Zdravim,
včera jsem kopíroval kamarádce fotky z mobilu, když jsem zastrčil kartu do čtečky tak se mi restartoval explorer, a od té doby mám následující problém:
Zhruba 1x za 5-8 minut se mi asi na 40s na 100% vytíží procesor (nejde nic dělat, i myš se cuká), de je log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mira at 2010-04-24 16:56:54
WIN_VISTA
System drive C: has 38 GB (30%) free of 128 GB
Total RAM: 3070 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:59, on 24.4.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
F:\DAEMON Tools Lite\daemon.exe
G:\programy\desktop\Taskix32.exe
C:\Users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\apache\bin\ApacheMonitor.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Users\Mira\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\Mira\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\Mira.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Taskix] G:\programy\desktop\Taskix32.exe start
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2771151380-3836400108-1815272213-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2771151380-3836400108-1815272213-1000\..\Run: [Taskix] G:\programy\desktop\Taskix32.exe start (User '?')
O4 - HKUS\S-1-5-21-2771151380-3836400108-1815272213-1000\..\Run: [Google Update] "C:\Users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-2771151380-3836400108-1815272213-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - S-1-5-21-2771151380-3836400108-1815272213-1000 Startup: Trillian.lnk = F:\Trillian\trillian.exe (User '?')
O4 - Startup: Trillian.lnk = F:\Trillian\trillian.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\apache\bin\ApacheMonitor.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://F:\Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE43B099-C18D-40FC-95B2-85AFC1422766}: NameServer = 192.168.3.230
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\apache\bin\httpd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Moodle Cron (Moodle_Cron) - Brauer College - c:\Program Files\MoodleCron\Moodlecron.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt (file missing)
O23 - Service: ISC BIND (named) - Unknown owner - C:\Windows\system32\dns\bin\named.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe
--
End of file - 11723 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2771151380-3836400108-1815272213-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2771151380-3836400108-1815272213-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{0D833F37-4518-4FB5-A856-17BA6816D1C6}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69FC0024-10EB-480A-BBF2-3BF4E78E17B1}]
DebugBar BHO - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll [2009-03-23 1083392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-12 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{3E1201F4-1707-409F-BB45-A5F192381DA0} - DebugBar - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll [2009-03-23 742400]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-19 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-19 81920]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-07-25 174616]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-08-16 218408]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-28 1006264]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-12 148888]
"MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"NWEReboot"= []
"NotebookHardwareControl"=C:\Program Files\Notebook Hardware Control\nhc.exe [2007-05-04 2629632]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 55824]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-07-30 1232896]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"DAEMON Tools Lite"=F:\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"Taskix"=G:\programy\desktop\Taskix32.exe [2008-04-02 61440]
"Google Update"=C:\Users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 133104]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe silent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-09-19 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-06-03 21718312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskix]
G:\programy\desktop\Taskix32.exe [2008-04-02 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
F:\Winamp\winampa.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP2900 Status Window.lnk]
C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2007-01-11 50848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mira^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
F:\hamachi.exe [2008-10-31 624416]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Monitor Apache Servers.lnk - C:\apache\bin\ApacheMonitor.exe
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Users\Mira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Trillian.lnk - F:\Trillian\trillian.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c15c233-2f69-11df-9d2a-00218608c13b}]
shell\AutoRun\command - "L:\WD SmartWare.exe" autoplay=true
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c52417cf-b434-11dd-9517-00218608c13b}]
shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de6ee673-e963-11de-9601-00218608c13b}]
shell\AutoRun\command - "K:\WD SmartWare.exe" autoplay=true
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3538139-c6b8-11dd-87ba-00218608c13b}]
shell\AutoRun\command - J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sndmgr.exe
shell\open\command - J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sndmgr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3f6fa9f-5e59-11dd-85f8-001e686971ec}]
shell\AutoRun\command - H:\setup.exe /autorun
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"
======List of files/folders created in the last 1 months======
2010-04-24 16:56:54 ----D---- C:\rsit
2010-04-24 16:56:54 ----D---- C:\Program Files\trend micro
======List of files/folders modified in the last 1 months======
2010-04-24 16:56:58 ----D---- C:\Windows\Temp
2010-04-24 16:56:54 ----RD---- C:\Program Files
2010-04-24 16:38:39 ----D---- C:\Windows\Minidump
2010-04-24 16:38:32 ----D---- C:\Windows
2010-04-24 16:21:13 ----D---- C:\Users\Mira\AppData\Roaming\FileZilla
2010-04-23 18:51:17 ----SHD---- C:\System Volume Information
