ahoj, mohl bych poprosit o pomoc, moc IE nepouzivam, ale pokud ho pustim, malokdy se spusti na prvni pokus a kdyz uz se spusti, je ve spravci uloh nekolikrat. take pozoruju semtam vyskakujici okno IE, podezdreni na nejaky malware. muzu poprosit o kontrolu logu jestli neni opravitelny problem? diky moc
Logfile of random's system information tool 1.08 (written by random/random)
Run by vachez at 2011-01-17 13:35:03
Microsoft Windows 7 Enterprise
System drive C: has 358 GB (75%) free of 477 GB
Total RAM: 3062 MB (34% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:35:17, on 17.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Fortinet\FortiClient\FortiTray.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hp\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
C:\Program Files\Hp\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Wi-Fi Sync\wifisync.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Backblaze\bzbui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\WebEx\Productivity Tools\PTIM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\vachez\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Notes\NLNOTES.EXE
C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\notes2.exe
C:\Notes\ntaskldr.EXE
C:\totalcmd\TOTALCMD.EXE
C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.2.20100729-1241\os\win32\x86\IEOOP.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Citrix\ICA Client\pn.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\mstsc.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\vachez\Desktop\RSIT.exe
C:\Program Files\trend micro\vachez.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\vachez\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Notes Link - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - (no file)
O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\vachez\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IBM Lotus Notes Preloader] "C:\Notes\nntspreld.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Wi-Fi Sync] "C:\Program Files\Wi-Fi Sync\wifisync.exe"
O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Backblaze] "C:\Program Files\Backblaze\bzbui.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Screenshot Captor] "C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\vachez\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: SkypeLauncher.lnk = C:\Program Files\SkypeLauncher\SkypeLauncher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {59D8A93A-CA6A-4F2B-9398-2E620678726F} (ClientDiag.OSoftDiagnostic) - http://pntbpc01/osoft/installation/OSoftDiag.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8FB1A5DF-578D-4302-BDD7-9E92BE61CA30} (ClientInstallControl.OSoftInstall) - http://pntbpc01/osoft/installation/OSoftInst.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pyrotek-inc.webex.com/client/T2 ... atgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pyrotek-europe.local
O17 - HKLM\Software\..\Telephony: DomainName = pyrotek-europe.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pyrotek-europe.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pyrotek-europe.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O20 - Winlogon Notify: rkotrem - rkotrem.dll (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Backblaze Service (bzserv) - Unknown owner - C:\Program Files\Backblaze\bzserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FortiClient Service Scheduler (FA_Scheduler) - Fortinet Inc. - C:\Program Files\Fortinet\FortiClient\scheduler.exe
O23 - Service: FortiClient SSL VPN (FortiSslvpnDaemon) - Fortinet Inc. - C:\Windows\system32\FortiSSLVPNdaemon.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Lotus Notes Diagnostics - IBM - C:\Notes\nsd.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - c:\Windows\system32\vcsFPService.exe
--
End of file - 14741 bytes
======Scheduled tasks folder======
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7}]
WebEx Productivity Tools - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll [2010-11-01 96568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\vachez\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-10-25 140752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - WebEx Productivity Tools - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll [2010-11-01 96568]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2010-04-05 186904]
"IMSS"=C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2010-03-03 111640]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2010-02-25 287800]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2010-03-06 563736]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-06-10 49208]
""= []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"IBM Lotus Notes Preloader"=C:\Notes\nntspreld.exe [2010-08-11 20360]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2010-12-13 115560]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"HP Color LaserJet CM1312 MFP Series Fax"=C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [2009-09-22 2453504]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2009-10-22 53248]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-01-23 101136]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-09-24 421160]
