svchost mi jede na 100%, pomozte mi prosím někdo.
Logfile of random's system information tool 1.07 (written by random/random)
Run by Jirka at 2010-05-30 18:15:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (12%) free of 13 GB
Total RAM: 703 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:17:34, on 30.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\dev\prog\Apache2\bin\ApacheMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\dev\prog\Apache2\bin\httpd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\dev\prog\Apache2\bin\httpd.exe
C:\dev\prog\mysql50\bin\mysqld-nt.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jirka\Local Settings\Temporary Internet Files\Content.IE5\ZKSAY4AP\RSIT[1].exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Jirka.exe
C:\WINDOWS\system32\HPZinw12.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ig?hl=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: nettir32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\dev\prog\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\dev\prog\Apache2\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL5 - Unknown owner - C:\dev\prog\mysql50\bin\mysqld-nt (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 10258 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-09-13 1312040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"preload"=C:\Windows\RUNXMLPL.exe [2004-04-20 40960]
"ATIPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-11-20 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-11-20 499712]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-11-19 88363]
"AcerNotebookManager"=C:\Program Files\Acer\Notebook Manager\almxptray.exe [2004-03-18 510464]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-02-26 65024]
"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe [2004-01-28 32768]
"PowerKey"=C:\Program Files\Launch Manager\PowerKey.exe [2002-08-30 94208]
"LManager"=C:\Program Files\Launch Manager\HotkeyApp.exe [2004-03-24 45056]
"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe [2004-01-28 184320]
"LMgrOSD"=C:\Program Files\Launch Manager\OSDCtrl.exe [2004-03-30 49152]
"Wbutton"=C:\Program Files\Launch Manager\Wbutton.exe [2004-03-01 65536]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
"Google Update"=C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-10-21 133104]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Monitor Apache Servers.lnk - C:\dev\prog\Apache2\bin\ApacheMonitor.exe
C:\Documents and Settings\Jirka\Nabídka Start\Programy\Po spuštění
nettir32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\WINDOWS\System32\MSIEXEC.EXE"="C:\WINDOWS\System32\MSIEXEC.EXE:*:Enabled:Windows® installer"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\KNDC++\StrongDC.exe"="C:\Program Files\KNDC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Chrome\Application\CHROME.EXE"="C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Chrome\Application\CHROME.EXE:*:Enabled:Google Chrome"
"C:\Documents and Settings\Jirka\Plocha\Terminal.exe"="C:\Documents and Settings\Jirka\Plocha\Terminal.exe:*:Enabled:Terminal"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"
"D:\Hry\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe"="D:\Hry\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun"
"C:\dev\prog\Apache2\bin\httpd.exe"="C:\dev\prog\Apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Lantronix\DeviceInstaller4.2\DeviceInstaller.exe"="C:\Program Files\Lantronix\DeviceInstaller4.2\DeviceInstaller.exe:*:Enabled:DeviceInstaller"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d10659e8-7056-11dc-98d2-000ae45a2106}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - F:\Recycled\ctfmon.exe
======List of files/folders created in the last 1 months======
2010-05-30 18:15:05 ----D---- C:\rsit
2010-05-30 17:48:38 ----D---- C:\WINDOWS\temp
2010-05-30 17:48:36 ----A---- C:\ComboFix.txt
2010-05-30 17:39:53 ----A---- C:\Boot.bak
2010-05-30 17:39:47 ----RASHD---- C:\cmdcons
2010-05-30 17:37:41 ----A---- C:\WINDOWS\zip.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\SWSC.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\SWREG.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\sed.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\PEV.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\MBR.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\grep.exe
2010-05-30 17:37:34 ----D---- C:\WINDOWS\ERDNT
2010-05-30 17:36:38 ----D---- C:\Qoobox
2010-05-30 15:46:58 ----A---- C:\WINDOWS\ModemLog_Standardní modem připojený pomocí technologie Bluetooth.txt
2010-05-23 14:43:50 ----D---- C:\Documents and Settings\Jirka\Data aplikací\Softplicity
2010-05-23 14:43:31 ----D---- C:\Program Files\TotalVectorize
2010-05-18 14:43:29 ----A---- C:\WINDOWS\APDFPRP.INI
2010-05-18 14:42:45 ----D---- C:\Program Files\APDFPRP
2010-05-06 22:25:39 ----D---- C:\Program Files\CR8tracer
2010-05-05 20:00:54 ----D---- C:\Documents and Settings\Jirka\Data aplikací\Youtube Downloader HD
2010-05-05 20:00:40 ----D---- C:\Program Files\Youtube Downloader HD
2010-05-02 20:30:21 ----D---- C:\Documents and Settings\Jirka\Data aplikací\Wireshark
2010-05-02 18:39:24 ----D---- C:\Program Files\WinPcap
2010-05-02 18:38:41 ----D---- C:\Program Files\Wireshark
======List of files/folders modified in the last 1 months======
2010-05-30 18:08:58 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2010-05-30 17:50:38 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-30 17:46:10 ----A---- C:\WINDOWS\system.ini
2010-05-30 17:39:54 ----RASH---- C:\BOOT.INI
2010-05-30 17:33:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-30 15:51:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-27 23:07:54 ----A---- C:\WINDOWS\wincmd.ini
2010-05-27 22:18:30 ----A---- C:\WINDOWS\wcx_ftp.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 acernbm;acernbm; C:\WINDOWS\system32\drivers\acernbm.sys [2004-03-18 6431]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-14 88192]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-20 50704]
R2 osadmi;osadmi; C:\WINDOWS\system32\drivers\osadmi.sys [2004-03-04 4243]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-11-19 1205292]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-04-16 615548]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 atiusbf;atiusbf; C:\WINDOWS\System32\DRIVERS\atiusbf.sys [2004-03-12 6144]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
R3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2004-04-12 6912]
R3 POWERKEY;POWERKEY; \??\C:\Program Files\Launch Manager\POWERKEY.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2004-01-16 69504]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-11-20 178528]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2005-08-10 329072]
S1 mailKmd;mailKmd; C:\WINDOWS\system32\drivers\mailKmd.sys []
S3 a1f3eqwy;a1f3eqwy; C:\WINDOWS\system32\drivers\a1f3eqwy.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-05-21 175360]
S3 BCM43XX;WLAN 802.11g mini-PCI Module Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-07-17 265728]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-14 272896]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-11-13 223128]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2009-02-17 57672]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2009-02-17 72520]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 PRISM;IEEE 802.11 Wireless NIC Driver; C:\WINDOWS\System32\DRIVERS\EXPRESS.sys [2002-11-15 614912]
S3 rtl8180;GIGABYTE GN-WLMR101 Wireless LAN CardBus NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8180.SYS [2003-03-07 151552]
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 TetaSCDevice;TetaSCDevice; \??\C:\WINDOWS\system32\tetascop.SYS []
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2.2;Apache2.2; C:\dev\prog\Apache2\bin\httpd.exe [2010-03-04 24645]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MySQL5;MySQL5; C:\dev\prog\mysql50\bin\mysqld-nt --defaults-file=C:\dev\prog\mysql50\my.ini MySQL5 []
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Svchost na 100% - prosim kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Bitterfeel
- Návštěvník
- Příspěvky: 5
- Registrován: 24 bře 2007 21:51
-
Bitterfeel
- Návštěvník
- Příspěvky: 5
- Registrován: 24 bře 2007 21:51
Re: Svchost na 100% - prosim kontrolu
Já jsem ten Cf udělal, ale pak jsem se dočet, že je dobrý udělat RSIT, tak jsem napřed hodil RSIT.
