Dobrý den, poprosím o kontrolu logu. Poslední dobou se mi stává, že CPU vyletí na 90-100% aniž by ve správci procesů něco žralo procesor (tam to nikde neukazuje), podotýkám že se nestahují ani neinstalují během těchto pozorování žádné aktualizace, a ani to nedělá opera nebo mozilla, jako je u nich obvyklé, popřípadě dojde k pomalému běhu programů, které vím, že běhaly bez potíží (různá vývojová SDK prostředí apod).
Dnes mi AVIRA nahlásila asi 6 trojanů v tempech, ale i system32, dal jsem deny acces ale asi to bude chtít nějak pročistit celkově.
Počítač je notebook HP550 s C2D, 3G ram, operační systém windows 7 Pro 32bit, antiviry microsoft essential a AVIRA.
Děkuji za pomoc.
LOG Z RSIT:
Logfile of random's system information tool 1.07 (written by random/random)
Run by Vlada at 2010-06-22 20:10:05
Microsoft Windows 7 Professional Service Pack 3
System drive C: has 10 GB (10%) free of 100 GB
Total RAM: 3063 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:10:53, on 22.6.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Windows\system32\taskmgr.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\java.exe
C:\Users\Vlada\Documents\android\android-sdk-windows\tools\adb.exe
C:\Program Files\QIP\qip.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
D:\My Downloads\Programs\RSIT_2.exe
C:\Program Files\trend micro\Vlada.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LWBKEYBOARD] "C:\Program Files\Labtec\Desktop\6.0\KbdAp32A.exe"
O4 - HKCU\..\Run: [LWBMOUSE] "C:\Program Files\Labtec\Desktop\6.0\MOffice.exe"
O4 - HKCU\..\Run: [HotkeyP] D:\programy\Hot key\HotkeyP.exe 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
--
End of file - 8013 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2010-01-20 181680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-28 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-02-21 1093208]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-06-03 177456]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-18 178712]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"HDInspector.exe"=C:\Program Files\Hard Drive Inspector\HDInspector.exe [2007-10-12 999176]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"OODefragTray"=C:\Windows\system32\oodtray.exe [2008-09-04 2524416]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-10-29 96816]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2009-05-27 2815408]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"LWBKEYBOARD"=C:\Program Files\Labtec\Desktop\6.0\KbdAp32A.exe [2007-03-26 395264]
"LWBMOUSE"=C:\Program Files\Labtec\Desktop\6.0\MOffice.exe [2007-04-11 457728]
"HotkeyP"=D:\programy\Hot key\HotkeyP.exe [2008-07-15 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2010-06-22 20:10:05 ----D---- C:\rsit
2010-06-17 09:14:36 ----D---- C:\Windows\Minidump
2010-06-11 10:40:57 ----A---- C:\Windows\system32\mshtml.dll
2010-06-11 10:40:57 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-11 10:40:55 ----A---- C:\Windows\system32\ieframe.dll
2010-06-11 10:40:54 ----A---- C:\Windows\system32\urlmon.dll
2010-06-11 10:40:54 ----A---- C:\Windows\system32\mstime.dll
2010-06-11 10:40:53 ----A---- C:\Windows\system32\wininet.dll
2010-06-11 10:40:53 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-11 10:40:53 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-11 10:40:53 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-11 10:40:47 ----A---- C:\Windows\system32\atmlib.dll
2010-06-11 10:40:47 ----A---- C:\Windows\system32\atmfd.dll
2010-06-04 15:22:02 ----D---- C:\Program Files\Labtec
2010-06-01 11:31:04 ----D---- C:\Windows\system32\Wat
2010-05-27 21:42:39 ----D---- C:\Users\Vlada\AppData\Roaming\Broad Intelligence
2010-05-27 21:41:30 ----D---- C:\Program Files\MediaCoder
2010-05-26 09:52:44 ----A---- C:\Windows\system32\tzres.dll
======List of files/folders modified in the last 1 months======
2010-06-22 20:10:27 ----D---- C:\Windows\Prefetch
2010-06-22 20:10:19 ----D---- C:\Program Files\trend micro
2010-06-22 20:10:06 ----D---- C:\Windows\temp
2010-06-22 20:07:39 ----D---- C:\Users\Vlada\AppData\Roaming\DMCache
2010-06-22 20:07:26 ----D---- C:\Users\Vlada\AppData\Roaming\vlc
2010-06-22 20:07:07 ----D---- C:\Windows\System32
2010-06-22 19:45:40 ----SHD---- C:\System Volume Information
2010-06-22 17:06:44 ----D---- C:\Users\Vlada\AppData\Roaming\dvdcss
2010-06-22 12:49:41 ----D---- C:\Windows\system32\config
2010-06-21 21:08:39 ----D---- C:\Program Files\BSplayerPro
2010-06-20 19:07:45 ----D---- C:\Windows\inf
2010-06-20 19:07:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-17 09:20:33 ----D---- C:\ProgramData\VMware
2010-06-17 09:17:06 ----D---- C:\Windows
2010-06-14 12:59:31 ----D---- C:\Windows\Microsoft.NET
2010-06-14 12:59:10 ----RSD---- C:\Windows\assembly
2010-06-12 20:56:42 ----D---- C:\Windows\winsxs
2010-06-12 20:54:09 ----D---- C:\Windows\system32\migration
2010-06-12 20:54:09 ----D---- C:\Program Files\Internet Explorer
2010-06-12 10:48:00 ----SHD---- C:\Windows\Installer
2010-06-12 10:47:57 ----SHD---- C:\Config.Msi
2010-06-12 10:47:57 ----D---- C:\ProgramData\Microsoft Help
2010-06-12 10:47:05 ----D---- C:\Windows\system32\catroot
2010-06-11 10:40:32 ----D---- C:\Windows\system32\catroot2
2010-06-05 12:34:26 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-05 12:25:45 ----D---- C:\Program Files\Common Files\microsoft shared
2010-06-05 12:25:12 ----D---- C:\Program Files\Microsoft
2010-06-05 12:23:29 ----SD---- C:\ProgramData\Microsoft
2010-06-04 16:59:55 ----D---- C:\Windows\system32\wdi
2010-06-04 15:22:35 ----D---- C:\Windows\system32\drivers
2010-06-04 15:22:33 ----D---- C:\Windows\system32\DriverStore
2010-06-04 15:22:02 ----RD---- C:\Program Files
2010-06-02 20:52:41 ----D---- C:\Windows\rescache
2010-05-31 14:15:18 ----D---- C:\Windows\system32\NDF
2010-05-28 21:37:34 ----A---- C:\Windows\system32\MRT.exe
2010-05-27 05:51:46 ----D---- C:\Windows\system32\cs-CZ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\Windows\system32\drivers\Aavmker4.sys [2009-11-18 27728]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [2009-07-14 35328]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [2009-07-14 78336]
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-14 32256]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2010-01-29 82320]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2009-12-02 149040]
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys [2009-07-14 16896]
