM9$
2013-09-11 12:11:19 ----DC---- C:\WINDOWS\$NtUninstallKB2850851$
2013-09-11 12:09:52 ----D---- C:\Program Files\Common Files
2013-09-11 12:05:47 ----D---- C:\WINDOWS\system32\Restore
2013-09-11 10:40:13 ----A---- C:\WINDOWS\system.ini
2013-09-11 10:38:06 ----D---- C:\WINDOWS\AppPatch
2013-09-11 10:04:26 ----D---- C:\WINDOWS\system32\drivers\etc
2013-09-01 16:57:52 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-11-08 99080]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-11-08 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-11-08 32640]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2010-06-25 47104]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 mvusbews;USB EWS Device; C:\WINDOWS\System32\Drivers\mvusbews.sys [2011-04-15 17408]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\WINDOWS\system32\DRIVERS\silabenm.sys [2007-09-06 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\WINDOWS\system32\DRIVERS\silabser.sys [2007-09-06 58368]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-02-11 244352]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2010-06-25 47104]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 slabbus;CP2101 USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-11-08 1990464]
R2 HPSIService;HP SI Service; C:\WINDOWS\system32\HPSIsvc.exe [2011-05-18 99896]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-07-18 22216]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13 257416]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-12 117656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
-----------------EOF-----------------
Po aplikovani otm.exe na oboch PC prebehol automaticky windows update a postahovalo nejake zaplaty. Momentalne sa oba PC spravaju normalne. Takze to je asi vyriesene. Velmi pekne dakujem za pomoc.
All processes killed
========== FILES ==========
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: brazo
->Temp folder emptied: 7604188 bytes
->Temporary Internet Files folder emptied: 7295076 bytes
->Google Chrome cache emptied: 138477360 bytes
->Flash cache emptied: 3922 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 63602 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 577456 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1251 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 149,00 mb
[EMPTYFLASH]
User: All Users
User: brazo
->Flash cache emptied: 0 bytes
User: Default User
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 09132013_085310
Files moved on Reboot...
D:\WINDOWS\temp\TMP00000001CE2858036140C038 moved successfully.
Registry entries deleted on Reboot...
Logfile of random's system information tool 1.09 (written by random/random)
Run by brazo at 2013-09-13 10:02:21
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive D: has 204 GB (86%) free of 238 GB
Total RAM: 1527 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:02:26, on 13.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Microsoft Security Client\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Samsung\Kies\KiesTrayAgent.exe
D:\Program Files\Microsoft Security Client\msseces.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Samsung\Kies\Kies.exe
D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TeamViewer3\TeamViewer_Host.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\brazo\Desktop\RSIT.exe
D:\Program Files\trend micro\brazo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] D:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [MSC] "D:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KiesPreload] D:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] D:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvoriť mobilnú obľúbenú položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7958496656
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PandoraService (PanService) - Unknown owner - D:\Program Files\PANDORA.TV\PanService\PandoraService.exe (file missing)
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - D:\Program Files\TeamViewer3\TeamViewer_Host.exe
--
End of file - 6379 bytes
======Scheduled tasks folder======
D:\WINDOWS\tasks\Adobe Flash Player Updater.job
D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
D:\WINDOWS\tasks\MpIdleTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"SkyTel"=D:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=D:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"APSDaemon"=D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"KiesTrayAgent"=D:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2013-04-23 311152]