"Wi-Fi Sync"=C:\Program Files\Wi-Fi Sync\wifisync.exe [2010-05-27 373248]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-07-21 8192]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2010-11-27 495708]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-08-26 1753192]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2010-08-16 2736128]
"Backblaze"=C:\Program Files\Backblaze\bzbui.exe [2010-11-16 529704]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]
"Screenshot Captor"=C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe [2010-11-18 6392832]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 354304]
"PTIM.exe"=C:\Program Files\WebEx\Productivity Tools\PTIM.exe [2010-11-01 336184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPPQVideo]
C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe [2007-05-07 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\vachez\AppData\Roaming\QipGuard\QipGuard.exe []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\vachez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\vachez\AppData\Roaming\Dropbox\bin\Dropbox.exe
SkypeLauncher.lnk - C:\Program Files\SkypeLauncher\SkypeLauncher.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [2010-12-10 16680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rkotrem]
rkotrem.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
wlnotify.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=3
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2011-01-17 13:35:03 ----D---- C:\Program Files\trend micro
2011-01-17 13:35:02 ----D---- C:\rsit
2011-01-17 08:38:23 ----D---- C:\Program Files\ESET
2011-01-17 08:38:06 ----D---- C:\Users\vachez\AppData\Roaming\smkits
2011-01-14 15:40:42 ----D---- C:\Program Files\Xiph.Org
2011-01-14 15:15:03 ----D---- C:\Program Files\piPOol
2011-01-06 22:33:04 ----A---- C:\Windows\ScanSpyware.INI
2011-01-06 21:34:13 ----D---- C:\Users\vachez\AppData\Roaming\ScanSpyware
2011-01-04 10:51:10 ----D---- C:\Program Files\WebEx
2011-01-01 18:18:13 ----A---- C:\Windows\system32\drivers\udfs.sys
2011-01-01 18:17:23 ----A---- C:\Windows\system32\drivers\msahci.sys
2011-01-01 17:34:37 ----D---- C:\Users\vachez\AppData\Roaming\Hewlett-Packard
2010-12-31 10:35:07 ----D---- C:\Windows\Minidump
2010-12-29 13:15:25 ----D---- C:\Program Files\Sharp World Clock
2010-12-29 12:58:13 ----D---- C:\Program Files\ActiveEarth 2.0
2010-12-29 12:53:44 ----D---- C:\Windows\Sun
2010-12-23 21:29:17 ----A---- C:\Windows\system32\javaws.exe
2010-12-23 21:29:17 ----A---- C:\Windows\system32\javaw.exe
2010-12-23 21:29:17 ----A---- C:\Windows\system32\java.exe
2010-12-19 20:33:18 ----D---- C:\Program Files\LightScribe
2010-12-19 20:25:26 ----D---- C:\Program Files\Common Files\SureThing Shared
2010-12-19 20:25:26 ----A---- C:\Windows\system32\msvcr70.dll
2010-12-19 20:25:26 ----A---- C:\Windows\system32\msvcp70.dll
2010-12-19 14:04:31 ----D---- C:\ProgramData\LightScribe
======List of files/folders modified in the last 1 months======
2011-01-17 13:35:03 ----RD---- C:\Program Files
2011-01-17 13:34:11 ----D---- C:\Users\vachez\AppData\Roaming\Skype
2011-01-17 13:23:34 ----D---- C:\Windows\Temp
2011-01-17 12:24:34 ----D---- C:\Windows\system32\config
2011-01-17 08:43:17 ----D---- C:\Windows
2011-01-17 08:38:26 ----D---- C:\Windows\Downloaded Program Files
2011-01-17 08:34:37 ----D---- C:\Users\vachez\AppData\Roaming\Dropbox
2011-01-17 08:34:17 ----D---- C:\Users\vachez\AppData\Roaming\skypePM
2011-01-17 08:33:13 ----A---- C:\Windows\system32\log.txt
2011-01-16 09:38:03 ----D---- C:\ProgramData\PDFC
2011-01-15 20:22:52 ----D---- C:\Windows\System32
2011-01-15 20:22:52 ----D---- C:\Windows\inf
2011-01-15 20:22:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-15 10:16:00 ----D---- C:\Users\vachez\AppData\Roaming\HpUpdate
2011-01-14 15:15:07 ----SHD---- C:\Windows\Installer
2011-01-14 15:14:55 ----SHD---- C:\System Volume Information
2011-01-14 13:27:05 ----D---- C:\Windows\system32\drivers
2011-01-12 14:25:51 ----D---- C:\ProgramData\Adobe
2011-01-12 11:10:41 ----D---- C:\Users\vachez\AppData\Roaming\Media Player Classic
2011-01-11 15:49:17 ----D---- C:\Windows\system32\wdi
2011-01-11 09:57:24 ----D---- C:\Windows\debug
2011-01-11 09:02:00 ----D---- C:\Windows\Prefetch
2011-01-09 17:42:09 ----D---- C:\Windows\system32\catroot2
2011-01-06 18:20:04 ----D---- C:\Program Files\Symantec
2011-01-06 17:16:44 ----D---- C:\Windows\system32\appmgmt
2011-01-06 14:48:27 ----HD---- C:\ProgramData
2011-01-06 14:48:22 ----D---- C:\Windows\system32\DriverStore
2011-01-06 14:48:22 ----D---- C:\Windows\system32\catroot
2011-01-06 13:18:21 ----D---- C:\Windows\system32\Tasks
2011-01-06 13:18:15 ----D---- C:\Windows\Tasks
2011-01-06 09:27:23 ----D---- C:\Windows\system32\LogFiles
2011-01-04 22:05:03 ----D---- C:\Users\vachez\AppData\Roaming\webex
2011-01-04 13:42:42 ----D---- C:\ProgramData\Microsoft Help
2011-01-04 11:27:02 ----RSD---- C:\Windows\assembly
2011-01-04 11:27:02 ----D---- C:\Windows\Microsoft.NET
2011-01-04 10:51:44 ----D---- C:\Notes
2011-01-01 18:51:26 ----D---- C:\Windows\winsxs
2011-01-01 18:19:58 ----D---- C:\ProgramData\NVIDIA
