Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2010-02-12 20:17:50
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 262 GB (90%) free of 291 GB
Total RAM: 2974 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:17, on 12.2.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Acer\Acer VCM\Vc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\ma\Desktop\procexp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ma\Desktop\RSIT.exe
C:\Program Files\trend micro\admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_xxxx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_xxxx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_xxxx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_xxxx
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe"
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4090344360-2812034042-1355860029-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'ma')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c9742686181be0) (gupdate1c9742686181be0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 11374 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-01-11 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-01-12 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-01-11 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-01-11 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-02-12 186904]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-05-13 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-05-07 175128]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-05-13 153624]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-11 30192]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-04-11 7399968]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-04-11 1833504]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-04-09 1071624]
"BackupManagerTray"=C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-05-26 253696]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-03-29 79224]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2009-03-30 62760]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2009-05-15 440864]
"ODDPwr"=C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [2009-04-29 176128]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2009-05-13 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2009-05-14 345384]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-11-17 135168]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-11 68856]
"AdobeUpdater6"=C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe [2009-01-11 2521464]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-05-07 215040]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-02-12 20:17:51 ----D---- C:\Program Files\trend micro
2010-02-12 20:17:50 ----D---- C:\rsit
2010-02-12 20:10:47 ----D---- C:\ProgramData\CyberLink
2010-02-11 22:48:55 ----D---- C:\ProgramData\WindowsSearch
2010-02-11 19:51:37 ----AD---- C:\ProgramData\TEMP
2010-02-11 18:29:43 ----D---- C:\Users\admin\AppData\Roaming\Macromedia
2010-02-11 18:22:59 ----D---- C:\Users\admin\AppData\Roaming\Adobe
2010-02-11 18:22:54 ----D---- C:\Users\admin\AppData\Roaming\Skype
2010-02-11 18:21:51 ----D---- C:\Users\admin\AppData\Roaming\Google
======List of files/folders modified in the last 1 months======
2010-02-12 20:17:51 ----RD---- C:\Program Files
2010-02-12 20:17:45 ----D---- C:\Windows\Temp
2010-02-12 20:10:47 ----HD---- C:\ProgramData
2010-02-12 20:05:10 ----SD---- C:\Users\admin\AppData\Roaming\Microsoft
2010-02-12 19:56:13 ----D---- C:\Windows\system32\catroot2
2010-02-12 19:56:13 ----D---- C:\Windows\system32\catroot
2010-02-12 19:56:01 ----D---- C:\Windows\winsxs
2010-02-12 19:42:23 ----D---- C:\Windows\System32
2010-02-12 19:42:23 ----D---- C:\Windows\inf
2010-02-12 19:42:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-12 19:35:49 ----D---- C:\Windows\system32\WDI
2010-02-12 19:06:10 ----SHD---- C:\Windows\Installer
2010-02-11 20:44:39 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-02-11 19:38:32 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-11 18:42:07 ----D---- C:\Windows\Prefetch
2010-02-11 18:36:52 ----SD---- C:\ProgramData\Microsoft
2010-02-11 18:24:37 ----D---- C:\Elements
2010-02-11 18:22:34 ----D---- C:\Program Files\Acer
2010-02-11 18:22:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-11 18:22:27 ----SHD---- C:\System Volume Information
2010-02-11 15:31:47 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-03-29 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-03-29 75856]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-03-29 42912]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 50768]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-05-07 4740096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-04-11 2358112]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-12-05 112640]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C60x86.sys [2009-04-01 50176]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-05 15360]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-05 14336]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-01-10 23040]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-01-10 507392]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-01-10 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-04-10 84256]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-03-25 106784]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-03-25 17056]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-01-10 149504]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-03-29 17272]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-03-29 144760]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-04-13 578848]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2009-04-11 117256]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-05-15 703008]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-02-12 354840]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-05-26 62208]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 ODDPwrSvc;Acer ODD Power Service; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-04-29 118784]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-03-29 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-03-29 345464]
S2 gupdate1c9742686181be0;Služba Google Update (gupdate1c9742686181be0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-01-11 133104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-11 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-11 182768]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