Asi mám ten scan blbě. Myslím, že jsem nevypl Avast. Mám udělat novej?
ComboFix 10-05-29.05 - Administrator 30.05.2010 17:41:13.1.1 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.703.551 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 100430-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\ayadd.bak1
c:\windows\system32\ayadd.bak2
c:\windows\system32\ayadd.ini
c:\windows\system32\ayadd.ini2
c:\windows\system32\ayadd.tmp
c:\windows\system32\mcrh.tmp
c:\windows\system32\taskmgr.com
c:\windows\system32\vsxyrtoa.ini
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-28 do 2010-05-30 )))))))))))))))))))))))))))))))
.
2010-05-29 20:48 . 2010-05-30 15:33 836 ----a-w- c:\windows\bthservsdp.dat
2010-05-23 12:43 . 2010-05-23 12:43 -------- d-----w- c:\program files\TotalVectorize
2010-05-18 12:42 . 2010-05-18 12:42 -------- d-----w- c:\program files\APDFPRP
2010-05-06 20:25 . 2010-05-06 20:25 -------- d-----w- c:\program files\CR8tracer
2010-05-05 18:00 . 2010-05-05 18:00 -------- d-----w- c:\program files\Youtube Downloader HD
2010-05-02 16:39 . 2010-05-02 16:39 -------- d-----w- c:\program files\WinPcap
2010-05-02 16:38 . 2010-05-02 16:38 -------- d-----w- c:\program files\Wireshark
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 13:51 . 1979-12-31 22:00 68294 ----a-w- c:\windows\system32\perfc005.dat
2010-05-30 13:51 . 1979-12-31 22:00 390854 ----a-w- c:\windows\system32\perfh005.dat
2010-05-29 19:18 . 2006-12-15 09:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 20:30 . 2010-05-06 20:30 120 ----a-w- c:\program files\CR8TRA~1info.cfg
2010-04-27 13:58 . 2010-04-27 13:58 -------- d-----w- c:\program files\Lantronix
2010-04-14 16:25 . 2010-04-14 16:25 -------- d-----w- c:\program files\phpmyadmin
2010-04-14 16:22 . 2010-04-14 16:22 -------- d-----w- c:\program files\php-5.0.1-win
2010-04-14 16:16 . 2010-04-14 16:16 -------- d-----w- c:\program files\Apache Group
2010-04-08 18:48 . 2010-04-08 18:48 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-04-08 18:48 . 2010-04-08 18:48 -------- d-----w- c:\program files\Oberon Media
2010-04-08 06:25 . 2010-04-08 06:25 -------- d-----w- c:\program files\BEL
2010-04-06 16:55 . 2010-04-06 16:55 -------- d-----w- c:\program files\Common Files\Borland Shared
2010-04-06 16:55 . 2010-04-06 16:55 -------- d-----w- c:\program files\Borland
2010-03-17 16:00 . 2006-05-09 16:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-03 17:46 . 2010-04-14 19:14 5648454 ----a-w- c:\windows\system32\php5ts.dll
2009-03-03 19:33 . 2006-10-20 19:38 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-03-03 19:33 . 2006-10-20 19:38 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-03-03 19:33 . 2006-10-20 19:38 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-03-03 19:33 . 2008-09-26 19:24 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-03-03 19:33 . 2008-09-26 19:24 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2004-04-20 40960]
"ATIPTA"="atiptaxx.exe" [2006-02-22 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-11-20 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-20 499712]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 88363]
"AcerNotebookManager"="c:\program files\Acer\Notebook Manager\almxptray.exe" [2004-03-18 510464]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2004-01-28 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2004-03-24 45056]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-03-30 49152]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2004-03-01 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
nettir32.exe [2008-4-14 39936]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
Monitor Apache Servers.lnk - c:\dev\prog\Apache2\bin\ApacheMonitor.exe [2010-3-4 41051]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\System32\\MSIEXEC.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\KNDC++\\StrongDC.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Jirka\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\CHROME.EXE"=
"c:\\Documents and Settings\\Jirka\\Plocha\\Terminal.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"d:\\Hry\\Command & Conquer The First Decade\\Command & Conquer(tm) Tiberian Sun(tm)\\SUN\\Game.exe"=
"c:\\dev\\prog\\Apache2\\bin\\httpd.exe"=
"c:\\Program Files\\Lantronix\\DeviceInstaller4.2\\DeviceInstaller.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7555:TCP"= 7555:TCP:WWW
R3 atiusbf;atiusbf;c:\windows\system32\drivers\atiusbf.sys [19.2.2006 12:06 6144]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.5.2006 18:37 691696]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5.1.2009 22:59 114768]
S1 mailKmd;mailKmd; [x]
S2 acernbm;acernbm;c:\windows\system32\drivers\acernbm.sys [18.3.2004 18:42 6431]
S2 Apache2.2;Apache2.2;c:\dev\prog\Apache2\bin\httpd.exe [4.3.2010 11:27 24645]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.1.2009 22:59 20560]
S2 MySQL5;MySQL5;"c:\dev\prog\mysql50\bin\mysqld-nt" --defaults-file="c:\dev\prog\mysql50\my.ini" MySQL5 --> c:\dev\prog\mysql50\bin\mysqld-nt [?]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
S2 osadmi;osadmi;c:\windows\system32\drivers\osadmi.sys [4.3.2004 19:40 4243]
S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [19.2.2006 12:06 2343]
S3 PRISM;IEEE 802.11 Wireless NIC Driver;c:\windows\system32\drivers\EXPRESS.sys [12.4.2004 11:16 614912]
S3 rtl8180;GIGABYTE GN-WLMR101 Wireless LAN CardBus NIC NT Driver;c:\windows\system32\drivers\rtl8180.sys [28.5.2006 20:44 151552]
S3 TetaSCDevice;TetaSCDevice;\??\c:\windows\system32\tetascop.SYS --> c:\windows\system32\tetascop.SYS [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ylrkcj
.