2010-04-23 16:17:00 ----AD---- C:\ProgramData\TEMP
2010-04-23 10:32:56 ----D---- C:\Users\Mira\AppData\Roaming\Adobe
2010-04-23 10:32:56 ----D---- C:\ProgramData\Adobe
2010-04-22 14:40:35 ----A---- C:\Windows\php.ini
2010-04-22 12:38:52 ----D---- C:\php
2010-04-15 13:05:36 ----D---- C:\Windows\system32\catroot2
2010-04-07 10:01:34 ----SHD---- C:\Windows\Installer
2010-04-07 10:01:34 ----HD---- C:\Config.Msi
2010-03-31 23:30:13 ----D---- C:\Program Files\Opera
2010-03-31 10:14:13 ----D---- C:\Program Files\Mozilla Thunderbird
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263}; \??\C:\Program Files\HP\QuickPlay\000.fcl [2007-09-30 39408]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-07-30 19456]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-07-30 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 80424]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 80936]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 16168]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-07-30 14208]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-28 2222080]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-19 7626400]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-11-28 82432]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-15 191408]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2007-11-28 132864]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-07-30 11264]
S3 a2ywyxjl;a2ywyxjl; C:\Windows\system32\drivers\a2ywyxjl.sys []
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series; C:\Windows\system32\DRIVERS\athru6.sys [2007-04-20 870400]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-07-30 220160]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-10-31 25280]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 nhcDriverDevice;Notebook Hardware Control Driver; \??\C:\Windows\system32\drivers\nhcDriver.sys [2009-12-04 22528]
S3 NPF;Netgroup Packet Filter; C:\Windows\system32\drivers\npf.sys [2005-08-03 32512]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 uafilter;uafilter; C:\Windows\System32\DRIVERS\uafilter.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2006-11-02 14848]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 WINUSB;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS [2006-11-02 31616]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 Cmbiveqacnnn;Cmbiveqacnnn; C:\Windows\system32\drivers\Cmbiveqacnnn.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2.2;Apache2.2; C:\apache\bin\httpd.exe [2008-06-13 24635]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-07-25 354840]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Moodle_Cron;Moodle Cron; c:\Program Files\MoodleCron\Moodlecron.exe [2004-09-08 551424]
R2 MySQL;MySQL; C:\mysql\bin\mysqld-nt --defaults-file=C:\mysql\my.ini MySQL []
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 XobniService;XobniService; C:\Program Files\Xobni\XobniService.exe [2009-12-08 55016]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-30 133104]
S2 named;ISC BIND; C:\Windows\system32\dns\bin\named.exe [2009-11-19 307200]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-07-30 68096]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
100% zátěž pc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: 100% zátěž pc
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: 100% zátěž pc
Stáhnul jsem ComboFix, spustil, odsouhlasil licenci, pak tam skočila modrá obrazovka a upozornéní, že používám programy na virtualizaci cd/dvd. V DaemonTools jsem dal disable a jediná virtualizovaná mechanika zmizela. Pak jsem dal ok ale na modré obrazovce jen probliknul text ". Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks". Přihlášen jsem pod admin účtem (http://extrawindows.cnews.cz/prihlaseni ... dows-vista - podle tohodle jsem ho vytvořil). A po kliknutí na ComboFix ješté klikám na spustit jako správce ale prostě se mi nedaří ComboFix spustit, pokaždý následuje restart a naskočí přihlašovací obrazovka.
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: 100% zátěž pc
Zkuste to v nouz. režimu pod admin. účtem.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: 100% zátěž pc
Tak v nouzovém režimu stejný problém. Příjde mi ale divné že i tam mi to píše že používám programy na emulaci (daemon je vypnutý a jiný nepoužívám) a následně se restartuje se stejnou hláškou 
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: 100% zátěž pc
Budete ho muset odinstalovat a pak se pokusit spustit CF znova.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: 100% zátěž pc
ComboFix 10-04-21.01 - Mira 24.04.2010 22:31:48.1.2 - x86
Spuštěný z: c:\users\Mira\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Mira\AppData\Roaming\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder.exe_Url_lhz5dgv2jyohtemywqgqpvzvnljmshl0\1.4.1.0\user.config
c:\users\Mira\Documents\runningdog.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hosts
c:\windows\system32\KBL.LOG
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
F:\uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-24 do 2010-04-24 )))))))))))))))))))))))))))))))
.
2010-04-24 20:36 . 2010-04-24 20:36 -------- d-----w- c:\users\named\AppData\Local\temp
2010-04-24 20:36 . 2010-04-24 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-24 20:36 . 2010-04-24 20:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-04-24 20:18 . 2010-04-24 20:41 -------- d-----w- c:\users\Mira\AppData\Local\temp
2010-04-24 16:59 . 2010-04-24 16:59 39 ---ha-w- c:\windows\system32\spfid.bin
2010-04-24 16:59 . 2010-04-24 16:59 39 ---ha-w- c:\windows\spfid.bin
2010-04-24 16:59 . 2010-04-24 16:59 -------- d-----w- c:\program files\ReviverSoft
2010-04-24 16:58 . 2010-04-24 16:58 -------- d-----w- c:\programdata\ReviverSoft
2010-04-24 15:31 . 2010-04-24 15:31 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools
2010-04-24 15:26 . 2010-04-24 15:26 0 ----a-w- c:\windows\nsreg.dat
2010-04-24 15:26 . 2010-04-24 15:26 -------- d-----w- c:\users\Administrator\AppData\Local\Thunderbird
2010-04-24 15:26 . 2010-04-24 15:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\Thunderbird
2010-04-24 15:26 . 2010-04-24 15:26 -------- d-----w- c:\users\Administrator\AppData\Local\Opera