svchost.exe vytěžuje procesor - prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: svchost.exe vytěžuje procesor - prosím o kontrolu
Dobrý den, pošlete ještě log z Combofix:
Stáhneme na plochu, ukončíme všechna aktivní okna a spustíme ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Po spuštění potvrdíme podmínky užití
- Dále postupujeme dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt
- ComboFix je třeba spustit pod účtem s právy administrátora
Stáhneme na plochu, ukončíme všechna aktivní okna a spustíme ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Po spuštění potvrdíme podmínky užití
- Dále postupujeme dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt
- ComboFix je třeba spustit pod účtem s právy administrátora
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
Re: svchost.exe vytěžuje procesor - prosím o kontrolu
Děkuji za pomoc. Zde je log:
ComboFix 10-02-12.01 - admin 14.02.2010 11:20:13.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2974.1618 [GMT 1:00]
Spuštěný z: c:\users\ma\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 100213-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1169 [VPS 100213-1] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\temp
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\Suyin.reg
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-12 20:54 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-12 20:47 . 2010-02-12 20:47 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-02-12 20:46 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-12 20:46 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-12 20:46 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 20:35 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-02-12 20:35 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-02-12 20:35 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-02-12 20:35 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-02-12 20:35 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2010-02-12 20:35 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-02-12 20:35 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-02-12 20:31 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-02-12 20:31 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-02-12 20:31 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-02-12 20:31 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-02-12 20:31 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2010-02-12 19:17 . 2010-02-12 19:18 -------- d-----w- c:\program files\trend micro
2010-02-12 19:17 . 2010-02-12 19:18 -------- d-----w- C:\rsit
2010-02-12 19:10 . 2010-02-12 19:10 -------- d-----w- c:\users\ma\AppData\Roaming\CyberLink
2010-02-12 19:10 . 2010-02-12 19:10 -------- d-----w- c:\programdata\CyberLink
2010-02-12 18:48 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-02-12 18:47 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-12 18:46 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-02-12 18:46 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-02-12 18:46 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-12 18:46 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-12 18:46 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-12 18:46 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-02-11 21:48 . 2010-02-11 21:48 -------- d-----w- c:\programdata\WindowsSearch
2010-02-11 17:49 . 2010-02-12 15:34 -------- d-----w- c:\users\admin\AppData\Local\Adobe
2010-02-11 17:22 . 2010-02-14 09:45 -------- d-----w- c:\users\admin\AppData\Roaming\Skype
2010-02-11 17:22 . 2010-02-11 17:22 -------- d-----w- c:\users\admin\AppData\Local\EgisTec
2010-02-11 17:14 . 2010-02-11 17:14 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb25E3.tmp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 10:24 . 2009-01-11 19:55 -------- d-----w- c:\users\ma\AppData\Roaming\Skype
2010-02-14 08:22 . 2009-01-11 19:57 -------- d-----w- c:\users\ma\AppData\Roaming\skypePM
2010-02-12 21:13 . 2009-04-11 08:27 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-02-12 21:13 . 2009-04-11 08:27 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-02-12 21:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-12 21:02 . 2009-01-11 14:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-12 20:57 . 2009-04-11 01:12 -------- d-----w- c:\programdata\Microsoft Help
2010-02-12 20:57 . 2009-04-11 01:14 -------- d-----w- c:\program files\Microsoft Works
2010-02-11 19:44 . 2009-01-11 15:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-11 18:38 . 2009-01-11 15:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-11 17:22 . 2009-01-11 15:17 -------- d-----w- c:\program files\Acer
2010-02-11 17:22 . 2009-03-31 23:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-28 12:35 . 2010-02-12 18:47 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-12 18:47 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-12 18:47 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-12 18:47 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-12 18:47 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-12 18:47 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-12 18:47 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-12 18:47 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-12 18:47 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-12 18:47 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-18 13:05 . 2010-02-12 18:49 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-02-12 18:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-02-12 18:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-11 12:07 . 2010-02-12 18:49 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-12 18:49 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-04 16:12 . 2010-02-12 18:47 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-11 14:31 . 2010-02-11 14:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-04-07 07:24 . 2009-01-11 15:48 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 07:24 . 2009-01-11 15:48 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 07:24 . 2009-01-11 15:48 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 07:24 . 2009-01-11 15:48 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 07:24 . 