Obsah adresáře 'Naplánované úlohy'
2006-12-17 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-03-29 15:17]
2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://global.acer.com/
FF - ProfilePath -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-RunOnce-NeroHomeFirstStart - c:\program files\Common Files\Ahead\Lib\NMFirstStart.exe
AddRemove-Indeo® Software - c:\program files\Ligos\Indeo\Uninst.isu
AddRemove-2kv4.8.442 - c:\windows\Radeon Omega Drivers v4.8.442
AddRemove-Toxic Biohazard - c:\program files\Image-Line\Toxic Biohazard\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 17:46
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\dev\prog\mysql50\bin\mysqld-nt\" --defaults-file=\"c:\dev\prog\mysql50\my.ini\" MySQL5"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(452)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-05-30 17:48:36
ComboFix-quarantined-files.txt 2010-05-30 15:48
Před spuštěním: 1 270 784 000
Po spuštění: 1 638 146 048
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 45455A4726D50A93BF5C12086493DC70
Asi mám ten scan blbě. Myslím, že jsem nevypl Avast. Mám udělat novej?
ComboFix 10-05-29.05 - Administrator 30.05.2010 17:41:13.1.1 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.703.551 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 100430-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\ayadd.bak1
c:\windows\system32\ayadd.bak2
c:\windows\system32\ayadd.ini
c:\windows\system32\ayadd.ini2
c:\windows\system32\ayadd.tmp
c:\windows\system32\mcrh.tmp
c:\windows\system32\taskmgr.com
c:\windows\system32\vsxyrtoa.ini
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-28 do 2010-05-30 )))))))))))))))))))))))))))))))
.
2010-05-29 20:48 . 2010-05-30 15:33 836 ----a-w- c:\windows\bthservsdp.dat
2010-05-23 12:43 . 2010-05-23 12:43 -------- d-----w- c:\program files\TotalVectorize
2010-05-18 12:42 . 2010-05-18 12:42 -------- d-----w- c:\program files\APDFPRP
2010-05-06 20:25 . 2010-05-06 20:25 -------- d-----w- c:\program files\CR8tracer
2010-05-05 18:00 . 2010-05-05 18:00 -------- d-----w- c:\program files\Youtube Downloader HD
2010-05-02 16:39 . 2010-05-02 16:39 -------- d-----w- c:\program files\WinPcap
2010-05-02 16:38 . 2010-05-02 16:38 -------- d-----w- c:\program files\Wireshark
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 13:51 . 1979-12-31 22:00 68294 ----a-w- c:\windows\system32\perfc005.dat
2010-05-30 13:51 . 1979-12-31 22:00 390854 ----a-w- c:\windows\system32\perfh005.dat
2010-05-29 19:18 . 2006-12-15 09:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 20:30 . 2010-05-06 20:30 120 ----a-w- c:\program files\CR8TRA~1info.cfg
2010-04-27 13:58 . 2010-04-27 13:58 -------- d-----w- c:\program files\Lantronix
2010-04-14 16:25 . 2010-04-14 16:25 -------- d-----w- c:\program files\phpmyadmin
2010-04-14 16:22 . 2010-04-14 16:22 -------- d-----w- c:\program files\php-5.0.1-win
2010-04-14 16:16 . 2010-04-14 16:16 -------- d-----w- c:\program files\Apache Group
2010-04-08 18:48 . 2010-04-08 18:48 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-04-08 18:48 . 2010-04-08 18:48 -------- d-----w- c:\program files\Oberon Media
2010-04-08 06:25 . 2010-04-08 06:25 -------- d-----w- c:\program files\BEL
2010-04-06 16:55 . 2010-04-06 16:55 -------- d-----w- c:\program files\Common Files\Borland Shared
2010-04-06 16:55 . 2010-04-06 16:55 -------- d-----w- c:\program files\Borland
2010-03-17 16:00 . 2006-05-09 16:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-03 17:46 . 2010-04-14 19:14 5648454 ----a-w- c:\windows\system32\php5ts.dll
2009-03-03 19:33 . 2006-10-20 19:38 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-03-03 19:33 . 2006-10-20 19:38 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-03-03 19:33 . 2006-10-20 19:38 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-03-03 19:33 . 2008-09-26 19:24 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-03-03 19:33 . 2008-09-26 19:24 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2004-04-20 40960]
"ATIPTA"="atiptaxx.exe" [2006-02-22 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-11-20 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-20 499712]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 88363]
"AcerNotebookManager"="c:\program files\Acer\Notebook Manager\almxptray.exe" [2004-03-18 510464]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2004-01-28 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2004-03-24 45056]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-03-30 49152]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2004-03-01 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
nettir32.exe [2008-4-14 39936]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
Monitor Apache Servers.lnk - c:\dev\prog\Apache2\bin\ApacheMonitor.exe [2010-3-4 41051]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\System32\\MSIEXEC.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\KNDC++\\StrongDC.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Jirka\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\CHROME.EXE"=
"c:\\Documents and Settings\\Jirka\\Plocha\\Terminal.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"d:\\Hry\\Command & Conquer The First Decade\\Command & Conquer(tm) Tiberian Sun(tm)\\SUN\\Game.exe"=
"c:\\dev\\prog\\Apache2\\bin\\httpd.exe"=
"c:\\Program Files\\Lantronix\\DeviceInstaller4.2\\DeviceInstaller.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7555:TCP"= 7555:TCP:WWW
R3 atiusbf;atiusbf;c:\windows\system32\drivers\atiusbf.sys [19.2.2006 12:06 6144]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.5.2006 18:37 691696]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5.1.2009 22:59 114768]
S1 mailKmd;mailKmd; [x]
S2 acernbm;acernbm;c:\windows\system32\drivers\acernbm.sys [18.3.2004 18:42 6431]
S2 Apache2.2;Apache2.2;c:\dev\prog\Apache2\bin\httpd.exe [4.3.2010 11:27 24645]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.1.2009 22:59 20560]
S2 MySQL5;MySQL5;"c:\dev\prog\mysql50\bin\mysqld-nt" --defaults-file="c:\dev\prog\mysql50\my.ini" MySQL5 --> c:\dev\prog\mysql50\bin\mysqld-nt [?]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
S2 osadmi;osadmi;c:\windows\system32\drivers\osadmi.sys [4.3.2004 19:40 4243]
S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [19.2.2006 12:06 2343]
S3 PRISM;IEEE 802.11 Wireless NIC Driver;c:\windows\system32\drivers\EXPRESS.sys [12.4.2004 11:16 614912]
S3 rtl8180;GIGABYTE GN-WLMR101 Wireless LAN CardBus NIC NT Driver;c:\windows\system32\drivers\rtl8180.sys [28.5.2006 20:44 151552]
S3 TetaSCDevice;TetaSCDevice;\??\c:\windows\system32\tetascop.SYS --> c:\windows\system32\tetascop.SYS [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ylrkcj
.