2010-04-24 15:25 . 2010-04-24 15:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\Subversion
2010-04-24 15:25 . 2010-04-24 15:25 -------- d-----w- c:\users\Administrator\AppData\Local\LogiShrd
2010-04-24 15:25 . 2010-04-24 15:25 104136 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-24 15:25 . 2010-04-24 15:25 -------- d-----w- c:\users\Administrator\Bluetooth Software
2010-04-24 15:25 . 2010-04-24 17:48 -------- d-----w- c:\users\Administrator\AppData\Local\TSVNCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 20:37 . 2008-05-15 20:41 2484 ----a-w- c:\windows\bthservsdp.dat
2010-04-24 15:54 . 2009-12-01 22:21 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-04-24 15:26 . 2008-07-30 09:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-24 14:21 . 2008-07-29 23:56 -------- d-----w- c:\users\Mira\AppData\Roaming\FileZilla
2010-03-31 21:30 . 2008-07-29 12:30 -------- d-----w- c:\program files\Opera
2010-03-16 15:56 . 2010-03-16 15:55 -------- d-----w- c:\program files\MoodleCron
2010-03-14 13:01 . 2008-07-29 12:14 104136 ----a-w- c:\users\Mira\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-13 11:23 . 2008-08-08 14:47 7592 ----a-w- c:\users\Mira\AppData\Local\d3d9caps.dat
2010-03-02 11:52 . 2008-07-30 19:02 -------- d-----w- c:\users\Mira\AppData\Roaming\Skype
2010-03-02 11:51 . 2008-07-30 19:02 -------- d-----w- c:\users\Mira\AppData\Roaming\skypePM
2010-02-28 21:51 . 2010-02-28 21:43 -------- d-----w- c:\users\Mira\AppData\Roaming\Trillian
2010-02-28 21:45 . 2007-11-28 10:44 83310 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 21:45 . 2007-11-28 10:44 478528 ----a-w- c:\windows\system32\perfh005.dat
2010-02-28 21:45 . 2010-02-28 21:43 -------- d-----w- c:\program files\Xobni
2010-02-27 21:22 . 2010-02-27 21:22 50354 ----a-w- c:\users\Mira\AppData\Roaming\Facebook\uninstall.exe
2010-02-27 21:22 . 2010-02-27 21:22 -------- d-----w- c:\users\Mira\AppData\Roaming\Facebook
2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\users\Mira\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\users\Mira\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-02-24 12:33 . 2008-07-30 10:31 57431 ----a-w- c:\windows\system32\php5apache_hooks.dll
2010-02-24 12:33 . 2008-07-30 10:31 36955 ----a-w- c:\windows\system32\php5apache2_2_filter.dll
2010-02-24 12:33 . 2008-07-30 10:31 36953 ----a-w- c:\windows\system32\php5apache2_filter.dll
2010-02-24 12:33 . 2008-07-30 10:31 36948 ----a-w- c:\windows\system32\php5apache2_2.dll
2010-02-24 12:33 . 2008-07-30 10:31 36946 ----a-w- c:\windows\system32\php5apache2.dll
2010-02-24 12:33 . 2008-07-30 10:31 36945 ----a-w- c:\windows\system32\php5apache.dll
2010-02-24 12:33 . 2008-07-30 10:31 28752 ----a-w- c:\windows\system32\php5nsapi.dll
2010-02-24 12:33 . 2008-07-30 10:31 28752 ----a-w- c:\windows\system32\php5isapi.dll
2010-01-24 21:20 . 2010-01-24 21:20 70526 ----a-r- c:\users\Mira\AppData\Roaming\Microsoft\Installer\{844B8965-E5AA-4F9A-A4D4-4E59D4F44F64}\_C0F7707E361E2EFBB615DA.exe
2010-01-24 21:20 . 2010-01-24 21:20 1406 ----a-r- c:\users\Mira\AppData\Roaming\Microsoft\Installer\{844B8965-E5AA-4F9A-A4D4-4E59D4F44F64}\_84112B0DCA0F2FA1F60541.exe
2010-01-24 21:20 . 2010-01-24 21:20 1406 ----a-r- c:\users\Mira\AppData\Roaming\Microsoft\Installer\{844B8965-E5AA-4F9A-A4D4-4E59D4F44F64}\_6FEFF9B68218417F98F549.exe
2008-07-29 23:42 . 2008-07-29 23:42 22 --sha-w- c:\windows\SMINST\HPCD.sys
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-30 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Taskix"="g:\programy\desktop\Taskix32.exe" [2008-04-02 61440]
"Google Update"="c:\users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-10 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-28 1006264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\apache\bin\ApacheMonitor.exe [2008-6-13 41041]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP2900 Status Window.lnk]
backup=c:\windows\pss\Canon LBP2900 Status Window.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Mira^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-10 14:04 133104 ----atw- c:\users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 07:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 07:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-19 20:05 86016 ----a-w- c:\windows\System32\nvsvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-09-30 17:34 181544 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-06-03 13:08 21718312 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskix]
2008-04-02 20:10 61440 ----a-w- g:\programy\desktop\Taskix32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 14:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 133104]
R2 named;ISC BIND;c:\windows\system32\dns\bin\named.exe [2009-11-18 307200]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [2007-04-20 870400]
R3 uafilter;uafilter;c:\windows\system32\DRIVERS\uafilter.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 Cmbiveqacnnn;Cmbiveqacnnn; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-07-30 717296]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2007-09-30 39408]
S2 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [2008-06-13 24635]
S2 Moodle_Cron;Moodle Cron;c:\program files\MoodleCron\Moodlecron.exe [2004-09-08 551424]
S2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2009-12-08 55016]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 12:24]
2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 12:24]
2010-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771151380-3836400108-1815272213-1000Core.job
- c:\users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 14:04]
2010-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771151380-3836400108-1815272213-1000UA.job
- c:\users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 14:04]
2010-04-24 c:\windows\Tasks\Registry Reviver-Mira-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2009-11-17 17:36]
2010-04-24 c:\windows\Tasks\Registry Reviver.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2009-11-17 17:36]
2010-04-24 c:\windows\Tasks\User_Feed_Synchronization-{0D833F37-4518-4FB5-A856-17BA6816D1C6}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: &NeoTrace It!