"MSC"=D:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20 995176]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2013-05-31 152392]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"KiesPreload"=D:\Program Files\Samsung\Kies\Kies.exe [2013-04-23 1561968]
"KiesAirMessage"=D:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup []
""=D:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-05-08 844168]
"PC Suite Tray"=D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"H/PC Connection Agent"=D:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe"="D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager"
"D:\Program Files\TeamViewer3\TeamViewer.exe"="D:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"D:\Program Files\Yaho's Miranda IM\miranda32.exe"="D:\Program Files\Yaho's Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Program Files\Evik miranda\miranda32.exe"="D:\Program Files\Evik miranda\miranda32.exe:*:Enabled:Miranda IM"
"D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"D:\Documents and Settings\brazo\Application Data\uTorrent\uTorrent.exe"="D:\Documents and Settings\brazo\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"="D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="D:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"
"D:\Program Files\PANDORA.TV\PanService\PanProcess.exe"="D:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe"="D:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager"
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"="D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-09-13 09:55:16 ----HDC---- D:\WINDOWS\$NtUninstallKB2870699$
2013-09-13 09:36:10 ----HDC---- D:\WINDOWS\$NtUninstallKB2876315$
2013-09-13 09:32:16 ----HDC---- D:\WINDOWS\$NtUninstallKB2876217$
2013-09-13 09:28:01 ----HDC---- D:\WINDOWS\$NtUninstallKB2864063$
2013-09-13 08:53:10 ----D---- D:\_OTM
2013-09-12 08:45:49 ----D---- D:\AdwCleaner
2013-09-11 14:55:44 ----D---- D:\rsit
2013-09-11 14:55:44 ----D---- D:\Program Files\trend micro
2013-09-11 14:27:11 ----SHD---- D:\RECYCLER
2013-09-11 14:27:08 ----D---- D:\Documents and Settings\All Users\Application Data\TEMP
2013-09-11 14:23:30 ----D---- D:\Program Files\Unlockroot Pro
2013-09-11 14:23:28 ----D---- D:\WINDOWS\system32\searchplugins
2013-09-11 14:23:28 ----D---- D:\WINDOWS\system32\Extensions
2013-09-11 14:23:27 ----D---- D:\Program Files\Mozilla Firefox
2013-09-11 14:22:31 ----D---- D:\WINDOWS\system32\MRT
2013-09-11 14:21:01 ----D---- D:\Documents and Settings\All Users\Application Data\Freemake
2013-09-11 14:21:00 ----D---- D:\Program Files\Freemake
2013-09-11 14:20:56 ----D---- D:\Documents and Settings\brazo\Application Data\Canneverbe Limited
2013-09-11 14:20:56 ----D---- D:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2013-09-11 11:35:45 ----D---- D:\RECYCLER(2)
2013-09-11 10:32:44 ----A---- D:\ComboFix.txt
2013-09-11 10:03:11 ----D---- D:\Qoobox
2013-09-11 10:02:56 ----D---- D:\WINDOWS\erdnt
2013-09-05 09:31:58 ----D---- D:\WINDOWS\Minidump
2013-09-02 11:23:04 ----A---- D:\WINDOWS\system32\WinUSBCoInstaller2.dll
2013-08-30 15:48:12 ----D---- D:\Program Files\Garmin
2013-08-30 15:48:10 ----D---- D:\Documents and Settings\brazo\Application Data\Garmin
2013-08-28 08:44:27 ----HDC---- D:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-23 15:07:30 ----D---- D:\Program Files\Unlockroot
2013-08-14 13:53:34 ----A---- D:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2013-08-14 13:53:25 ----D---- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 12:15:21 ----HDC---- D:\WINDOWS\$NtUninstallKB2862772$
2013-08-14 12:07:06 ----HDC---- D:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 12:06:56 ----HDC---- D:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 12:06:48 ----HDC---- D:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 12:06:34 ----HDC---- D:\WINDOWS\$NtUninstallKB2849470$
======List of files/folders modified in the last 1 month======
2013-09-13 10:01:58 ----D---- D:\WINDOWS\system32\CatRoot2
2013-09-13 10:01:57 ----D---- D:\WINDOWS\Temp
2013-09-13 10:00:48 ----D---- D:\WINDOWS
2013-09-13 10:00:07 ----D---- D:\WINDOWS\system32
2013-09-13 09:59:20 ----A---- D:\WINDOWS\SchedLgU.Txt
2013-09-13 09:55:33 ----HD---- D:\WINDOWS\inf
2013-09-13 09:55:26 ----RSHDC---- D:\WINDOWS\system32\dllcache
2013-09-13 09:50:26 ----SD---- D:\WINDOWS\Tasks
2013-09-13 09:38:08 ----A---- D:\WINDOWS\imsins.BAK
2013-09-13 09:12:19 ----A---- D:\WINDOWS\system32\MRT.exe