Obsah adresáře 'Naplánované úlohy'
2006-12-17 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-03-29 15:17]
2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://global.acer.com/
FF - ProfilePath -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-RunOnce-NeroHomeFirstStart - c:\program files\Common Files\Ahead\Lib\NMFirstStart.exe
AddRemove-Indeo® Software - c:\program files\Ligos\Indeo\Uninst.isu
AddRemove-2kv4.8.442 - c:\windows\Radeon Omega Drivers v4.8.442
AddRemove-Toxic Biohazard - c:\program files\Image-Line\Toxic Biohazard\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 17:46
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\dev\prog\mysql50\bin\mysqld-nt\" --defaults-file=\"c:\dev\prog\mysql50\my.ini\" MySQL5"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(452)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-05-30 17:48:36
ComboFix-quarantined-files.txt 2010-05-30 15:48
Před spuštěním: 1 270 784 000
Po spuštění: 1 638 146 048
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 45455A4726D50A93BF5C12086493DC70
-
Bitterfeel
- Návštěvník
- Příspěvky: 5
- Registrován: 24 bře 2007 21:51
Re: Svchost na 100% - prosim kontrolu
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.30.00 2010.05.29 -
AntiVir 8.2.1.242 2010.05.28 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.29 -
Avast 4.8.1351.0 2010.05.30 -
Avast5 5.0.332.0 2010.05.30 -
AVG 9.0.0.787 2010.05.30 -
BitDefender 7.2 2010.05.30 -
CAT-QuickHeal 10.00 2010.05.29 -
ClamAV 0.96.0.3-git 2010.05.30 -
Comodo 4956 2010.05.30 -
DrWeb 5.0.2.03300 2010.05.30 -
eSafe 7.0.17.0 2010.05.30 -
eTrust-Vet 35.2.7519 2010.05.29 -
F-Prot 4.6.0.103 2010.05.29 -
F-Secure 9.0.15370.0 2010.05.30 -
Fortinet 4.1.133.0 2010.05.30 -
GData 21 2010.05.30 -
Ikarus T3.1.1.84.0 2010.05.30 -
Jiangmin 13.0.900 2010.05.30 -
Kaspersky 7.0.0.125 2010.05.30 -
McAfee 5.400.0.1158 2010.05.30 -
McAfee-GW-Edition 2010.1 2010.05.30 -
Microsoft 1.5802 2010.05.30 -
NOD32 5155 2010.05.30 -
Norman 6.04.12 2010.05.30 -
nProtect 2010-05-30.01 2010.05.30 -
Panda 10.0.2.7 2010.05.30 -
PCTools 7.0.3.5 2010.05.30 -
Prevx 3.0 2010.05.30 -
Rising 22.49.06.04 2010.05.30 -
Sophos 4.53.0 2010.05.30 -
Sunbelt 6377 2010.05.30 -
Symantec 20101.1.0.89 2010.05.30 -
TheHacker 6.5.2.0.290 2010.05.30 -
TrendMicro 9.120.0.1004 2010.05.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.30 -
VBA32 3.12.12.5 2010.05.29 -
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.30 -
F: je virtuální CD-ROM
Ten port nemám otevřený schválně.
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.30.00 2010.05.29 -
AntiVir 8.2.1.242 2010.05.28 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.29 -
Avast 4.8.1351.0 2010.05.30 -
Avast5 5.0.332.0 2010.05.30 -
AVG 9.0.0.787 2010.05.30 -
BitDefender 7.2 2010.05.30 -
CAT-QuickHeal 10.00 2010.05.29 -
ClamAV 0.96.0.3-git 2010.05.30 -
Comodo 4956 2010.05.30 -
DrWeb 5.0.2.03300 2010.05.30 -
eSafe 7.0.17.0 2010.05.30 -
eTrust-Vet 35.2.7519 2010.05.29 -
F-Prot 4.6.0.103 2010.05.29 -
F-Secure 9.0.15370.0 2010.05.30 -
Fortinet 4.1.133.0 2010.05.30 -
GData 21 2010.05.30 -
Ikarus T3.1.1.84.0 2010.05.30 -
Jiangmin 13.0.900 2010.05.30 -
Kaspersky 7.0.0.125 2010.05.30 -
McAfee 5.400.0.1158 2010.05.30 -
McAfee-GW-Edition 2010.1 2010.05.30 -
Microsoft 1.5802 2010.05.30 -
NOD32 5155 2010.05.30 -
Norman 6.04.12 2010.05.30 -
nProtect 2010-05-30.01 2010.05.30 -
Panda 10.0.2.7 2010.05.30 -
PCTools 7.0.3.5 2010.05.30 -
Prevx 3.0 2010.05.30 -
Rising 22.49.06.04 2010.05.30 -
Sophos 4.53.0 2010.05.30 -
Sunbelt 6377 2010.05.30 -
Symantec 20101.1.0.89 2010.05.30 -
TheHacker 6.5.2.0.290 2010.05.30 -
TrendMicro 9.120.0.1004 2010.05.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.30 -
VBA32 3.12.12.5 2010.05.29 -
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.30 -
F: je virtuální CD-ROM
Ten port nemám otevřený schválně.
-
Bitterfeel
- Návštěvník
- Příspěvky: 5
- Registrován: 24 bře 2007 21:51
Re: Svchost na 100% - prosim kontrolu
ComboFix 10-05-29.05 - Jirka 30.05.2010 19:28:22.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.703.329 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 100430-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\nettir32.exe"
"f:\recycled\ctfmon.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\nettir32.exe
L:\Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-28 do 2010-05-30 )))))))))))))))))))))))))))))))
.