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - f:\office\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {CE43B099-C18D-40FC-95B2-85AFC1422766} = 192.168.3.230
FF - ProfilePath - c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\users\Mira\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Mira\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
---- NASTAVENÍ FIREFOXU ----
f:\firefox\greprefs\all.js - pref("ui.use_native_colors", true);
f:\firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
f:\firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
f:\firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
f:\firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
f:\firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
f:\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
f:\firefox\greprefs\all.js - pref("svg.smil.enabled", false);
f:\firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
f:\firefox\greprefs\all.js - pref("browser.formfill.debug", false);
f:\firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
f:\firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
f:\firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
f:\firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
f:\firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
f:\firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
f:\firefox\greprefs\all.js - pref("html5.enable", false);
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
f:\firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
f:\firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
f:\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
f:\firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
f:\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
f:\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
f:\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
f:\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
f:\firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
f:\firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
f:\firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
f:\firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
f:\firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
f:\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
f:\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
f:\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-Hamachi - f:\\uninstall.exe
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\mysql\bin\mysqld-nt\" --defaults-file=\"c:\mysql\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\ACRADAF\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\ACRADAF\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\DDL0000\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\DDL0000\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\LPL0120\5&7891340&0&UID280\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\LPL0120\5&7891340&0&UID280\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0424\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0424\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0427\5&7891340&0&UID289\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0427\5&7891340&0&UID289\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(2720)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\btncopy.dll
f:\winscp\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\CNAB4RPK.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\mysql\bin\mysqld-nt.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Celkový čas: 2010-04-24 22:48:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-24 20:48
Před spuštěním: Volných bajtů: 46 757 441 536
Po spuštění: Volných bajtů: 46 571 282 432
- - End Of File - - 4C30EB15854C3E6896963BFA2EC4039E
Spuštěný z: c:\users\Mira\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Mira\AppData\Roaming\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder.exe_Url_lhz5dgv2jyohtemywqgqpvzvnljmshl0\1.4.1.0\user.config
c:\users\Mira\Documents\runningdog.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hosts
c:\windows\system32\KBL.LOG
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
F:\uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-24 do 2010-04-24 )))))))))))))))))))))))))))))))
.
2010-04-24 20:36 . 2010-04-24 20:36 -------- d-----w- c:\users\named\AppData\Local\temp
2010-04-24 20:36 . 2010-04-24 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-24 20:36 . 2010-04-24 20:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-04-24 20:18 . 2010-04-24 20:41 -------- d-----w- c:\users\Mira\AppData\Local\temp
2010-04-24 16:59 . 2010-04-24 16:59 39 ---ha-w- c:\windows\system32\spfid.bin
2010-04-24 16:59 . 2010-04-24 16:59 39 ---ha-w- c:\windows\spfid.bin
2010-04-24 16:59 . 2010-04-24 16:59 -------- d-----w- c:\program files\ReviverSoft
2010-04-24 16:58 . 2010-04-24 16:58 -------- d-----w- c:\programdata\ReviverSoft
2010-04-24 15:31 . 2010-04-24 15:31 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools
2010-04-24 15:26 . 2010-04-24 15:26 0 ----a-w- c:\windows\nsreg.dat
2010-04-24 15:26 . 2010-04-24 15:26 -------- d-----w- c:\users\Administrator\AppData\Local\Thunderbird
2010-04-24 15:26 . 2010-04-24 15:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\Thunderbird
2010-04-24 15:26 . 2010-04-24 15:26 -------- d-----w- c:\users\Administrator\AppData\Local\Opera
2010-04-24 15:25 . 2010-04-24 15:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\Subversion
2010-04-24 15:25 . 2010-04-24 15:25 -------- d-----w- c:\users\Administrator\AppData\Local\LogiShrd
2010-04-24 15:25 . 2010-04-24 15:25 104136 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-24 15:25 . 2010-04-24 15:25 -------- d-----w- c:\users\Administrator\Bluetooth Software
2010-04-24 15:25 . 2010-04-24 17:48 -------- d-----w- c:\users\Administrator\AppData\Local\TSVNCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 20:37 . 2008-05-15 20:41 2484 ----a-w- c:\windows\bthservsdp.dat
2010-04-24 15:54 . 2009-12-01 22:21 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-04-24 15:26 . 2008-07-30 09:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-24 14:21 . 2008-07-29 23:56 -------- d-----w- c:\users\Mira\AppData\Roaming\FileZilla
2010-03-31 21:30 . 2008-07-29 12:30 -------- d-----w- c:\program files\Opera
2010-03-16 15:56 . 2010-03-16 15:55 -------- d-----w- c:\program files\MoodleCron
2010-03-14 13:01 . 2008-07-29 12:14 104136 ----a-w- c:\users\Mira\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-13 11:23 . 2008-08-08 14:47 7592 ----a-w- c:\users\Mira\AppData\Local\d3d9caps.dat
2010-03-02 11:52 . 2008-07-30 19:02 -------- d-----w- c:\users\Mira\AppData\Roaming\Skype
2010-03-02 11:51 . 2008-07-30 19:02 -------- d-----w- c:\users\Mira\AppData\Roaming\skypePM
2010-02-28 21:51 . 2010-02-28 21:43 -------- d-----w- c:\users\Mira\AppData\Roaming\Trillian
2010-02-28 21:45 . 2007-11-28 10:44 83310 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 21:45 . 2007-11-28 10:44 478528 ----a-w- c:\windows\system32\perfh005.dat
2010-02-28 21:45 . 2010-02-28 21:43 -------- d-----w- c:\program files\Xobni
2010-02-27 21:22 . 2010-02-27 21:22 50354 ----a-w- c:\users\Mira\AppData\Roaming\Facebook\uninstall.exe
2010-02-27 21:22 . 2010-02-27 21:22 -------- d-----w- c:\users\Mira\AppData\Roaming\Facebook
2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\users\Mira\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\users\Mira\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-02-24 12:33 . 2008-07-30 10:31 57431 ----a-w- c:\windows\system32\php5apache_hooks.dll
2010-02-24 12:33 . 2008-07-30 10:31 36955 ----a-w- c:\windows\system32\php5apache2_2_filter.dll
2010-02-24 12:33 . 2008-07-30 10:31 36953 ----a-w- c:\windows\system32\php5apache2_filter.dll
2010-02-24 12:33 . 2008-07-30 10:31 36948 ----a-w- c:\windows\system32\php5apache2_2.dll
2010-02-24 12:33 . 2008-07-30 10:31 36946 ----a-w- c:\windows\system32\php5apache2.dll