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2009-07-14 74240]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 55040]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 294912]
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys [2009-07-14 63488]
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 9728]
R1 ws2ifsl;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\Windows\system32\drivers\ws2ifsl.sys [2009-07-14 16384]
R2 aswMon2;avast! Standard Shield Support; C:\Windows\system32\drivers\aswMon2.sys [2009-11-18 100176]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2008-10-29 32304]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [2009-07-14 48128]
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys [2009-07-14 86528]
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2009-07-14 586752]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [2009-07-14 60928]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2009-07-14 34816]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2008-10-29 54960]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2008-10-28 31280]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2008-10-29 26288]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2008-10-29 857392]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2008-10-02 22448]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2008-04-24 309248]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys [2009-07-14 69632]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-07-14 14080]
R3 CompositeBus;Ovladač rozpoznávacího modulu složené sběrnice; C:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 31232]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2009-10-02 728648]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-14 211456]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM); C:\Windows\system32\DRIVERS\vacs2xkd.sys [2007-11-01 42880]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2009-04-20 9344]
R3 HDAudBus;Ovladač sběrnice Microsoft UAA pro zvuk High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [2009-07-14 108544]
R3 HidUsb;Ovladač třídy standardu HID Microsoft; C:\Windows\system32\DRIVERS\hidusb.sys [2009-07-14 24064]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 intelppm;Ovladač procesoru Intel; C:\Windows\system32\DRIVERS\intelppm.sys [2009-07-14 53760]
R3 kbdhid;Ovladač klávesnice standardu HID; C:\Windows\system32\DRIVERS\kbdhid.sys [2009-07-14 28160]
R3 KMW_USB;%Kensington_KMW_USB_SvcDesc%; C:\Windows\system32\DRIVERS\tkfilter.sys [2007-03-13 7040]
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft; C:\Windows\system32\DRIVERS\monitor.sys [2009-07-14 23552]
R3 mouhid;Ovladač myši standardu HID; C:\Windows\system32\DRIVERS\mouhid.sys [2009-07-14 26112]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2009-07-14 60416]
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2010-02-27 221696]
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2010-02-27 95744]
R3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys [2009-07-14 267264]
R3 netw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2008-04-28 3658752]
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 49152]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2009-07-14 75264]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys [2009-07-14 306688]
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2009-12-08 113664]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys [2009-07-14 108544]
R3 umbus;Ovladač sběrnice UMBus Enumerator; C:\Windows\system32\DRIVERS\umbus.sys [2009-07-14 39936]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\Windows\system32\DRIVERS\usbccgp.sys [2009-07-14 75264]
R3 usbehci;Ovladač miniportu vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\Windows\system32\DRIVERS\usbehci.sys [2009-07-14 41472]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\Windows\system32\DRIVERS\usbhub.sys [2009-07-14 258560]
R3 usbuhci;Ovladač miniportu univerzálního hostitelského řadiče Microsoft USB; C:\Windows\system32\DRIVERS\usbuhci.sys [2009-07-14 24064]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2008-10-29 23216]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2008-10-28 16560]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 165376]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 78336]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-07-14 11264]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2008-01-24 48904]
S3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-14 163328]
S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-14 9728]
S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [2009-07-14 146512]
S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\DRIVERS\agp440.sys [2009-07-14 53312]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys [2009-07-14 14912]
S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys [2009-07-14 55296]
S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 52736]
S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [2009-07-14 79952]
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2009-07-14 50176]
S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys [2009-07-14 76368]
S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbdx.sys [2009-07-14 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys [2009-07-14 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys [2009-07-14 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys [2009-07-14 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys [2009-07-14 12160]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys [2009-07-14 11904]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BTHMODEM;Ovladač pro komunikaci pomocí modemu Bluetooth; C:\Windows\system32\DRIVERS\bthmodem.sys [2009-07-14 56320]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 circlass;Consumer IR Devices; C:\Windows\system32\DRIVERS\circlass.sys [2009-07-14 37888]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbdx.sys [2009-07-14 3100160]
S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [2009-07-14 7168]
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2009-07-14 142336]
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys [2009-07-14 28160]