2010-05-30 16:15 . 2010-05-30 16:15 -------- d-----w- C:\rsit
2010-05-29 20:48 . 2010-05-30 17:37 836 ----a-w- c:\windows\bthservsdp.dat
2010-05-23 12:43 . 2010-05-23 12:43 -------- d-----w- c:\program files\TotalVectorize
2010-05-18 12:42 . 2010-05-18 12:42 -------- d-----w- c:\program files\APDFPRP
2010-05-06 20:25 . 2010-05-06 20:25 -------- d-----w- c:\program files\CR8tracer
2010-05-05 18:00 . 2010-05-05 18:00 -------- d-----w- c:\program files\Youtube Downloader HD
2010-05-02 16:39 . 2010-05-02 16:39 -------- d-----w- c:\program files\WinPcap
2010-05-02 16:38 . 2010-05-02 16:38 -------- d-----w- c:\program files\Wireshark
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 13:51 . 1979-12-31 22:00 68294 ----a-w- c:\windows\system32\perfc005.dat
2010-05-30 13:51 . 1979-12-31 22:00 390854 ----a-w- c:\windows\system32\perfh005.dat
2010-05-29 19:18 . 2006-12-15 09:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 20:30 . 2010-05-06 20:30 120 ----a-w- c:\program files\CR8TRA~1info.cfg
2010-04-27 13:58 . 2010-04-27 13:58 -------- d-----w- c:\program files\Lantronix
2010-04-14 16:25 . 2010-04-14 16:25 -------- d-----w- c:\program files\phpmyadmin
2010-04-14 16:22 . 2010-04-14 16:22 -------- d-----w- c:\program files\php-5.0.1-win
2010-04-14 16:16 . 2010-04-14 16:16 -------- d-----w- c:\program files\Apache Group
2010-04-08 18:48 . 2010-04-08 18:48 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-04-08 18:48 . 2010-04-08 18:48 -------- d-----w- c:\program files\Oberon Media
2010-04-08 06:25 . 2010-04-08 06:25 -------- d-----w- c:\program files\BEL
2010-04-06 16:55 . 2010-04-06 16:55 -------- d-----w- c:\program files\Common Files\Borland Shared
2010-04-06 16:55 . 2010-04-06 16:55 -------- d-----w- c:\program files\Borland
2010-03-17 16:00 . 2006-05-09 16:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-03 17:46 . 2010-04-14 19:14 5648454 ----a-w- c:\windows\system32\php5ts.dll
2009-03-03 19:33 . 2006-10-20 19:38 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-03-03 19:33 . 2006-10-20 19:38 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-03-03 19:33 . 2006-10-20 19:38 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-03-03 19:33 . 2008-09-26 19:24 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-03-03 19:33 . 2008-09-26 19:24 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Jirka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-10-21 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2004-04-20 40960]
"ATIPTA"="atiptaxx.exe" [2006-02-22 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-11-20 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-20 499712]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 88363]
"AcerNotebookManager"="c:\program files\Acer\Notebook Manager\almxptray.exe" [2004-03-18 510464]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2004-01-28 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2004-03-24 45056]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-03-30 49152]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2004-03-01 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
Monitor Apache Servers.lnk - c:\dev\prog\Apache2\bin\ApacheMonitor.exe [2010-3-4 41051]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\System32\\MSIEXEC.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\KNDC++\\StrongDC.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Jirka\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\CHROME.EXE"=
"c:\\Documents and Settings\\Jirka\\Plocha\\Terminal.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"d:\\Hry\\Command & Conquer The First Decade\\Command & Conquer(tm) Tiberian Sun(tm)\\SUN\\Game.exe"=
"c:\\dev\\prog\\Apache2\\bin\\httpd.exe"=
"c:\\Program Files\\Lantronix\\DeviceInstaller4.2\\DeviceInstaller.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.5.2006 18:37 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5.1.2009 22:59 114768]
R2 acernbm;acernbm;c:\windows\system32\drivers\acernbm.sys [18.3.2004 18:42 6431]
R2 Apache2.2;Apache2.2;c:\dev\prog\Apache2\bin\httpd.exe [4.3.2010 11:27 24645]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.1.2009 22:59 20560]
R2 MySQL5;MySQL5;"c:\dev\prog\mysql50\bin\mysqld-nt" --defaults-file="c:\dev\prog\mysql50\my.ini" MySQL5 --> c:\dev\prog\mysql50\bin\mysqld-nt [?]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
R2 osadmi;osadmi;c:\windows\system32\drivers\osadmi.sys [4.3.2004 19:40 4243]
R3 atiusbf;atiusbf;c:\windows\system32\drivers\atiusbf.sys [19.2.2006 12:06 6144]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [19.2.2006 12:06 2343]
S1 mailKmd;mailKmd; [x]
S3 PRISM;IEEE 802.11 Wireless NIC Driver;c:\windows\system32\drivers\EXPRESS.sys [12.4.2004 11:16 614912]
S3 rtl8180;GIGABYTE GN-WLMR101 Wireless LAN CardBus NIC NT Driver;c:\windows\system32\drivers\rtl8180.sys [28.5.2006 20:44 151552]
S3 TetaSCDevice;TetaSCDevice;\??\c:\windows\system32\tetascop.SYS --> c:\windows\system32\tetascop.SYS [?]
.
Obsah adresáře 'Naplánované úlohy'
2006-12-17 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-03-29 15:17]
2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/ig?hl=cs
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\mhyxwnld.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 19:46
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sphy.sys >>UNKNOWN [0x83788938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8045f28
\Driver\ACPI -> ACPI.sys @ 0xf7e0dcb8
\Driver\atapi -> atapi.sys @ 0xf7daab40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
NDIS: Bluetooth Device (Personal Area Network) -> SendCompleteHandler -> NDIS.sys @ 0xf7cd7bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7cc6a0d
SendHandler -> NDIS.sys @ 0xf7cdab40
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\dev\prog\mysql50\bin\mysqld-nt\" --defaults-file=\"c:\dev\prog\mysql50\my.ini\" MySQL5"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(944)
c:\windows\system32\ieframe.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\dev\prog\mysql50\bin\mysqld-nt.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\HPZinw12.exe
.
**************************************************************************
.
Celkový čas: 2010-05-30 19:50:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-30 17:50
ComboFix2.txt 2010-05-30 15:48
Před spuštěním: 1 559 453 696
Po spuštění: 1 524 457 472
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 8AC067ADFD53C8C26B6649C037A3C92A
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.703.329 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 100430-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\nettir32.exe"
"f:\recycled\ctfmon.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\nettir32.exe
L:\Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-28 do 2010-05-30 )))))))))))))))))))))))))))))))
.