2009-01-11 15:48 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 68856]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-01-11 2521464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-07 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-13 153624]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-11 30192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-11 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-09 1071624]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-05-26 253696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-03-30 62760]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-11 565248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [11.1.2009 16:09 75856]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [4.12.2008 18:34 19504]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [4.12.2008 18:34 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [4.12.2008 18:34 59952]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [11.1.2009 16:09 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [11.1.2009 16:09 50768]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [10.1.2009 9:44 117256]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [11.1.2009 16:17 703008]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [14.5.2009 23:03 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [26.5.2009 15:26 62208]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23.9.2008 13:11 144632]
R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [11.1.2009 16:19 118784]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [11.1.2009 16:19 237568]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11.1.2009 16:35 1153368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [10.1.2009 9:43 112640]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1C60x86.sys [10.1.2009 9:43 50176]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [10.1.2009 9:44 3666432]
S2 gupdate1c9742686181be0;Služba Google Update (gupdate1c9742686181be0);c:\program files\Google\Update\GoogleUpdate.exe [11.1.2009 20:55 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21.1.2008 3:23 179712]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [11.1.2009 16:00 29472]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11.1.2009 15:52 30192]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23.9.2008 13:11 50424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-11 19:55]
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-11 19:55]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0109&m=aspire_xxxx
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0109&m=aspire_xxxx
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk8uz1lj.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/updat ... oz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/looku ... oz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 11:28
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\users\admin\AppData\Local\Temp\catchme.dll 53248 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
Celkový čas: 2010-02-14 11:32:25
ComboFix-quarantined-files.txt 2010-02-14 10:32
Před spuštěním: Volných bajtů: 268 618 256 384
Po spuštění: Volných bajtů: 267 868 708 864
- - End Of File - - 4A160B330C6E1EEABBF88FD9C442B38C
ComboFix 10-02-12.01 - admin 14.02.2010 11:20:13.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2974.1618 [GMT 1:00]
Spuštěný z: c:\users\ma\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 100213-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1169 [VPS 100213-1] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\temp
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\Suyin.reg
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-12 20:54 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-12 20:47 . 2010-02-12 20:47 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-02-12 20:46 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-12 20:46 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-12 20:46 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 20:35 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-02-12 20:35 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-02-12 20:35 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-02-12 20:35 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-02-12 20:35 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2010-02-12 20:35 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-02-12 20:35 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-02-12 20:31 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-02-12 20:31 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-02-12 20:31 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-02-12 20:31 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-02-12 20:31 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2010-02-12 19:17 . 2010-02-12 19:18 -------- d-----w- c:\program files\trend micro
2010-02-12 19:17 . 2010-02-12 19:18 -------- d-----w- C:\rsit
2010-02-12 19:10 . 2010-02-12 19:10 -------- d-----w- c:\users\ma\AppData\Roaming\CyberLink
2010-02-12 19:10 . 2010-02-12 19:10 -------- d-----w- c:\programdata\CyberLink
2010-02-12 18:48 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-02-12 18:47 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-12 18:46 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-02-12 18:46 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-02-12 18:46 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-12 18:46 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-12 18:46 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-12 18:46 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-02-11 21:48 . 2010-02-11 21:48 -------- d-----w- c:\programdata\WindowsSearch
2010-02-11 17:49 . 2010-02-12 15:34 -------- d-----w- c:\users\admin\AppData\Local\Adobe
2010-02-11 17:22 . 2010-02-14 09:45 -------- d-----w- c:\users\admin\AppData\Roaming\Skype
2010-02-11 17:22 . 2010-02-11 17:22 -------- d-----w- c:\users\admin\AppData\Local\EgisTec
2010-02-11 17:14 . 2010-02-11 17:14 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb25E3.tmp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 10:24 . 2009-01-11 19:55 -------- d-----w- c:\users\ma\AppData\Roaming\Skype
2010-02-14 08:22 . 2009-01-11 19:57 -------- d-----w- c:\users\ma\AppData\Roaming\skypePM
2010-02-12 21:13 . 2009-04-11 08:27 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-02-12 21:13 . 2009-04-11 08:27 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-02-12 21:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-12 21:02 . 2009-01-11 14:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-12 20:57 . 2009-04-11 01:12 -------- d-----w- c:\programdata\Microsoft Help