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-14 46160]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys [2009-07-14 57936]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2010-03-13 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2010-03-13 25512]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [2009-07-14 26624]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-07-14 304128]
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 21504]
S3 HidBth;Miniport Microsoft Bluetooth HID; C:\Windows\system32\DRIVERS\hidbth.sys [2009-07-14 91136]
S3 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\DRIVERS\hidir.sys [2009-07-14 37888]
S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]
S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [2009-07-14 332352]
S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [2009-07-14 41040]
S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [2009-07-14 65536]
S3 isapnp;isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [2009-07-14 46656]
S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys [2009-07-14 186960]
S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 235584]
S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys [2009-07-14 130624]
S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [2009-07-14 115792]
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 4096]
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2009-07-14 162896]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2009-07-14 6144]
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 12288]
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 27136]
S3 NETw5x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\Windows\system32\DRIVERS\NETw5x32.sys [2008-04-28 3626112]
S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys [2009-07-14 105024]
S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [2009-07-14 117312]
S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [2009-07-14 142416]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys [2009-07-14 62464]
S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys [2009-07-14 31744]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [2009-07-14 85568]
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2009-07-14 26624]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2007-02-12 75776]
S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys [2009-07-14 19968]
S3 sffdisk;SFF Storage Class Driver; C:\Windows\system32\DRIVERS\sffdisk.sys [2009-07-14 11264]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys [2009-07-14 12288]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys [2009-07-14 12800]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [2009-07-14 40016]
S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [2009-07-14 71168]
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2009-07-14 1285712]
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys [2009-07-14 30208]
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys [2009-07-14 55888]
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys [2009-07-14 57424]
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 8192]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys [2009-07-14 86016]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbohci.sys [2009-07-14 20480]
S3 usbprint;Třída USB Printer; C:\Windows\system32\DRIVERS\usbprint.sys [2009-07-14 19968]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\Windows\system32\DRIVERS\USBSTOR.SYS [2009-07-14 74752]
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [2009-07-14 26112]
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-14 159824]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
S3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys [2009-07-14 19968]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys [2009-07-14 21632]
S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WINIO;WINIO; \??\C:\Windows\system32\winio.sys [2001-11-13 41324]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2008-01-24 14728]
S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys [2009-07-14 22096]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2009-07-14 22528]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-18 354840]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-12-09 17904]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2008-09-04 1295616]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-10-29 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-10-29 326192]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-10-29 399920]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files\Windows Media Player\wmpnetwk.exe [2009-07-14 1121280]
R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\Windows\system32\SearchIndexer.exe [2009-07-14 428032]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2009-07-14 22528]
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2009-07-14 3179520]
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2009-07-14 557056]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2009-07-14 94720]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2009-07-14 522752]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42856]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 878416]
S3 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [2009-07-14 12800]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 204800]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2008-10-02 191024]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2009-07-14 35840]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2009-07-14 22528]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2009-07-14 452608]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-01 1343400]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-07-14 1202688]
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2008-07-29 3201024]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
vytěžování CPU, zpomalení pc, hlaseni trojanu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119417
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vytěžování CPU, zpomalení pc, hlaseni trojanu
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vytěžování CPU, zpomalení pc, hlaseni trojanu
Zde log z Combofixu (trval poměrně dlouho):
ComboFix 10-06-22.01 - Vlada 22.06.2010 20:47:34.4.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3063.1904 [GMT 2:00]
Spuštěný z: c:\users\Vlada\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\hpe846B.dll
D:\install.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-22 do 2010-06-22 )))))))))))))))))))))))))))))))
.