2010-05-30 16:15 . 2010-05-30 16:15 -------- d-----w- C:\rsit
2010-05-29 20:48 . 2010-05-30 17:37 836 ----a-w- c:\windows\bthservsdp.dat
2010-05-23 12:43 . 2010-05-23 12:43 -------- d-----w- c:\program files\TotalVectorize
2010-05-18 12:42 . 2010-05-18 12:42 -------- d-----w- c:\program files\APDFPRP
2010-05-06 20:25 . 2010-05-06 20:25 -------- d-----w- c:\program files\CR8tracer
2010-05-05 18:00 . 2010-05-05 18:00 -------- d-----w- c:\program files\Youtube Downloader HD
2010-05-02 16:39 . 2010-05-02 16:39 -------- d-----w- c:\program files\WinPcap
2010-05-02 16:38 . 2010-05-02 16:38 -------- d-----w- c:\program files\Wireshark
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 13:51 . 1979-12-31 22:00 68294 ----a-w- c:\windows\system32\perfc005.dat
2010-05-30 13:51 . 1979-12-31 22:00 390854 ----a-w- c:\windows\system32\perfh005.dat
2010-05-29 19:18 . 2006-12-15 09:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 20:30 . 2010-05-06 20:30 120 ----a-w- c:\program files\CR8TRA~1info.cfg
2010-04-27 13:58 . 2010-04-27 13:58 -------- d-----w- c:\program files\Lantronix
2010-04-14 16:25 . 2010-04-14 16:25 -------- d-----w- c:\program files\phpmyadmin
2010-04-14 16:22 . 2010-04-14 16:22 -------- d-----w- c:\program files\php-5.0.1-win
2010-04-14 16:16 . 2010-04-14 16:16 -------- d-----w- c:\program files\Apache Group
2010-04-08 18:48 . 2010-04-08 18:48 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-04-08 18:48 . 2010-04-08 18:48 -------- d-----w- c:\program files\Oberon Media
2010-04-08 06:25 . 2010-04-08 06:25 -------- d-----w- c:\program files\BEL
2010-04-06 16:55 . 2010-04-06 16:55 -------- d-----w- c:\program files\Common Files\Borland Shared
2010-04-06 16:55 . 2010-04-06 16:55 -------- d-----w- c:\program files\Borland
2010-03-17 16:00 . 2006-05-09 16:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-03 17:46 . 2010-04-14 19:14 5648454 ----a-w- c:\windows\system32\php5ts.dll
2009-03-03 19:33 . 2006-10-20 19:38 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-03-03 19:33 . 2006-10-20 19:38 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-03-03 19:33 . 2006-10-20 19:38 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-03-03 19:33 . 2008-09-26 19:24 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-03-03 19:33 . 2008-09-26 19:24 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Jirka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-10-21 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2004-04-20 40960]
"ATIPTA"="atiptaxx.exe" [2006-02-22 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-11-20 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-20 499712]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 88363]
"AcerNotebookManager"="c:\program files\Acer\Notebook Manager\almxptray.exe" [2004-03-18 510464]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2004-01-28 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2004-03-24 45056]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-03-30 49152]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2004-03-01 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
Monitor Apache Servers.lnk - c:\dev\prog\Apache2\bin\ApacheMonitor.exe [2010-3-4 41051]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\System32\\MSIEXEC.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\KNDC++\\StrongDC.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Jirka\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\CHROME.EXE"=
"c:\\Documents and Settings\\Jirka\\Plocha\\Terminal.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"d:\\Hry\\Command & Conquer The First Decade\\Command & Conquer(tm) Tiberian Sun(tm)\\SUN\\Game.exe"=
"c:\\dev\\prog\\Apache2\\bin\\httpd.exe"=
"c:\\Program Files\\Lantronix\\DeviceInstaller4.2\\DeviceInstaller.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.5.2006 18:37 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5.1.2009 22:59 114768]
R2 acernbm;acernbm;c:\windows\system32\drivers\acernbm.sys [18.3.2004 18:42 6431]
R2 Apache2.2;Apache2.2;c:\dev\prog\Apache2\bin\httpd.exe [4.3.2010 11:27 24645]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.1.2009 22:59 20560]
R2 MySQL5;MySQL5;"c:\dev\prog\mysql50\bin\mysqld-nt" --defaults-file="c:\dev\prog\mysql50\my.ini" MySQL5 --> c:\dev\prog\mysql50\bin\mysqld-nt [?]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
R2 osadmi;osadmi;c:\windows\system32\drivers\osadmi.sys [4.3.2004 19:40 4243]
R3 atiusbf;atiusbf;c:\windows\system32\drivers\atiusbf.sys [19.2.2006 12:06 6144]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [19.2.2006 12:06 2343]
S1 mailKmd;mailKmd; [x]
S3 PRISM;IEEE 802.11 Wireless NIC Driver;c:\windows\system32\drivers\EXPRESS.sys [12.4.2004 11:16 614912]
S3 rtl8180;GIGABYTE GN-WLMR101 Wireless LAN CardBus NIC NT Driver;c:\windows\system32\drivers\rtl8180.sys [28.5.2006 20:44 151552]
S3 TetaSCDevice;TetaSCDevice;\??\c:\windows\system32\tetascop.SYS --> c:\windows\system32\tetascop.SYS [?]
.
Obsah adresáře 'Naplánované úlohy'
2006-12-17 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-03-29 15:17]
2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/ig?hl=cs
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\mhyxwnld.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 19:46
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sphy.sys >>UNKNOWN [0x83788938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8045f28
\Driver\ACPI -> ACPI.sys @ 0xf7e0dcb8
\Driver\atapi -> atapi.sys @ 0xf7daab40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
NDIS: Bluetooth Device (Personal Area Network) -> SendCompleteHandler -> NDIS.sys @ 0xf7cd7bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7cc6a0d
SendHandler -> NDIS.sys @ 0xf7cdab40
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\dev\prog\mysql50\bin\mysqld-nt\" --defaults-file=\"c:\dev\prog\mysql50\my.ini\" MySQL5"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(944)
c:\windows\system32\ieframe.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\dev\prog\mysql50\bin\mysqld-nt.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\HPZinw12.exe
.
**************************************************************************
.