2010-02-24 12:33 . 2008-07-30 10:31 36945 ----a-w- c:\windows\system32\php5apache.dll
2010-02-24 12:33 . 2008-07-30 10:31 28752 ----a-w- c:\windows\system32\php5nsapi.dll
2010-02-24 12:33 . 2008-07-30 10:31 28752 ----a-w- c:\windows\system32\php5isapi.dll
2010-01-24 21:20 . 2010-01-24 21:20 70526 ----a-r- c:\users\Mira\AppData\Roaming\Microsoft\Installer\{844B8965-E5AA-4F9A-A4D4-4E59D4F44F64}\_C0F7707E361E2EFBB615DA.exe
2010-01-24 21:20 . 2010-01-24 21:20 1406 ----a-r- c:\users\Mira\AppData\Roaming\Microsoft\Installer\{844B8965-E5AA-4F9A-A4D4-4E59D4F44F64}\_84112B0DCA0F2FA1F60541.exe
2010-01-24 21:20 . 2010-01-24 21:20 1406 ----a-r- c:\users\Mira\AppData\Roaming\Microsoft\Installer\{844B8965-E5AA-4F9A-A4D4-4E59D4F44F64}\_6FEFF9B68218417F98F549.exe
2008-07-29 23:42 . 2008-07-29 23:42 22 --sha-w- c:\windows\SMINST\HPCD.sys
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-30 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Taskix"="g:\programy\desktop\Taskix32.exe" [2008-04-02 61440]
"Google Update"="c:\users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-10 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-28 1006264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\apache\bin\ApacheMonitor.exe [2008-6-13 41041]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP2900 Status Window.lnk]
backup=c:\windows\pss\Canon LBP2900 Status Window.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Mira^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-10 14:04 133104 ----atw- c:\users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 07:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 07:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-19 20:05 86016 ----a-w- c:\windows\System32\nvsvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-09-30 17:34 181544 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-06-03 13:08 21718312 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskix]
2008-04-02 20:10 61440 ----a-w- g:\programy\desktop\Taskix32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 14:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 133104]
R2 named;ISC BIND;c:\windows\system32\dns\bin\named.exe [2009-11-18 307200]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [2007-04-20 870400]
R3 uafilter;uafilter;c:\windows\system32\DRIVERS\uafilter.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 Cmbiveqacnnn;Cmbiveqacnnn; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-07-30 717296]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2007-09-30 39408]
S2 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [2008-06-13 24635]
S2 Moodle_Cron;Moodle Cron;c:\program files\MoodleCron\Moodlecron.exe [2004-09-08 551424]
S2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2009-12-08 55016]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 12:24]
2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 12:24]
2010-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771151380-3836400108-1815272213-1000Core.job
- c:\users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 14:04]
2010-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771151380-3836400108-1815272213-1000UA.job
- c:\users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 14:04]
2010-04-24 c:\windows\Tasks\Registry Reviver-Mira-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2009-11-17 17:36]
2010-04-24 c:\windows\Tasks\Registry Reviver.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2009-11-17 17:36]
2010-04-24 c:\windows\Tasks\User_Feed_Synchronization-{0D833F37-4518-4FB5-A856-17BA6816D1C6}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: &NeoTrace It!
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - f:\office\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {CE43B099-C18D-40FC-95B2-85AFC1422766} = 192.168.3.230
FF - ProfilePath - c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\users\Mira\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Mira\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
---- NASTAVENÍ FIREFOXU ----
f:\firefox\greprefs\all.js - pref("ui.use_native_colors", true);
f:\firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
f:\firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
f:\firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
f:\firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
f:\firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
f:\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
f:\firefox\greprefs\all.js - pref("svg.smil.enabled", false);
f:\firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
f:\firefox\greprefs\all.js - pref("browser.formfill.debug", false);
f:\firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
f:\firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
f:\firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
f:\firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
f:\firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
f:\firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
f:\firefox\greprefs\all.js - pref("html5.enable", false);
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
f:\firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
f:\firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
f:\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
f:\firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
f:\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
f:\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
f:\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
f:\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
f:\firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
f:\firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
f:\firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
f:\firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
f:\firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
f:\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
f:\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
f:\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-Hamachi - f:\\uninstall.exe
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\mysql\bin\mysqld-nt\" --defaults-file=\"c:\mysql\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\ACRADAF\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\ACRADAF\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\DDL0000\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\DDL0000\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\LPL0120\5&7891340&0&UID280\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\LPL0120\5&7891340&0&UID280\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0424\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0424\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0427\5&7891340&0&UID289\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0427\5&7891340&0&UID289\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(2720)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\btncopy.dll
f:\winscp\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\CNAB4RPK.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\mysql\bin\mysqld-nt.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Celkový čas: 2010-04-24 22:48:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-24 20:48
Před spuštěním: Volných bajtů: 46 757 441 536
Po spuštění: Volných bajtů: 46 571 282 432
- - End Of File - - 4C30EB15854C3E6896963BFA2EC4039E
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: 100% zátěž pc
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Driver::
Cmbiveqacnnn
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: 100% zátěž pc
ComboFix 10-04-21.01 - Administrator 25.04.2010 12:12:40.2.2 - x86
Spuštěný z: c:\users\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Administrator\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Cmbiveqacnnn
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-25 do 2010-04-25 )))))))))))))))))))))))))))))))
.