2010-06-22 19:05 . 2010-06-22 19:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-22 19:05 . 2010-06-22 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-22 18:10 . 2010-06-22 18:11 -------- d-----w- C:\rsit
2010-06-21 17:10 . 2010-06-21 20:05 -------- d-----w- c:\users\Vlada\.android
2010-06-11 08:40 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 08:40 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 08:40 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-11 08:40 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 08:40 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-04 13:22 . 2007-03-13 06:40 7040 ----a-w- c:\windows\system32\drivers\tkfilter.sys
2010-06-04 13:22 . 2010-06-04 13:22 -------- d-----w- c:\program files\Labtec
2010-06-01 09:31 . 2010-06-01 09:31 -------- d-----w- c:\windows\system32\Wat
2010-05-27 19:42 . 2010-05-27 19:42 -------- d-----w- c:\users\Vlada\AppData\Roaming\Broad Intelligence
2010-05-27 19:41 . 2010-05-27 19:42 -------- d-----w- c:\program files\MediaCoder
2010-05-26 07:52 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 19:05 . 2009-11-14 21:53 -------- d-----w- c:\users\Vlada\AppData\Roaming\DMCache
2010-06-22 18:10 . 2009-11-26 21:12 -------- d-----w- c:\program files\trend micro
2010-06-22 18:07 . 2010-01-23 21:24 -------- d-----w- c:\users\Vlada\AppData\Roaming\vlc
2010-06-22 15:06 . 2010-01-23 21:24 -------- d-----w- c:\users\Vlada\AppData\Roaming\dvdcss
2010-06-21 19:08 . 2009-11-15 17:21 -------- d-----w- c:\program files\BSplayerPro
2010-06-20 17:07 . 2009-07-14 08:44 673824 ----a-w- c:\windows\system32\perfh005.dat
2010-06-20 17:07 . 2009-07-14 08:44 138386 ----a-w- c:\windows\system32\perfc005.dat
2010-06-17 07:20 . 2010-03-27 11:17 -------- d-----w- c:\programdata\VMware
2010-06-12 08:47 . 2009-11-15 14:33 -------- d-----w- c:\programdata\Microsoft Help
2010-06-05 10:34 . 2009-11-26 21:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 10:25 . 2009-11-27 13:57 -------- d-----w- c:\program files\Microsoft
2010-05-21 12:14 . 2009-11-14 21:29 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 16:25 . 2010-05-19 16:25 -------- d-----w- c:\program files\NCH Software
2010-05-19 16:24 . 2010-05-19 16:24 -------- d-----w- c:\programdata\NCH Swift Sound
2010-05-19 16:24 . 2010-05-19 16:24 -------- d-----w- c:\users\Vlada\AppData\Roaming\NCH Swift Sound
2010-05-19 16:24 . 2010-05-19 16:24 -------- d-----w- c:\program files\NCH Swift Sound
2010-05-19 16:11 . 2010-05-19 16:11 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-18 19:07 . 2009-12-16 22:48 -------- d-----w- c:\program files\Opera
2010-05-13 08:36 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-11 11:40 . 2010-03-29 17:58 -------- d-----w- c:\users\Vlada\AppData\Roaming\DBDesigner4
2010-05-07 08:00 . 2010-05-07 07:57 -------- d-----w- c:\program files\sges-v3
2010-05-07 07:57 . 2010-05-07 07:41 -------- d-----w- c:\program files\NetBeans 6.8
2010-05-06 21:18 . 2010-05-06 20:21 -------- d-----w- c:\program files\MicroOLAP Database Designer for PostgreSQL
2010-05-06 20:24 . 2010-05-06 20:24 -------- d-----w- c:\users\Vlada\AppData\Roaming\microOLAP
2010-05-06 20:22 . 2010-05-06 20:22 -------- d-----w- c:\program files\Common Files\MicroOLAP
2010-04-30 13:38 . 2010-04-30 13:32 -------- d-----w- c:\users\Vlada\AppData\Roaming\Mount&Blade
2010-04-29 18:45 . 2009-11-14 20:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-28 19:57 . 2010-04-28 19:57 4096 ----a-w- c:\windows\d3dx.dat
2010-04-28 19:51 . 2010-04-28 19:51 -------- d-----w- c:\program files\JoWooD
2010-04-27 16:14 . 2010-03-27 11:25 -------- d-----w- c:\users\Vlada\AppData\Roaming\VMware
2010-04-27 16:01 . 2010-04-27 16:01 -------- d-----w- c:\programdata\Solidshield
2010-04-26 18:58 . 2010-04-26 18:58 -------- d-----w- c:\program files\Microsoft XNA