Celkový čas: 2010-05-30 19:50:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-30 17:50
ComboFix2.txt 2010-05-30 15:48
Před spuštěním: 1 559 453 696
Po spuštění: 1 524 457 472
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 8AC067ADFD53C8C26B6649C037A3C92A
-
Bitterfeel
- Návštěvník
- Příspěvky: 5
- Registrován: 24 bře 2007 21:51
Re: Svchost na 100% - prosim kontrolu
Vytížení kleslo. Díky za dnešek 
Logfile of random's system information tool 1.07 (written by random/random)
Run by Jirka at 2010-05-30 20:19:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (11%) free of 13 GB
Total RAM: 703 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:19:22, on 30.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\dev\prog\Apache2\bin\httpd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\dev\prog\Apache2\bin\ApacheMonitor.exe
C:\dev\prog\Apache2\bin\httpd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\dev\prog\mysql50\bin\mysqld-nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Documents and Settings\Jirka\Plocha\RSIT.exe
C:\Program Files\trend micro\Jirka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ig?hl=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\dev\prog\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\dev\prog\Apache2\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL5 - Unknown owner - C:\dev\prog\mysql50\bin\mysqld-nt (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 9641 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-09-13 1312040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"preload"=C:\Windows\RUNXMLPL.exe [2004-04-20 40960]
"ATIPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-11-20 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-11-20 499712]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-11-19 88363]
"AcerNotebookManager"=C:\Program Files\Acer\Notebook Manager\almxptray.exe [2004-03-18 510464]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-02-26 65024]
"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe [2004-01-28 32768]
"PowerKey"=C:\Program Files\Launch Manager\PowerKey.exe [2002-08-30 94208]
"LManager"=C:\Program Files\Launch Manager\HotkeyApp.exe [2004-03-24 45056]
"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe [2004-01-28 184320]
"LMgrOSD"=C:\Program Files\Launch Manager\OSDCtrl.exe [2004-03-30 49152]
"Wbutton"=C:\Program Files\Launch Manager\Wbutton.exe [2004-03-01 65536]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-10-21 133104]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Monitor Apache Servers.lnk - C:\dev\prog\Apache2\bin\ApacheMonitor.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\WINDOWS\System32\MSIEXEC.EXE"="C:\WINDOWS\System32\MSIEXEC.EXE:*:Enabled:Windows® installer"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\KNDC++\StrongDC.exe"="C:\Program Files\KNDC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Chrome\Application\CHROME.EXE"="C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Chrome\Application\CHROME.EXE:*:Enabled:Google Chrome"
"C:\Documents and Settings\Jirka\Plocha\Terminal.exe"="C:\Documents and Settings\Jirka\Plocha\Terminal.exe:*:Enabled:Terminal"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"
"D:\Hry\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe"="D:\Hry\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun"
"C:\dev\prog\Apache2\bin\httpd.exe"="C:\dev\prog\Apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Lantronix\DeviceInstaller4.2\DeviceInstaller.exe"="C:\Program Files\Lantronix\DeviceInstaller4.2\DeviceInstaller.exe:*:Enabled:DeviceInstaller"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-05-30 19:50:47 ----A---- C:\ComboFix.txt
2010-05-30 19:21:09 ----D---- C:\ComboFix
2010-05-30 18:15:05 ----D---- C:\rsit
2010-05-30 17:48:38 ----D---- C:\WINDOWS\temp
2010-05-30 17:39:53 ----A---- C:\Boot.bak
2010-05-30 17:39:47 ----RASHD---- C:\cmdcons
2010-05-30 17:37:41 ----A---- C:\WINDOWS\zip.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\SWSC.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\SWREG.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\sed.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\PEV.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\MBR.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\grep.exe
2010-05-30 17:37:34 ----D---- C:\WINDOWS\ERDNT
2010-05-30 17:36:38 ----AD---- C:\Qoobox
2010-05-30 15:46:58 ----A---- C:\WINDOWS\ModemLog_Standardní modem připojený pomocí technologie Bluetooth.txt
2010-05-23 14:43:50 ----D---- C:\Documents and Settings\Jirka\Data aplikací\Softplicity
2010-05-23 14:43:31 ----D---- C:\Program Files\TotalVectorize
2010-05-18 14:43:29 ----A---- C:\WINDOWS\APDFPRP.INI
2010-05-18 14:42:45 ----D---- C:\Program Files\APDFPRP
2010-05-06 22:25:39 ----D---- C:\Program Files\CR8tracer
2010-05-05 20:00:54 ----D---- C:\Documents and Settings\Jirka\Data aplikací\Youtube Downloader HD
2010-05-05 20:00:40 ----D---- C:\Program Files\Youtube Downloader HD
2010-05-02 20:30:21 ----D---- C:\Documents and Settings\Jirka\Data aplikací\Wireshark
2010-05-02 18:39:24 ----D---- C:\Program Files\WinPcap
2010-05-02 18:38:41 ----D---- C:\Program Files\Wireshark
======List of files/folders modified in the last 1 months======
2010-05-30 19:45:36 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2010-05-30 19:44:22 ----A---- C:\WINDOWS\system.ini
2010-05-30 19:26:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-30 17:50:38 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-30 17:39:54 ----RASH---- C:\BOOT.INI
2010-05-30 15:51:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-27 23:07:54 ----A---- C:\WINDOWS\wincmd.ini
2010-05-27 22:18:30 ----A---- C:\WINDOWS\wcx_ftp.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 acernbm;acernbm; C:\WINDOWS\system32\drivers\acernbm.sys [2004-03-18 6431]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-14 88192]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-20 50704]
R2 osadmi;osadmi; C:\WINDOWS\system32\drivers\osadmi.sys [2004-03-04 4243]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-11-19 1205292]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-04-16 615548]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 atiusbf;atiusbf; C:\WINDOWS\System32\DRIVERS\atiusbf.sys [2004-03-12 6144]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
R3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2004-04-12 6912]
R3 POWERKEY;POWERKEY; \??\C:\Program Files\Launch Manager\POWERKEY.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2004-01-16 69504]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-11-20 178528]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2005-08-10 329072]
S1 mailKmd;mailKmd; C:\WINDOWS\system32\drivers\mailKmd.sys []
S3 ad3piotd;ad3piotd; C:\WINDOWS\system32\drivers\ad3piotd.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-05-21 175360]
S3 BCM43XX;WLAN 802.11g mini-PCI Module Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-07-17 265728]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-14 272896]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-11-13 223128]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2009-02-17 57672]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2009-02-17 72520]
S3 mbr;mbr; \??\C:\DOCUME~1\Jirka\LOCALS~1\Temp\mbr.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 PRISM;IEEE 802.11 Wireless NIC Driver; C:\WINDOWS\System32\DRIVERS\EXPRESS.sys [2002-11-15 614912]
S3 rtl8180;GIGABYTE GN-WLMR101 Wireless LAN CardBus NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8180.SYS [2003-03-07 151552]
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 TetaSCDevice;TetaSCDevice; \??\C:\WINDOWS\system32\tetascop.SYS []