2011-01-01 18:19:33 ----D---- C:\Windows\Help
2011-01-01 18:17:19 ----D---- C:\SWSetup
2011-01-01 18:17:12 ----D---- C:\Windows\SoftwareDistribution
2011-01-01 18:17:11 ----D---- C:\Program Files\Hewlett-Packard
2011-01-01 18:16:55 ----D---- C:\Windows\Hewlett-Packard
2011-01-01 17:59:22 ----D---- C:\ProgramData\Hewlett-Packard
2011-01-01 17:59:04 ----D---- C:\Users\vachez\AppData\Roaming\hpqLog
2011-01-01 17:54:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-27 09:10:38 ----D---- C:\Program Files\BPC
2010-12-23 21:29:04 ----D---- C:\Program Files\Java
2010-12-21 09:48:39 ----SD---- C:\Users\vachez\AppData\Roaming\Microsoft
2010-12-20 08:32:22 ----D---- C:\Program Files\Mozilla Firefox
2010-12-19 20:25:26 ----RSD---- C:\Windows\Fonts
2010-12-19 20:25:26 ----D---- C:\Program Files\Common Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2010-02-27 25656]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-05 331288]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-10-18 371248]
R1 fortiapd;fortiapd; C:\Windows\system32\drivers\fortiapd.sys [2010-02-26 13416]
R1 FortiRdr;FortiRdr; C:\Windows\system32\drivers\FortiRdr2.sys [2010-02-26 35432]
R1 FortiShield;FortiShield; C:\Windows\system32\drivers\FortiShield.sys [2010-02-26 37480]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2010-04-30 421424]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2010-12-13 284720]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2010-12-13 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2010-04-30 188080]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-06-26 48128]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2010-02-27 33848]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-21 1161760]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-01-07 86056]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2010-01-07 108072]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 29472]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-07 18472]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k6232.sys [2010-01-07 215208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-18 102448]
R3 Fortidrv2;Fortinet Packet Filter Service; C:\Windows\system32\DRIVERS\fortidrv.sys [2010-01-04 22504]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2009-09-17 41088]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-25 15872]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110116.003\NAVENG.SYS [2010-12-29 86008]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110116.003\NAVEX15.SYS [2010-12-29 1360760]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit; C:\Windows\system32\DRIVERS\NETwNs32.sys [2010-07-14 6814720]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
R3 pppop;PPPoP WAN Adapter; C:\Windows\system32\DRIVERS\pppop.sys [2009-07-22 36384]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 rismc32;RICOH Smart Card Reader; C:\Windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-12-18 1758464]
R3 STHDA;@%SystemRoot%\system32\stlang.dll,-10301; C:\Windows\system32\DRIVERS\stwrt.sys [2010-11-27 431616]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2011-01-06 125488]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2010-04-30 26416]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
R3 Teefer2;Teefer2 Miniport; C:\Windows\system32\DRIVERS\teefer2.sys [2010-12-13 67472]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
S1 Fortips;Fortips; C:\Windows\system32\drivers\fortips.sys [2010-02-26 98024]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 ft_vnic;Fortinet network virtual adapter; C:\Windows\system32\DRIVERS\ftvnic.sys [2009-02-16 14496]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-01-23 33296]
S3 NAL;Nal Service ; \??\C:\Windows\system32\Drivers\iqvw32.sys [2010-03-24 30880]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit; C:\Windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 rimspci;rimspci; C:\Windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
S3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2009-06-26 44544]
S3 risdpcie;risdpcie; C:\Windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
S3 rismxdp;rismxdp; C:\Windows\system32\DRIVERS\rixdptsk.sys [2009-06-26 38400]
S3 rixdpcie;rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [2009-12-12 38912]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2010-12-13 320944]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S4 SysPlant;SysPlant for NT; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [2010-12-13 99696]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\aestsrv.exe [2010-11-27 81920]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-03-28 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-11-27 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-12-29 595232]
R2 bzserv;Backblaze Service; C:\Program Files\Backblaze\bzserv.exe [2010-11-16 264488]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2010-12-13 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2010-12-13 108392]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FA_Scheduler;FortiClient Service Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [2010-02-26 53266]