2010-03-31 06:00 . 2010-03-31 06:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-24 20:36 . 2010-03-24 20:36 28672 ----a-w- c:\users\Vlada\AppData\Roaming\IDM\NP_IDM5.dll
2010-03-24 20:36 . 2010-03-24 20:36 28672 ----a-w- c:\users\Vlada\AppData\Roaming\IDM\NP_IDM4.dll
2010-03-24 20:36 . 2010-03-24 20:36 28672 ----a-w- c:\users\Vlada\AppData\Roaming\IDM\NP_IDM3.dll
2010-03-24 20:36 . 2010-03-24 20:36 28672 ----a-w- c:\users\Vlada\AppData\Roaming\IDM\NP_IDM2.dll
2010-03-24 20:36 . 2010-03-24 20:36 28672 ----a-w- c:\users\Vlada\AppData\Roaming\IDM\NP_IDM1.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2006-05-03 10:06 . 2010-05-19 16:11 163328 --sh--r- c:\windows\System32\flvDX.dll
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"LWBKEYBOARD"="c:\program files\Labtec\Desktop\6.0\KbdAp32A.exe" [2007-03-26 395264]
"LWBMOUSE"="c:\program files\Labtec\Desktop\6.0\MOffice.exe" [2007-04-11 457728]
"HotkeyP"="d:\programy\Hot key\HotkeyP.exe" [2008-07-15 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HDInspector.exe"="c:\program files\Hard Drive Inspector\HDInspector.exe" [2007-10-12 999176]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-10-28 96816]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-03-13 13224]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-01 1343400]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-28 54960]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\DRIVERS\vacs2xkd.sys [2007-11-01 42880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S3 netw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2008-04-28 3658752]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 xpvcom;XPVCOM Port;c:\windows\system32\Drivers\xpvcom.sys [2007-03-23 30032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\Vlada\AppData\Roaming\Mozilla\Firefox\Profiles\40kg093f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - component: c:\users\Vlada\AppData\Roaming\Mozilla\Firefox\Profiles\40kg093f.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2547484853-3553242100-2765778578-1000_Classes\CLSID\{03e13b7f-3c56-464d-99eb-cb528ef019bc}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000068
"Therad"=dword:0000001f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
[HKEY_USERS\S-1-5-21-2547484853-3553242100-2765778578-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ab,7c,f0,8a,82,70,64,be,c9,00,78,3e,c9,f1,75,c9,af,1f,cd,a6,86,
f6,a0,b0,49,a9,59,22,fc,1a,2f,7c,92,58,80,ae,38,c4,1b,82,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2547484853-3553242100-2765778578-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e9,11,47,2c,33,ac,81,64,fe,be,b5,a2,0a,03,37,eb,be,be,a1,f7,a9,
b7,5b,96,49,7d,45,11,6b,cd,82,53,c5,6c,24,28,7b,c9,3a,61,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2547484853-3553242100-2765778578-1000_Classes\CLSID\{99c81bff-e46b-4da7-ae18-6e7ce2768451}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000153
"Therad"=dword:00000016
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="C797805E6865BE92CC4B8B9094DD95B7A3A46076FA72C2293922B7E6ABC17E8177DFB4FC310EE5B68155409A189EDE020E5AEB318C6A7F0B4381EEDF849F9279AAC221DB79F3223DB7EB9FB532BE99BC55F2665C9E6EEFC089898E00C0C9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DC038D530D6EB3452358F0F1B036BD18801F3254AE97802170B80ABC431EE67811E665594C6603EBECC11F7EFE38717629E9BACD1C726395FD09204607734A317228CC6289B56173CB289C8A3602EAA7E722C4B9470F77E90203D70A9F8F3F1F5D6FBBEF944256C23AD4930CB57DBBA6E631556AEB4157B5221AA106219A392F9C63E458ED3AFBA26C6544050317F1C5B1C780C0C6D9AF9E0BDBAE71A3E2CE816BA0EC9BDE3CA1E8CCBE4706ED5FB44FE09A88A6FF4166B0D26FEDFB9556A80CD455B1B321141D9AF4C669BB532A8CDA9DC3255EDA88EE1BACDBDC37ACCAF84BAB8C8EFECFB51527D1FF8FD8C3B4F783E8E515371EBF997E1E97145EC99BF460CAFAD6241C92C1379DB723C2B62B0A633587850B825C5670F76497872B3563A810417ED5722F7C939E0D95A1EA37DDE16374BFB54BF51D064B3A7D6C2151DF970D5C276A931CE47E