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2.2;Apache2.2; C:\dev\prog\Apache2\bin\httpd.exe [2010-03-04 24645]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MySQL5;MySQL5; C:\dev\prog\mysql50\bin\mysqld-nt --defaults-file=C:\dev\prog\mysql50\my.ini MySQL5 []
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
Logfile of random's system information tool 1.07 (written by random/random)
Run by Jirka at 2010-05-30 20:19:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (11%) free of 13 GB
Total RAM: 703 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:19:22, on 30.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\dev\prog\Apache2\bin\httpd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\dev\prog\Apache2\bin\ApacheMonitor.exe
C:\dev\prog\Apache2\bin\httpd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\dev\prog\mysql50\bin\mysqld-nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Documents and Settings\Jirka\Plocha\RSIT.exe
C:\Program Files\trend micro\Jirka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ig?hl=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\dev\prog\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\dev\prog\Apache2\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL5 - Unknown owner - C:\dev\prog\mysql50\bin\mysqld-nt (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 9641 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-09-13 1312040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"preload"=C:\Windows\RUNXMLPL.exe [2004-04-20 40960]
"ATIPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-11-20 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-11-20 499712]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-11-19 88363]
"AcerNotebookManager"=C:\Program Files\Acer\Notebook Manager\almxptray.exe [2004-03-18 510464]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-02-26 65024]
"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe [2004-01-28 32768]
"PowerKey"=C:\Program Files\Launch Manager\PowerKey.exe [2002-08-30 94208]
"LManager"=C:\Program Files\Launch Manager\HotkeyApp.exe [2004-03-24 45056]
"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe [2004-01-28 184320]
"LMgrOSD"=C:\Program Files\Launch Manager\OSDCtrl.exe [2004-03-30 49152]
"Wbutton"=C:\Program Files\Launch Manager\Wbutton.exe [2004-03-01 65536]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-10-21 133104]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Monitor Apache Servers.lnk - C:\dev\prog\Apache2\bin\ApacheMonitor.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\WINDOWS\System32\MSIEXEC.EXE"="C:\WINDOWS\System32\MSIEXEC.EXE:*:Enabled:Windows® installer"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\KNDC++\StrongDC.exe"="C:\Program Files\KNDC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Chrome\Application\CHROME.EXE"="C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Google\Chrome\Application\CHROME.EXE:*:Enabled:Google Chrome"
"C:\Documents and Settings\Jirka\Plocha\Terminal.exe"="C:\Documents and Settings\Jirka\Plocha\Terminal.exe:*:Enabled:Terminal"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"
"D:\Hry\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe"="D:\Hry\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun"
"C:\dev\prog\Apache2\bin\httpd.exe"="C:\dev\prog\Apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Lantronix\DeviceInstaller4.2\DeviceInstaller.exe"="C:\Program Files\Lantronix\DeviceInstaller4.2\DeviceInstaller.exe:*:Enabled:DeviceInstaller"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-05-30 19:50:47 ----A---- C:\ComboFix.txt
2010-05-30 19:21:09 ----D---- C:\ComboFix
2010-05-30 18:15:05 ----D---- C:\rsit
2010-05-30 17:48:38 ----D---- C:\WINDOWS\temp
2010-05-30 17:39:53 ----A---- C:\Boot.bak
2010-05-30 17:39:47 ----RASHD---- C:\cmdcons
2010-05-30 17:37:41 ----A---- C:\WINDOWS\zip.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\SWSC.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\SWREG.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\sed.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\PEV.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\MBR.exe
2010-05-30 17:37:41 ----A---- C:\WINDOWS\grep.exe
2010-05-30 17:37:34 ----D---- C:\WINDOWS\ERDNT
2010-05-30 17:36:38 ----AD---- C:\Qoobox
2010-05-30 15:46:58 ----A---- C:\WINDOWS\ModemLog_Standardní modem připojený pomocí technologie Bluetooth.txt
2010-05-23 14:43:50 ----D---- C:\Documents and Settings\Jirka\Data aplikací\Softplicity
2010-05-23 14:43:31 ----D---- C:\Program Files\TotalVectorize
2010-05-18 14:43:29 ----A---- C:\WINDOWS\APDFPRP.INI
2010-05-18 14:42:45 ----D---- C:\Program Files\APDFPRP
2010-05-06 22:25:39 ----D---- C:\Program Files\CR8tracer
2010-05-05 20:00:54 ----D---- C:\Documents and Settings\Jirka\Data aplikací\Youtube Downloader HD
2010-05-05 20:00:40 ----D---- C:\Program Files\Youtube Downloader HD
2010-05-02 20:30:21 ----D---- C:\Documents and Settings\Jirka\Data aplikací\Wireshark
2010-05-02 18:39:24 ----D---- C:\Program Files\WinPcap
2010-05-02 18:38:41 ----D---- C:\Program Files\Wireshark
======List of files/folders modified in the last 1 months======
2010-05-30 19:45:36 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2010-05-30 19:44:22 ----A---- C:\WINDOWS\system.ini
2010-05-30 19:26:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-30 17:50:38 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-30 17:39:54 ----RASH---- C:\BOOT.INI
2010-05-30 15:51:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-27 23:07:54 ----A---- C:\WINDOWS\wincmd.ini
2010-05-27 22:18:30 ----A---- C:\WINDOWS\wcx_ftp.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 acernbm;acernbm; C:\WINDOWS\system32\drivers\acernbm.sys [2004-03-18 6431]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-14 88192]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-20 50704]
R2 osadmi;osadmi; C:\WINDOWS\system32\drivers\osadmi.sys [2004-03-04 4243]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-11-19 1205292]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-04-16 615548]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 atiusbf;atiusbf; C:\WINDOWS\System32\DRIVERS\atiusbf.sys [2004-03-12 6144]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
R3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2004-04-12 6912]
R3 POWERKEY;POWERKEY; \??\C:\Program Files\Launch Manager\POWERKEY.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2004-01-16 69504]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-11-20 178528]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2005-08-10 329072]
S1 mailKmd;mailKmd; C:\WINDOWS\system32\drivers\mailKmd.sys []
S3 ad3piotd;ad3piotd; C:\WINDOWS\system32\drivers\ad3piotd.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-05-21 175360]
S3 BCM43XX;WLAN 802.11g mini-PCI Module Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-07-17 265728]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-14 272896]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-11-13 223128]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2009-02-17 57672]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2009-02-17 72520]
S3 mbr;mbr; \??\C:\DOCUME~1\Jirka\LOCALS~1\Temp\mbr.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 PRISM;IEEE 802.11 Wireless NIC Driver; C:\WINDOWS\System32\DRIVERS\EXPRESS.sys [2002-11-15 614912]
S3 rtl8180;GIGABYTE GN-WLMR101 Wireless LAN CardBus NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8180.SYS [2003-03-07 151552]
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 TetaSCDevice;TetaSCDevice; \??\C:\WINDOWS\system32\tetascop.SYS []
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2.2;Apache2.2; C:\dev\prog\Apache2\bin\httpd.exe [2010-03-04 24645]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MySQL5;MySQL5; C:\dev\prog\mysql50\bin\mysqld-nt --defaults-file=C:\dev\prog\mysql50\my.ini MySQL5 []
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
Přispějete na provoz fóra?