2010-04-25 10:17 . 2010-04-25 10:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-04-25 10:17 . 2010-04-25 10:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-25 10:17 . 2010-04-25 10:17 -------- d-----w- c:\users\named\AppData\Local\temp
2010-04-25 10:17 . 2010-04-25 10:17 -------- d-----w- c:\users\Mira\AppData\Local\temp
2010-04-25 10:17 . 2010-04-25 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-25 10:11 . 2010-04-25 10:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\PSpad
2010-04-24 16:59 . 2010-04-24 16:59 39 ---ha-w- c:\windows\system32\spfid.bin
2010-04-24 16:59 . 2010-04-24 16:59 39 ---ha-w- c:\windows\spfid.bin
2010-04-24 16:59 . 2010-04-24 16:59 -------- d-----w- c:\program files\ReviverSoft
2010-04-24 16:58 . 2010-04-24 16:58 -------- d-----w- c:\programdata\ReviverSoft
2010-04-24 15:31 . 2010-04-24 15:31 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools
2010-04-24 15:26 . 2010-04-24 15:26 0 ----a-w- c:\windows\nsreg.dat
2010-04-24 15:26 . 2010-04-24 15:26 -------- d-----w- c:\users\Administrator\AppData\Local\Thunderbird
2010-04-24 15:26 . 2010-04-24 15:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\Thunderbird
2010-04-24 15:26 . 2010-04-24 15:26 -------- d-----w- c:\users\Administrator\AppData\Local\Opera
2010-04-24 15:25 . 2010-04-24 15:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\Subversion
2010-04-24 15:25 . 2010-04-24 15:25 -------- d-----w- c:\users\Administrator\AppData\Local\LogiShrd
2010-04-24 15:25 . 2010-04-24 15:25 104136 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-24 15:25 . 2010-04-24 15:25 -------- d-----w- c:\users\Administrator\Bluetooth Software
2010-04-24 15:25 . 2010-04-25 10:20 -------- d-----w- c:\users\Administrator\AppData\Local\TSVNCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 10:21 . 2009-12-01 22:21 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-04-25 10:18 . 2008-05-15 20:41 2484 ----a-w- c:\windows\bthservsdp.dat
2010-04-25 10:05 . 2008-07-29 23:56 -------- d-----w- c:\users\Mira\AppData\Roaming\FileZilla
2010-04-24 15:26 . 2008-07-30 09:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-31 21:30 . 2008-07-29 12:30 -------- d-----w- c:\program files\Opera
2010-03-16 15:56 . 2010-03-16 15:55 -------- d-----w- c:\program files\MoodleCron
2010-03-14 13:01 . 2008-07-29 12:14 104136 ----a-w- c:\users\Mira\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-13 11:23 . 2008-08-08 14:47 7592 ----a-w- c:\users\Mira\AppData\Local\d3d9caps.dat
2010-03-02 11:52 . 2008-07-30 19:02 -------- d-----w- c:\users\Mira\AppData\Roaming\Skype
2010-03-02 11:51 . 2008-07-30 19:02 -------- d-----w- c:\users\Mira\AppData\Roaming\skypePM
2010-02-28 21:51 . 2010-02-28 21:43 -------- d-----w- c:\users\Mira\AppData\Roaming\Trillian
2010-02-28 21:45 . 2007-11-28 10:44 83310 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 21:45 . 2007-11-28 10:44 478528 ----a-w- c:\windows\system32\perfh005.dat
2010-02-28 21:45 . 2010-02-28 21:43 -------- d-----w- c:\program files\Xobni
2010-02-27 21:22 . 2010-02-27 21:22 50354 ----a-w- c:\users\Mira\AppData\Roaming\Facebook\uninstall.exe
2010-02-27 21:22 . 2010-02-27 21:22 -------- d-----w- c:\users\Mira\AppData\Roaming\Facebook
2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\users\Mira\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\users\Mira\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-02-24 12:33 . 2008-07-30 10:31 57431 ----a-w- c:\windows\system32\php5apache_hooks.dll
2010-02-24 12:33 . 2008-07-30 10:31 36955 ----a-w- c:\windows\system32\php5apache2_2_filter.dll
2010-02-24 12:33 . 2008-07-30 10:31 36953 ----a-w- c:\windows\system32\php5apache2_filter.dll
2010-02-24 12:33 . 2008-07-30 10:31 36948 ----a-w- c:\windows\system32\php5apache2_2.dll
2010-02-24 12:33 . 2008-07-30 10:31 36946 ----a-w- c:\windows\system32\php5apache2.dll
2010-02-24 12:33 . 2008-07-30 10:31 36945 ----a-w- c:\windows\system32\php5apache.dll
2010-02-24 12:33 . 2008-07-30 10:31 28752 ----a-w- c:\windows\system32\php5nsapi.dll
2010-02-24 12:33 . 2008-07-30 10:31 28752 ----a-w- c:\windows\system32\php5isapi.dll
2008-07-29 23:42 . 2008-07-29 23:42 22 --sha-w- c:\windows\SMINST\HPCD.sys
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-30 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-28 1006264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\apache\bin\ApacheMonitor.exe [2008-6-13 41041]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP2900 Status Window.lnk]
backup=c:\windows\pss\Canon LBP2900 Status Window.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Mira^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-10 14:04 133104 ----atw- c:\users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 07:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 07:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-19 20:05 86016 ----a-w- c:\windows\System32\nvsvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-09-30 17:34 181544 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-06-03 13:08 21718312 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskix]
2008-04-02 20:10 61440 ----a-w- g:\programy\desktop\Taskix32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 14:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 133104]
R2 named;ISC BIND;c:\windows\system32\dns\bin\named.exe [2009-11-18 307200]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [2007-04-20 870400]
R3 uafilter;uafilter;c:\windows\system32\DRIVERS\uafilter.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-07-30 717296]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2007-09-30 39408]
S2 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [2008-06-13 24635]
S2 Moodle_Cron;Moodle Cron;c:\program files\MoodleCron\Moodlecron.exe [2004-09-08 551424]
S2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2009-12-08 55016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 12:24]
2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 12:24]
2010-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771151380-3836400108-1815272213-1000Core.job
- c:\users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 14:04]
2010-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771151380-3836400108-1815272213-1000UA.job
- c:\users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 14:04]
2010-04-25 c:\windows\Tasks\Registry Reviver-Mira-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2009-11-17 17:36]
2010-04-25 c:\windows\Tasks\Registry Reviver.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2009-11-17 17:36]
2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{0D833F37-4518-4FB5-A856-17BA6816D1C6}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=Pavilion&pf=laptop
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {CE43B099-C18D-40FC-95B2-85AFC1422766} = 192.168.3.230
FF - ProfilePath - c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\users\Mira\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Mira\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: f:\firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
f:\firefox\greprefs\all.js - pref("ui.use_native_colors", true);
f:\firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
f:\firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
f:\firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
f:\firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
f:\firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
f:\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
f:\firefox\greprefs\all.js - pref("svg.smil.enabled", false);