6CE6CC5C5FCDF4D836E26E92A2AEF771324A33AE7BD3842C10BA6BF0AAABF81C00B9BCAD8EF70BFB0839390F4D56BA4648E0664C1323A73F34BE6F39ABECB931ABE8A1CDD003F29E34157CC413A7D43B57ECF7902F9AD149702629ED3AAE9BAD6D6124F32B9CE21F7B5E55C7252D863F54331832F200FCA51DFA63381A703D873043EE0872916E25EB168E2BC1D1FB82A6F12EBA435CFE5DB58F707C377F474FD3D51AD61E001CB184C3EE9AA9BE99CEA5A0C0691CB55568324CDD28CDE923618B83EF81AF4ED603D61F6D999564488641FED04787C76AFA94053B3A62722EC78F62F68DC00AFC5798BD8843CD6AE9D569DBB0030E2022DC36BE7AB2B1CDC8969B6FE862BA00EC80CB0DD1C962C9D2194F7A874629D3AA85BA920210B8EF024C77D3E43D97743D64873B23705E878780996A3C310D1D0268C4442DA095381F3871532EE12A9FE0414C0395333A39A30AE2347B10AA571C889C74B083FC22359AE0B53404FE1E3866BC507CE2376D5F9158D68E5F7C5385A9782E8BA1739DF53572F4ED2644E8939DE73E5ECAB026DA8E2888CED5361B6C5900A00E5D198370B2F1882A3F39E799B9003D2D475669832CE8C6F396D2C711EE0B628E482451A48F99D8696F709B3CF37EA80927F4C84B525D37E9C66DDE09789A2AB7591A66EF88C5D21703C492C1D20EB53151A5C50F146DCDB503832F28BA1B00BB73AA90F30D1B8CE5D631AC86E2807E430EBC790C9A66C5E"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-06-22 21:12:09
ComboFix-quarantined-files.txt 2010-06-22 19:12
Před spuštěním: Volných bajtů: 11 189 837 824
Po spuštění: Volných bajtů: 13 810 913 280
- - End Of File - - 19F0D6E02DD9B4D27D7E95CB6A4C0A0B
ComboFix 10-06-22.01 - Vlada 22.06.2010 20:47:34.4.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3063.1904 [GMT 2:00]
Spuštěný z: c:\users\Vlada\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\hpe846B.dll
D:\install.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-22 do 2010-06-22 )))))))))))))))))))))))))))))))
.
2010-06-22 19:05 . 2010-06-22 19:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-22 19:05 . 2010-06-22 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-22 18:10 . 2010-06-22 18:11 -------- d-----w- C:\rsit
2010-06-21 17:10 . 2010-06-21 20:05 -------- d-----w- c:\users\Vlada\.android
2010-06-11 08:40 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 08:40 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 08:40 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-11 08:40 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 08:40 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-04 13:22 . 2007-03-13 06:40 7040 ----a-w- c:\windows\system32\drivers\tkfilter.sys
2010-06-04 13:22 . 2010-06-04 13:22 -------- d-----w- c:\program files\Labtec
2010-06-01 09:31 . 2010-06-01 09:31 -------- d-----w- c:\windows\system32\Wat
2010-05-27 19:42 . 2010-05-27 19:42 -------- d-----w- c:\users\Vlada\AppData\Roaming\Broad Intelligence
2010-05-27 19:41 . 2010-05-27 19:42 -------- d-----w- c:\program files\MediaCoder
2010-05-26 07:52 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 19:05 . 2009-11-14 21:53 -------- d-----w- c:\users\Vlada\AppData\Roaming\DMCache
2010-06-22 18:10 . 2009-11-26 21:12 -------- d-----w- c:\program files\trend micro
2010-06-22 18:07 . 2010-01-23 21:24 -------- d-----w- c:\users\Vlada\AppData\Roaming\vlc
2010-06-22 15:06 . 2010-01-23 21:24 -------- d-----w- c:\users\Vlada\AppData\Roaming\dvdcss
2010-06-21 19:08 . 2009-11-15 17:21 -------- d-----w- c:\program files\BSplayerPro
2010-06-20 17:07 . 2009-07-14 08:44 673824 ----a-w- c:\windows\system32\perfh005.dat
2010-06-20 17:07 . 2009-07-14 08:44 138386 ----a-w- c:\windows\system32\perfc005.dat
2010-06-17 07:20 . 2010-03-27 11:17 -------- d-----w- c:\programdata\VMware
2010-06-12 08:47 . 2009-11-15 14:33 -------- d-----w- c:\programdata\Microsoft Help
2010-06-05 10:34 . 2009-11-26 21:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 10:25 . 2009-11-27 13:57 -------- d-----w- c:\program files\Microsoft
2010-05-21 12:14 . 2009-11-14 21:29 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 16:25 . 2010-05-19 16:25 -------- d-----w- c:\program files\NCH Software