2013-09-12 14:51:25 ----D---- D:\Program Files\The KMPlayer
2013-09-11 16:06:39 ----D---- D:\WINDOWS\system32\CatRoot
2013-09-11 15:11:06 ----A---- D:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-11 15:07:30 ----RD---- D:\Program Files
2013-09-11 14:28:03 ----D---- D:\WINDOWS\system32\config
2013-09-11 14:27:47 ----D---- D:\WINDOWS\system32\wbem
2013-09-11 14:27:47 ----D---- D:\WINDOWS\Registration
2013-09-11 14:26:40 ----SHD---- D:\WINDOWS\Installer
2013-09-11 14:26:38 ----D---- D:\Program Files\Google
2013-09-11 14:26:15 ----D---- D:\Program Files\LGE Tool
2013-09-11 14:26:05 ----D---- D:\Program Files\SgTool
2013-09-11 14:25:55 ----D---- D:\Program Files\Z3X
2013-09-11 14:25:18 ----D---- D:\WINDOWS\system32\drivers
2013-09-11 14:24:23 ----D---- D:\Program Files\SPT
2013-09-11 14:23:10 ----D---- D:\Program Files\Microsoft Security Client
2013-09-11 14:23:10 ----D---- D:\Config.Msi
2013-09-11 14:21:43 ----D---- D:\WINDOWS\WinSxS
2013-09-11 14:21:05 ----D---- D:\Program Files\iTunes
2013-09-11 14:21:02 ----DC---- D:\WINDOWS\system32\DRVSTORE
2013-09-11 14:20:56 ----D---- D:\Program Files\CDBurnerXP
2013-09-11 14:20:55 ----D---- D:\WINDOWS\system32\drivers\umdf
2013-09-11 14:20:50 ----D---- D:\Program Files\TestImei
2013-09-11 14:19:40 ----RSD---- D:\WINDOWS\Fonts
2013-09-11 14:19:24 ----D---- D:\Program Files\Microsoft ActiveSync
2013-09-11 14:17:10 ----D---- D:\Documents and Settings\brazo\Application Data\uTorrent
2013-09-11 14:17:10 ----D---- D:\Documents and Settings\All Users\Application Data\Nokia
2013-09-11 14:16:40 ----D---- D:\Program Files\MetaTrader - One Financial
2013-09-11 14:15:37 ----HDC---- D:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-09-11 14:15:36 ----HDC---- D:\WINDOWS\$NtUninstallKB2850851$
2013-09-11 14:15:35 ----HDC---- D:\WINDOWS\$NtUninstallKB2845187$
2013-09-11 14:14:07 ----D---- D:\WINDOWS\system32\XPSViewer
2013-09-11 14:14:03 ----HDC---- D:\WINDOWS\$NtUninstallKB2846071$
2013-09-11 11:37:17 ----D---- D:\Program Files\DIFX
2013-09-11 11:34:43 ----D---- D:\WINDOWS\system32\Restore
2013-09-11 10:32:44 ----D---- D:\WINDOWS\Prefetch
2013-09-11 10:31:18 ----A---- D:\WINDOWS\system.ini
2013-09-11 10:31:10 ----D---- D:\WINDOWS\system32\drivers\etc
2013-09-11 10:28:05 ----D---- D:\WINDOWS\AppPatch
2013-09-11 10:28:02 ----D---- D:\Program Files\Common Files
2013-09-05 08:58:55 ----D---- D:\Documents and Settings\brazo\Application Data\EurekaLog
2013-08-30 09:48:07 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2013-08-27 10:43:33 ----D---- D:\Documents and Settings\brazo\Application Data\PC Suite
2013-08-15 09:22:32 ----RSD---- D:\WINDOWS\assembly
2013-08-15 09:22:32 ----D---- D:\WINDOWS\Microsoft.NET
2013-08-14 12:03:55 ----D---- D:\Program Files\iPod
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; D:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 irda;IrDA Protocol; D:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 StarOpen;StarOpen; D:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 Egatebus;Egatebus; D:\WINDOWS\system32\drivers\egatebus.sys [2003-12-19 11264]
R3 Egaterdr;Egaterdr; D:\WINDOWS\system32\drivers\egaterdr.sys [2003-12-19 10368]
R3 FTDIBUS;USB Serial Converter Driver; D:\WINDOWS\system32\drivers\ftdibus.sys [2010-03-28 57800]
R3 FTSER2K;USB Serial Port Driver; D:\WINDOWS\system32\drivers\ftser2k.sys [2010-03-28 72520]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 irsir;Microsoft Serial Infrared Driver; D:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 R5BaseSmc;USB Token Holder Service; D:\WINDOWS\system32\DRIVERS\smccard.sys [2004-09-28 12800]
R3 Rasirda;WAN Miniport (IrDA); D:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 token;USB Token Service; D:\WINDOWS\system32\DRIVERS\eps2kt1.sys [2004-10-14 21888]
R3 usbstor;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; D:\WINDOWS\System32\Drivers\ssadadb.sys [2013-04-03 32064]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-04-03 83864]
S3 Egatecard;Egatecard; D:\WINDOWS\System32\Drivers\egate.sys [2003-12-19 13312]
S3 FlashUSB;FlashUSB; D:\WINDOWS\system32\DRIVERS\FlashUSB.sys [2013-04-03 16384]
S3 ggflt;SEMC USB Flash Driver Filter; D:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
S3 ggsemc;SEMC USB Flash Driver; D:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-04-06 25512]
S3 HTCAND32;HTC Device Driver; D:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 Netaapl;Apple Mobile Device Ethernet Service; D:\WINDOWS\system32\DRIVERS\netaapl.sys [2012-09-10 18432]