f:\firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
f:\firefox\greprefs\all.js - pref("browser.formfill.debug", false);
f:\firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
f:\firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
f:\firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
f:\firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
f:\firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
f:\firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
f:\firefox\greprefs\all.js - pref("html5.enable", false);
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
f:\firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
f:\firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
f:\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
f:\firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
f:\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
f:\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
f:\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
f:\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
f:\firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
f:\firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
f:\firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
f:\firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
f:\firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
f:\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
f:\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
f:\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\mysql\bin\mysqld-nt\" --defaults-file=\"c:\mysql\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2771151380-3836400108-1815272213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
[HKEY_USERS\S-1-5-21-2771151380-3836400108-1815272213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
[HKEY_USERS\S-1-5-21-2771151380-3836400108-1815272213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
[HKEY_USERS\S-1-5-21-2771151380-3836400108-1815272213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\ACRADAF\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\ACRADAF\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\DDL0000\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\DDL0000\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\LPL0120\5&7891340&0&UID280\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\LPL0120\5&7891340&0&UID280\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0424\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0424\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0427\5&7891340&0&UID289\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0427\5&7891340&0&UID289\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(6064)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\btncopy.dll
f:\winscp\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\CNAB4RPK.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\mysql\bin\mysqld-nt.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-04-25 12:28:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-25 10:28
ComboFix2.txt 2010-04-24 20:48
Před spuštěním: Volných bajtů: 46 364 102 656
Po spuštění: Volných bajtů: 46 171 656 192
- - End Of File - - 4BD112C7138C0A79B796F380849C947D
Spuštěný z: c:\users\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Administrator\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Cmbiveqacnnn
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-25 do 2010-04-25 )))))))))))))))))))))))))))))))
.
2010-04-25 10:17 . 2010-04-25 10:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-04-25 10:17 . 2010-04-25 10:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-25 10:17 . 2010-04-25 10:17 -------- d-----w- c:\users\named\AppData\Local\temp
2010-04-25 10:17 . 2010-04-25 10:17 -------- d-----w- c:\users\Mira\AppData\Local\temp
2010-04-25 10:17 . 2010-04-25 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-25 10:11 . 2010-04-25 10:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\PSpad
2010-04-24 16:59 . 2010-04-24 16:59 39 ---ha-w- c:\windows\system32\spfid.bin
2010-04-24 16:59 . 2010-04-24 16:59 39 ---ha-w- c:\windows\spfid.bin
2010-04-24 16:59 . 2010-04-24 16:59 -------- d-----w- c:\program files\ReviverSoft
2010-04-24 16:58 . 2010-04-24 16:58 -------- d-----w- c:\programdata\ReviverSoft
2010-04-24 15:31 . 2010-04-24 15:31 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools
2010-04-24 15:26 . 2010-04-24 15:26 0 ----a-w- c:\windows\nsreg.dat
2010-04-24 15:26 . 2010-04-24 15:26 -------- d-----w- c:\users\Administrator\AppData\Local\Thunderbird
2010-04-24 15:26 . 2010-04-24 15:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\Thunderbird
2010-04-24 15:26 . 2010-04-24 15:26 -------- d-----w- c:\users\Administrator\AppData\Local\Opera
2010-04-24 15:25 . 2010-04-24 15:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\Subversion
2010-04-24 15:25 . 2010-04-24 15:25 -------- d-----w- c:\users\Administrator\AppData\Local\LogiShrd
2010-04-24 15:25 . 2010-04-24 15:25 104136 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-24 15:25 . 2010-04-24 15:25 -------- d-----w- c:\users\Administrator\Bluetooth Software
2010-04-24 15:25 . 2010-04-25 10:20 -------- d-----w- c:\users\Administrator\AppData\Local\TSVNCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 10:21 . 2009-12-01 22:21 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-04-25 10:18 . 2008-05-15 20:41 2484 ----a-w- c:\windows\bthservsdp.dat
2010-04-25 10:05 . 2008-07-29 23:56 -------- d-----w- c:\users\Mira\AppData\Roaming\FileZilla
2010-04-24 15:26 . 2008-07-30 09:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-31 21:30 . 2008-07-29 12:30 -------- d-----w- c:\program files\Opera
2010-03-16 15:56 . 2010-03-16 15:55 -------- d-----w- c:\program files\MoodleCron
2010-03-14 13:01 . 2008-07-29 12:14 104136 ----a-w- c:\users\Mira\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-13 11:23 . 2008-08-08 14:47 7592 ----a-w- c:\users\Mira\AppData\Local\d3d9caps.dat
2010-03-02 11:52 . 2008-07-30 19:02 -------- d-----w- c:\users\Mira\AppData\Roaming\Skype
2010-03-02 11:51 . 2008-07-30 19:02 -------- d-----w- c:\users\Mira\AppData\Roaming\skypePM
2010-02-28 21:51 . 2010-02-28 21:43 -------- d-----w- c:\users\Mira\AppData\Roaming\Trillian
2010-02-28 21:45 . 2007-11-28 10:44 83310 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 21:45 . 2007-11-28 10:44 478528 ----a-w- c:\windows\system32\perfh005.dat
2010-02-28 21:45 . 2010-02-28 21:43 -------- d-----w- c:\program files\Xobni
2010-02-27 21:22 . 2010-02-27 21:22 50354 ----a-w- c:\users\Mira\AppData\Roaming\Facebook\uninstall.exe
2010-02-27 21:22 . 2010-02-27 21:22 -------- d-----w- c:\users\Mira\AppData\Roaming\Facebook
2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\users\Mira\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\users\Mira\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-02-24 12:33 . 2008-07-30 10:31 57431 ----a-w- c:\windows\system32\php5apache_hooks.dll
2010-02-24 12:33 . 2008-07-30 10:31 36955 ----a-w- c:\windows\system32\php5apache2_2_filter.dll
2010-02-24 12:33 . 2008-07-30 10:31 36953 ----a-w- c:\windows\system32\php5apache2_filter.dll
2010-02-24 12:33 . 2008-07-30 10:31 36948 ----a-w- c:\windows\system32\php5apache2_2.dll
2010-02-24 12:33 . 2008-07-30 10:31 36946 ----a-w- c:\windows\system32\php5apache2.dll
2010-02-24 12:33 . 2008-07-30 10:31 36945 ----a-w- c:\windows\system32\php5apache.dll
2010-02-24 12:33 . 2008-07-30 10:31 28752 ----a-w- c:\windows\system32\php5nsapi.dll
2010-02-24 12:33 . 2008-07-30 10:31 28752 ----a-w- c:\windows\system32\php5isapi.dll