R2 FortiSslvpnDaemon;FortiClient SSL VPN; C:\Windows\system32\FortiSSLVPNdaemon.exe [2010-07-02 703080]
R2 HP LaserJet Service;HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-01 136192]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2010-02-27 26168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2010-04-05 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-03 268824]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics; C:\Notes\nsd.exe [2010-08-11 3417480]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-10-02 129640]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2010-03-06 635416]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-07-14 9216]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2010-12-13 1893728]
R2 SNMP;@%SystemRoot%\system32\snmp.exe,-3; C:\Windows\System32\snmp.exe [2009-07-14 47616]
R2 STacSV;@%SystemRoot%\system32\stlang.dll,-10101; C:\Program Files\IDT\WDM\STacSV.exe [2010-11-27 254034]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-12-13 1839776]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service; c:\Windows\system32\vcsFPService.exe [2010-02-18 1664304]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-12-17 230968]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe [2010-12-10 16680]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2010-09-07 3093880]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2010-12-13 357744]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
vicenasobny iexplore.exe + jeho padani
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: vicenasobny iexplore.exe + jeho padani
Zdravim a pekny den preji 
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Spustte HJT a provedeme fixnuti polozek
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Spustte HJT a provedeme fixnuti polozek
- HJT najdete zde C:\Program Files\trend micro\vachez.exe
- Otevre se Vam okno, kliknete na Do a system scan only
- V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\vachez\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Notes Link - - (no file) - Kliknete na Fix checked (vlevo dole)
- HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: vicenasobny iexplore.exe + jeho padani
2x po sobe pri pokusu o spusteni rkill.exe spadnul system - modra obrazovka a restart
Re: vicenasobny iexplore.exe + jeho padani
RKill preskocte a pokracujte HJT a nasledne CF
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: vicenasobny iexplore.exe + jeho padani
HJT a fix vybranych polozek probehl, ale pri Combofix opet spadne do bluescreen a restart.
Re: vicenasobny iexplore.exe + jeho padani
Zkuste ComboFix aplikovat v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: vicenasobny iexplore.exe + jeho padani
take spadnul do bluescreen
Re: vicenasobny iexplore.exe + jeho padani
Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)
- Provedte aktualizaci - treti zalozka
- Provedte uplny sken - nic nemazte
- MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: vicenasobny iexplore.exe + jeho padani
log z mbam
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5537
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
17.1.2011 15:54:10
mbam-log-2011-01-17 (15-54-05).txt
Scan type: Full scan (C:\|)
Objects scanned: 310054
Time elapsed: 56 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> No action taken.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Z30KYPG3WS (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4B00-8578-D933D2896EE2} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> No action taken.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5537
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
17.1.2011 15:54:10
mbam-log-2011-01-17 (15-54-05).txt
Scan type: Full scan (C:\|)
Objects scanned: 310054
Time elapsed: 56 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> No action taken.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Z30KYPG3WS (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4B00-8578-D933D2896EE2} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> No action taken.
Re: vicenasobny iexplore.exe + jeho padani
Vse co nasel MBAM smazte, napiste jak se chova PC...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: vicenasobny iexplore.exe + jeho padani
smazano, u vsech polozek mbam napsal "Quarantined and deleted successfully." a pak chtel restart, ktery jsem provedl.
Re: vicenasobny iexplore.exe + jeho padani
Jedine dobre...Jak se chova PC, zlepsilo se to 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: vicenasobny iexplore.exe + jeho padani
zrychlil se start iexplorer, ale stejne ho vidim v task managerovi 2x i kdyz je pustena jenom 1 instance programu
mbam mel pomoci proti bluescreenu pri spusteni rkill popr. combofix? mam zkusit znovu pustit rkill?
mbam mel pomoci proti bluescreenu pri spusteni rkill popr. combofix? mam zkusit znovu pustit rkill?
Re: vicenasobny iexplore.exe + jeho padani
Zkuste znovu spustit ComboFix, Rkill jiz neni treba...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: vicenasobny iexplore.exe + jeho padani
porad bluescreen i v safe modu
Přispějete na provoz fóra?