S3 nmwcd;Nokia USB Phone Parent Driver; D:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; D:\WINDOWS\system32\drivers\nmwcdnsu.sys [2012-01-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; D:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576]
S3 ntportio;ntportio; \??\E:\!GSM!\Ericsson\USB_SMRAD\SEMC_Tool_v87\ntportio.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 riffbox;RIFFBOX_2010; D:\WINDOWS\system32\DRIVERS\riffbox.sys [2010-05-04 27648]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); D:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 SamUsb;MTBox Device; D:\WINDOWS\System32\Drivers\mtbox.sys [2005-09-07 31452]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); D:\WINDOWS\system32\DRIVERS\ss_bus.sys [2013-04-03 98560]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; D:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2013-04-03 14848]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; D:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2013-04-03 123776]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); D:\WINDOWS\system32\DRIVERS\ssadbus.sys [2013-04-03 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); D:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2013-04-03 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; D:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2013-04-03 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); D:\WINDOWS\system32\DRIVERS\ssadserd.sys [2013-04-03 130248]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); D:\WINDOWS\system32\DRIVERS\sscdbus.sys [2013-04-03 136776]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; D:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2013-04-03 17864]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; D:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2013-04-03 153672]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); D:\WINDOWS\system32\DRIVERS\sscebus.sys [2013-04-03 136904]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; D:\WINDOWS\system32\DRIVERS\sscemdfl.sys [2013-04-03 17864]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; D:\WINDOWS\system32\DRIVERS\sscemdm.sys [2013-04-03 153672]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); D:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2013-04-03 104448]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; D:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2013-04-03 14848]
S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers; D:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2013-04-03 132608]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-04-03 181912]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudobex.sys [2013-04-03 181912]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); D:\WINDOWS\system32\DRIVERS\ssudserd.sys [2013-04-03 181912]
S3 UFS2XX;UFS2XX.SYS UFS2 device driver; D:\WINDOWS\system32\drivers\UFS2XX.sys [2007-06-27 53184]
S3 UIUSys;Conexant Setup API; D:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 upperdev;upperdev; D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2012-12-13 45056]
S3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; D:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSMARTPrj;USB Smart device driver; D:\WINDOWS\System32\Drivers\UsbSmart.sys [2005-09-15 7680]
S3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WinUSB;SAMSUNG Android USB Driver; D:\WINDOWS\system32\DRIVERS\WinUSB.sys [2009-07-13 34944]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 HTCMonitorService;HTCMonitorService; D:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
R2 Irmon;Infrared Monitor; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MsMpSvc;Microsoft Antimalware Service; D:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-06-20 22208]
R2 TeamViewer;TeamViewer 3; D:\Program Files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 181544]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2013-05-31 553288]
R3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-14 116648]
S2 PanService;PandoraService; D:\Program Files\PANDORA.TV\PanService\PandoraService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11 257416]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-14 116648]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-10 117144]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-16 755880]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
PC2
All processes killed
========== FILES ==========
C:\Program Files\pdfforge Toolbar(2)\Res(2) folder moved successfully.