2008-07-29 23:42 . 2008-07-29 23:42 22 --sha-w- c:\windows\SMINST\HPCD.sys
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-30 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-28 1006264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\apache\bin\ApacheMonitor.exe [2008-6-13 41041]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP2900 Status Window.lnk]
backup=c:\windows\pss\Canon LBP2900 Status Window.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Mira^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-10 14:04 133104 ----atw- c:\users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 07:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 07:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-19 20:05 86016 ----a-w- c:\windows\System32\nvsvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-09-30 17:34 181544 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-06-03 13:08 21718312 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskix]
2008-04-02 20:10 61440 ----a-w- g:\programy\desktop\Taskix32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 14:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 133104]
R2 named;ISC BIND;c:\windows\system32\dns\bin\named.exe [2009-11-18 307200]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [2007-04-20 870400]
R3 uafilter;uafilter;c:\windows\system32\DRIVERS\uafilter.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-07-30 717296]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2007-09-30 39408]
S2 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [2008-06-13 24635]
S2 Moodle_Cron;Moodle Cron;c:\program files\MoodleCron\Moodlecron.exe [2004-09-08 551424]
S2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2009-12-08 55016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 12:24]
2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 12:24]
2010-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771151380-3836400108-1815272213-1000Core.job
- c:\users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 14:04]
2010-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771151380-3836400108-1815272213-1000UA.job
- c:\users\Mira\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 14:04]
2010-04-25 c:\windows\Tasks\Registry Reviver-Mira-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2009-11-17 17:36]
2010-04-25 c:\windows\Tasks\Registry Reviver.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2009-11-17 17:36]
2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{0D833F37-4518-4FB5-A856-17BA6816D1C6}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=Pavilion&pf=laptop
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {CE43B099-C18D-40FC-95B2-85AFC1422766} = 192.168.3.230
FF - ProfilePath - c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\users\Mira\AppData\Roaming\Mozilla\Firefox\Profiles\n5xy7799.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\users\Mira\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Mira\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: f:\firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
f:\firefox\greprefs\all.js - pref("ui.use_native_colors", true);
f:\firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
f:\firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
f:\firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
f:\firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
f:\firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
f:\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
f:\firefox\greprefs\all.js - pref("svg.smil.enabled", false);
f:\firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
f:\firefox\greprefs\all.js - pref("browser.formfill.debug", false);
f:\firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
f:\firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
f:\firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
f:\firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
f:\firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
f:\firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
f:\firefox\greprefs\all.js - pref("html5.enable", false);
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
f:\firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
f:\firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
f:\firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
f:\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
f:\firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
f:\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
f:\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
f:\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
f:\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
f:\firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
f:\firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
f:\firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
f:\firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
f:\firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
f:\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
f:\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
f:\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\mysql\bin\mysqld-nt\" --defaults-file=\"c:\mysql\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2771151380-3836400108-1815272213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
[HKEY_USERS\S-1-5-21-2771151380-3836400108-1815272213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
[HKEY_USERS\S-1-5-21-2771151380-3836400108-1815272213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
[HKEY_USERS\S-1-5-21-2771151380-3836400108-1815272213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\ACRADAF\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\ACRADAF\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\DDL0000\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\DDL0000\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\LPL0120\5&7891340&0&UID280\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\LPL0120\5&7891340&0&UID280\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0424\5&7891340&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0424\5&7891340&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0427\5&7891340&0&UID289\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0427\5&7891340&0&UID289\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(6064)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\btncopy.dll
f:\winscp\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\CNAB4RPK.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\mysql\bin\mysqld-nt.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-04-25 12:28:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-25 10:28
ComboFix2.txt 2010-04-24 20:48
Před spuštěním: Volných bajtů: 46 364 102 656
Po spuštění: Volných bajtů: 46 171 656 192
- - End Of File - - 4BD112C7138C0A79B796F380849C947D
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: 100% zátěž pc
Log již vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: 100% zátěž pc
Bohužel, pořád stejný problém ...
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: 100% zátěž pc
Zkuste obnovu systému k datu, kdy PC fungoval korektně.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: 100% zátěž pc
Při obnově se zobrazila chyba (Error 0xFblablabla). Zkoušel jsem 3 a pokaždé stejné.
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: 100% zátěž pc
Který proces PC nejvíce zatěžuje?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: 100% zátěž pc
Vypadá to na svchost.exe
Přispějete na provoz fóra?