2010-05-19 16:24 . 2010-05-19 16:24 -------- d-----w- c:\programdata\NCH Swift Sound
2010-05-19 16:24 . 2010-05-19 16:24 -------- d-----w- c:\users\Vlada\AppData\Roaming\NCH Swift Sound
2010-05-19 16:24 . 2010-05-19 16:24 -------- d-----w- c:\program files\NCH Swift Sound
2010-05-19 16:11 . 2010-05-19 16:11 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-18 19:07 . 2009-12-16 22:48 -------- d-----w- c:\program files\Opera
2010-05-13 08:36 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-11 11:40 . 2010-03-29 17:58 -------- d-----w- c:\users\Vlada\AppData\Roaming\DBDesigner4
2010-05-07 08:00 . 2010-05-07 07:57 -------- d-----w- c:\program files\sges-v3
2010-05-07 07:57 . 2010-05-07 07:41 -------- d-----w- c:\program files\NetBeans 6.8
2010-05-06 21:18 . 2010-05-06 20:21 -------- d-----w- c:\program files\MicroOLAP Database Designer for PostgreSQL
2010-05-06 20:24 . 2010-05-06 20:24 -------- d-----w- c:\users\Vlada\AppData\Roaming\microOLAP
2010-05-06 20:22 . 2010-05-06 20:22 -------- d-----w- c:\program files\Common Files\MicroOLAP
2010-04-30 13:38 . 2010-04-30 13:32 -------- d-----w- c:\users\Vlada\AppData\Roaming\Mount&Blade
2010-04-29 18:45 . 2009-11-14 20:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-28 19:57 . 2010-04-28 19:57 4096 ----a-w- c:\windows\d3dx.dat
2010-04-28 19:51 . 2010-04-28 19:51 -------- d-----w- c:\program files\JoWooD
2010-04-27 16:14 . 2010-03-27 11:25 -------- d-----w- c:\users\Vlada\AppData\Roaming\VMware
2010-04-27 16:01 . 2010-04-27 16:01 -------- d-----w- c:\programdata\Solidshield
2010-04-26 18:58 . 2010-04-26 18:58 -------- d-----w- c:\program files\Microsoft XNA
2010-03-31 06:00 . 2010-03-31 06:00 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-24 20:36 . 2010-03-24 20:36 28672 ----a-w- c:\users\Vlada\AppData\Roaming\IDM\NP_IDM5.dll
2010-03-24 20:36 . 2010-03-24 20:36 28672 ----a-w- c:\users\Vlada\AppData\Roaming\IDM\NP_IDM4.dll
2010-03-24 20:36 . 2010-03-24 20:36 28672 ----a-w- c:\users\Vlada\AppData\Roaming\IDM\NP_IDM3.dll
2010-03-24 20:36 . 2010-03-24 20:36 28672 ----a-w- c:\users\Vlada\AppData\Roaming\IDM\NP_IDM2.dll
2010-03-24 20:36 . 2010-03-24 20:36 28672 ----a-w- c:\users\Vlada\AppData\Roaming\IDM\NP_IDM1.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2006-05-03 10:06 . 2010-05-19 16:11 163328 --sh--r- c:\windows\System32\flvDX.dll
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"LWBKEYBOARD"="c:\program files\Labtec\Desktop\6.0\KbdAp32A.exe" [2007-03-26 395264]
"LWBMOUSE"="c:\program files\Labtec\Desktop\6.0\MOffice.exe" [2007-04-11 457728]
"HotkeyP"="d:\programy\Hot key\HotkeyP.exe" [2008-07-15 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HDInspector.exe"="c:\program files\Hard Drive Inspector\HDInspector.exe" [2007-10-12 999176]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-10-28 96816]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-03-13 13224]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-01 1343400]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-28 54960]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\DRIVERS\vacs2xkd.sys [2007-11-01 42880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S3 netw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2008-04-28 3658752]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 xpvcom;XPVCOM Port;c:\windows\system32\Drivers\xpvcom.sys [2007-03-23 30032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\Vlada\AppData\Roaming\Mozilla\Firefox\Profiles\40kg093f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - component: c:\users\Vlada\AppData\Roaming\Mozilla\Firefox\Profiles\40kg093f.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2547484853-3553242100-2765778578-1000_Classes\CLSID\{03e13b7f-3c56-464d-99eb-cb528ef019bc}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000068
"Therad"=dword:0000001f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