2010-02-12 20:57 . 2009-04-11 01:14 -------- d-----w- c:\program files\Microsoft Works
2010-02-11 19:44 . 2009-01-11 15:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-11 18:38 . 2009-01-11 15:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-11 17:22 . 2009-01-11 15:17 -------- d-----w- c:\program files\Acer
2010-02-11 17:22 . 2009-03-31 23:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-28 12:35 . 2010-02-12 18:47 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-12 18:47 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-12 18:47 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-12 18:47 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-12 18:47 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-12 18:47 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-12 18:47 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-12 18:47 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-12 18:47 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-12 18:47 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-18 13:05 . 2010-02-12 18:49 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-02-12 18:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-02-12 18:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-11 12:07 . 2010-02-12 18:49 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-12 18:49 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-04 16:12 . 2010-02-12 18:47 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-11 14:31 . 2010-02-11 14:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-04-07 07:24 . 2009-01-11 15:48 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 07:24 . 2009-01-11 15:48 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 07:24 . 2009-01-11 15:48 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 07:24 . 2009-01-11 15:48 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 07:24 . 2009-01-11 15:48 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 68856]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-01-11 2521464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-07 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-13 153624]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-11 30192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-11 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-09 1071624]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-05-26 253696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-03-30 62760]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-11 565248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [11.1.2009 16:09 75856]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [4.12.2008 18:34 19504]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [4.12.2008 18:34 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [4.12.2008 18:34 59952]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [11.1.2009 16:09 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [11.1.2009 16:09 50768]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [10.1.2009 9:44 117256]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [11.1.2009 16:17 703008]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [14.5.2009 23:03 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [26.5.2009 15:26 62208]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23.9.2008 13:11 144632]
R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [11.1.2009 16:19 118784]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [11.1.2009 16:19 237568]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11.1.2009 16:35 1153368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [10.1.2009 9:43 112640]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1C60x86.sys [10.1.2009 9:43 50176]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [10.1.2009 9:44 3666432]
S2 gupdate1c9742686181be0;Služba Google Update (gupdate1c9742686181be0);c:\program files\Google\Update\GoogleUpdate.exe [11.1.2009 20:55 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21.1.2008 3:23 179712]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [11.1.2009 16:00 29472]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11.1.2009 15:52 30192]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23.9.2008 13:11 50424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-11 19:55]
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-11 19:55]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0109&m=aspire_xxxx
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0109&m=aspire_xxxx
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk8uz1lj.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/updat ... oz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/looku ... oz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 11:28
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\users\admin\AppData\Local\Temp\catchme.dll 53248 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
Celkový čas: 2010-02-14 11:32:25
ComboFix-quarantined-files.txt 2010-02-14 10:32
Před spuštěním: Volných bajtů: 268 618 256 384
Po spuštění: Volných bajtů: 267 868 708 864
- - End Of File - - 4A160B330C6E1EEABBF88FD9C442B38C
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: svchost.exe vytěžuje procesor - prosím o kontrolu
vypadá to OK 
toto vypněte - SpybotSD TeaTimer
použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter
potom CCleaner - položky Čistič a Registry - čištění opakujte do odstranění všech problémů
a nakonec ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1:
po spuštění staženého souboru se objeví okno:
zatrhněte Select All, klikněte na Empty Selected a Exit
stejným způsobem vymažte případně cache Firefoxu a Opery
restartujte PC
toto vypněte - SpybotSD TeaTimer
použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter
potom CCleaner - položky Čistič a Registry - čištění opakujte do odstranění všech problémů
a nakonec ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1:
po spuštění staženého souboru se objeví okno:
zatrhněte Select All, klikněte na Empty Selected a Exit
stejným způsobem vymažte případně cache Firefoxu a Opery
restartujte PC
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
Re: svchost.exe vytěžuje procesor - prosím o kontrolu
Moc děkuji za pomoc. Ten PC není můj a teď se na něj týden nedostanu, tak to provedu až potom.
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: svchost.exe vytěžuje procesor - prosím o kontrolu
OK, zatím nemáte zač
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
Přispějete na provoz fóra?