C:\Program Files\pdfforge Toolbar(2)\FF(2)\chrome(2) folder moved successfully.
C:\Program Files\pdfforge Toolbar(2)\FF(2) folder moved successfully.
C:\Program Files\pdfforge Toolbar(2) folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 180358 bytes
User: NetworkService
->Temp folder emptied: 10201896 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Owner
->Temp folder emptied: 1089033 bytes
->Temporary Internet Files folder emptied: 152553 bytes
->FireFox cache emptied: 426156856 bytes
->Flash cache emptied: 38473 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5756188 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 14755386 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 439,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Owner
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 09132013_084553
Files moved on Reboot...
Registry entries deleted on Reboot...
Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2013-09-13 11:20:35
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 97 GB (82%) free of 118 GB
Total RAM: 1983 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:20:38, on 13.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... R}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8104210351
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8104613109
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 5345 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =302398&p="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
C:\Program Files\Mozilla Firefox\plugins\
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\extensions\
{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7hfqying.default\searchplugins\
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
yahoo.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-11 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-11-04 163840]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-11-08 6756048]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-07-18 995184]
""= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Yaho's Miranda Pack\miranda32.exe"="D:\Yaho's Miranda Pack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Yaho's Miranda Pack\miranda32.exe"="C:\Program Files\Yaho's Miranda Pack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-09-13 11:16:31 ----D---- C:\WINDOWS\system32\MRT
2013-09-13 11:07:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2870699$
2013-09-13 11:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2876315$
2013-09-13 11:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$
2013-09-13 09:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$
2013-09-13 08:45:53 ----D---- C:\_OTM
2013-09-12 14:45:24 ----D---- C:\Program Files\Mozilla Firefox
2013-09-12 08:34:01 ----D---- C:\AdwCleaner
2013-09-11 13:47:57 ----D---- C:\WINDOWS\Temp28A9947D-D6DA-4348-4C06-70CB8ACA65B9-Signatures
2013-09-11 12:06:21 ----SHD---- C:\RECYCLER
2013-09-11 11:51:31 ----D---- C:\Program Files\trend micro
2013-09-11 11:51:30 ----D---- C:\rsit
2013-09-11 10:41:45 ----D---- C:\WINDOWS\temp
2013-09-11 10:41:43 ----A---- C:\ComboFix.txt
2013-09-11 10:31:33 ----A---- C:\Boot.bak
2013-09-11 10:31:28 ----D---- C:\cmdcons
2013-09-11 09:54:29 ----D---- C:\Qoobox
2013-09-11 09:53:44 ----D---- C:\WINDOWS\erdnt
2013-09-05 08:48:37 ----D---- C:\Program Files\Application Updater(2)
2013-09-05 08:48:35 ----D---- C:\Program Files\Common Files\Spigot(2)
2013-08-28 11:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2013-08-14 12:11:44 ----DC---- C:\WINDOWS\$NtUninstallKB2862772$
2013-08-14 12:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 12:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 12:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 12:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2849470$
======List of files/folders modified in the last 1 month======
2013-09-13 11:18:15 ----D---- C:\WINDOWS\system32
2013-09-13 11:18:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-13 11:16:32 ----D---- C:\WINDOWS\Prefetch
2013-09-13 11:15:53 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-13 11:15:18 ----D---- C:\WINDOWS
2013-09-13 11:12:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-09-13 11:11:48 ----HD---- C:\WINDOWS\inf