[HKEY_USERS\S-1-5-21-2547484853-3553242100-2765778578-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ab,7c,f0,8a,82,70,64,be,c9,00,78,3e,c9,f1,75,c9,af,1f,cd,a6,86,
f6,a0,b0,49,a9,59,22,fc,1a,2f,7c,92,58,80,ae,38,c4,1b,82,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2547484853-3553242100-2765778578-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e9,11,47,2c,33,ac,81,64,fe,be,b5,a2,0a,03,37,eb,be,be,a1,f7,a9,
b7,5b,96,49,7d,45,11,6b,cd,82,53,c5,6c,24,28,7b,c9,3a,61,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2547484853-3553242100-2765778578-1000_Classes\CLSID\{99c81bff-e46b-4da7-ae18-6e7ce2768451}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000153
"Therad"=dword:00000016
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="C797805E6865BE92CC4B8B9094DD95B7A3A46076FA72C2293922B7E6ABC17E8177DFB4FC310EE5B68155409A189EDE020E5AEB318C6A7F0B4381EEDF849F9279AAC221DB79F3223DB7EB9FB532BE99BC55F2665C9E6EEFC089898E00C0C9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DC038D530D6EB3452358F0F1B036BD18801F3254AE97802170B80ABC431EE67811E665594C6603EBECC11F7EFE38717629E9BACD1C726395FD09204607734A317228CC6289B56173CB289C8A3602EAA7E722C4B9470F77E90203D70A9F8F3F1F5D6FBBEF944256C23AD4930CB57DBBA6E631556AEB4157B5221AA106219A392F9C63E458ED3AFBA26C6544050317F1C5B1C780C0C6D9AF9E0BDBAE71A3E2CE816BA0EC9BDE3CA1E8CCBE4706ED5FB44FE09A88A6FF4166B0D26FEDFB9556A80CD455B1B321141D9AF4C669BB532A8CDA9DC3255EDA88EE1BACDBDC37ACCAF84BAB8C8EFECFB51527D1FF8FD8C3B4F783E8E515371EBF997E1E97145EC99BF460CAFAD6241C92C1379DB723C2B62B0A633587850B825C5670F76497872B3563A810417ED5722F7C939E0D95A1EA37DDE16374BFB54BF51D064B3A7D6C2151DF970D5C276A931CE47E6CE6CC5C5FCDF4D836E26E92A2AEF771324A33AE7BD3842C10BA6BF0AAABF81C00B9BCAD8EF70BFB0839390F4D56BA4648E0664C1323A73F34BE6F39ABECB931ABE8A1CDD003F29E34157CC413A7D43B57ECF7902F9AD149702629ED3AAE9BAD6D6124F32B9CE21F7B5E55C7252D863F54331832F200FCA51DFA63381A703D873043EE0872916E25EB168E2BC1D1FB82A6F12EBA435CFE5DB58F707C377F474FD3D51AD61E001CB184C3EE9AA9BE99CEA5A0C0691CB55568324CDD28CDE923618B83EF81AF4ED603D61F6D999564488641FED04787C76AFA94053B3A62722EC78F62F68DC00AFC5798BD8843CD6AE9D569DBB0030E2022DC36BE7AB2B1CDC8969B6FE862BA00EC80CB0DD1C962C9D2194F7A874629D3AA85BA920210B8EF024C77D3E43D97743D64873B23705E878780996A3C310D1D0268C4442DA095381F3871532EE12A9FE0414C0395333A39A30AE2347B10AA571C889C74B083FC22359AE0B53404FE1E3866BC507CE2376D5F9158D68E5F7C5385A9782E8BA1739DF53572F4ED2644E8939DE73E5ECAB026DA8E2888CED5361B6C5900A00E5D198370B2F1882A3F39E799B9003D2D475669832CE8C6F396D2C711EE0B628E482451A48F99D8696F709B3CF37EA80927F4C84B525D37E9C66DDE09789A2AB7591A66EF88C5D21703C492C1D20EB53151A5C50F146DCDB503832F28BA1B00BB73AA90F30D1B8CE5D631AC86E2807E430EBC790C9A66C5E"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-06-22 21:12:09
ComboFix-quarantined-files.txt 2010-06-22 19:12
Před spuštěním: Volných bajtů: 11 189 837 824
Po spuštění: Volných bajtů: 13 810 913 280
- - End Of File - - 19F0D6E02DD9B4D27D7E95CB6A4C0A0B
-
Rudy
- Site Admin
- Příspěvky: 119417
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vytěžování CPU, zpomalení pc, hlaseni trojanu
2 položky smazány, zbytek logu vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vytěžování CPU, zpomalení pc, hlaseni trojanu
Zrestartuji pc, a otestuji provoz, zitra odpoledne dám vědět, jestli se chování zlepšilo, zatím děkuji a přeji pěkný večer!
-
Rudy
- Site Admin
- Příspěvky: 119417
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vytěžování CPU, zpomalení pc, hlaseni trojanu
Též pěkný večer a zatím nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vytěžování CPU, zpomalení pc, hlaseni trojanu
Zdá se, že se to zlepšilo, díky za pomoc 
-
Rudy
- Site Admin
- Příspěvky: 119417
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vytěžování CPU, zpomalení pc, hlaseni trojanu
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?