2013-09-13 11:09:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-13 11:03:09 ----A---- C:\WINDOWS\imsins.BAK
2013-09-13 11:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2845187$
2013-09-13 11:01:04 ----D---- C:\WINDOWS\assembly
2013-09-13 10:53:25 ----D---- C:\WINDOWS\Microsoft.NET
2013-09-13 10:39:09 ----SD---- C:\WINDOWS\Tasks
2013-09-13 10:23:44 ----SHD---- C:\WINDOWS\Installer
2013-09-13 10:18:19 ----D---- C:\WINDOWS\WinSxS
2013-09-13 10:01:34 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-13 08:47:26 ----RD---- C:\Program Files
2013-09-13 08:37:27 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-09-12 16:56:46 ----D---- C:\Omega
2013-09-12 16:56:34 ----A---- C:\WINDOWS\gsm.ini
2013-09-11 13:49:41 ----D---- C:\Program Files\Microsoft Security Client
2013-09-11 13:49:15 ----D---- C:\WINDOWS\system32\drivers
2013-09-11 13:49:15 ----D---- C:\WINDOWS\system32\CatRoot
2013-09-11 12:14:19 ----D---- C:\WINDOWS\system32\config
2013-09-11 12:14:04 ----D---- C:\WINDOWS\system32\wbem
2013-09-11 12:14:03 ----D---- C:\WINDOWS\Registration
2013-09-11 12:12:36 ----DC---- C:\WINDOWS\$NtUninstallKB2846071$
2013-09-11 12:11:20 ----DC---- C:\WINDOWS\$NtUninstallKB2803821_WM9$
2013-09-11 12:11:19 ----DC---- C:\WINDOWS\$NtUninstallKB2850851$
2013-09-11 12:09:52 ----D---- C:\Program Files\Common Files
2013-09-11 12:05:47 ----D---- C:\WINDOWS\system32\Restore
2013-09-11 10:40:13 ----A---- C:\WINDOWS\system.ini
2013-09-11 10:38:06 ----D---- C:\WINDOWS\AppPatch
2013-09-11 10:04:26 ----D---- C:\WINDOWS\system32\drivers\etc
2013-09-01 16:57:52 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-11-08 99080]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-11-08 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-11-08 32640]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2010-06-25 47104]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 mvusbews;USB EWS Device; C:\WINDOWS\System32\Drivers\mvusbews.sys [2011-04-15 17408]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\WINDOWS\system32\DRIVERS\silabenm.sys [2007-09-06 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\WINDOWS\system32\DRIVERS\silabser.sys [2007-09-06 58368]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-02-11 244352]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2010-06-25 47104]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 slabbus;CP2101 USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-11-08 1990464]
R2 HPSIService;HP SI Service; C:\WINDOWS\system32\HPSIsvc.exe [2011-05-18 99896]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-07-18 22216]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13 257416]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-12 117656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
-----------------EOF-----------------
Po aplikovani otm.exe na oboch PC prebehol automaticky windows update a postahovalo nejake zaplaty. Momentalne sa oba PC spravaju normalne. Takze to je asi vyriesene. Velmi pekne dakujem za pomoc.
-
Rudy
- Site Admin
- Příspěvky: 119529
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: svchost.exe vytazuje procesor na 100%
OK, to jsem rád. Ještě vyházíme zbytky:
PC1
Dvouklikem na soubor D:\Program Files\trend micro\brazo.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
----------------------------------------------------------------------------------------------------------------------
PC2
Dvouklikem na soubor C:\Program Files\trend micro\Owner.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
PC1
Dvouklikem na soubor D:\Program Files\trend micro\brazo.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O20 - AppInit_DLLs:
----------------------------------------------------------------------------------------------------------------------
PC2
Dvouklikem na soubor C:\Program Files\trend micro\Owner.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.R3 - URLSearchHook: (no name) - - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: svchost.exe vytazuje procesor na 100%
Vycistene premazane oba PC idu cely den bez problemov.
Velmi pekne dakujem.
Velmi pekne dakujem.
-
Rudy
- Site Admin
- Příspěvky: 119529
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: svchost.exe vytazuje procesor na 100%
Nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?