Zdravim, procesor u notebooku jede na asi 90-100% pořád, píše se to v tom Vista panelu :)
ComboFix 09-06-05.02 - Hp 05.06.2009 23:59.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3069.1572 [GMT 2:00]
Spuštěný z: c:\users\Hp\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-05 do 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-05 21:58 . 2009-06-05 22:08 -------- d-s---w- \ComboFix
2009-06-05 20:31 . 2009-06-05 22:07 -------- d-----w- c:\users\Hp\AppData\Local\temp
2009-06-05 20:23 . 2009-06-05 20:23 -------- d-----w- \Qoobox
2009-06-05 19:40 . 2009-06-05 19:40 -------- d---a-w- c:\windows\system32\runouce.exe
2009-06-05 19:37 . 2009-06-05 19:37 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-06-05 19:37 . 2009-06-05 19:37 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-06-05 19:37 . 2009-06-05 19:37 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-06-05 19:37 . 2009-06-05 19:37 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-06-05 19:37 . 2009-06-05 19:37 -------- d-----w- c:\programdata\MicroWorld
2009-06-05 18:52 . 2009-06-05 19:05 -------- d-----w- c:\program files\trend micro
2009-06-05 17:15 . 2009-06-05 17:15 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-05 17:15 . 2009-06-05 17:17 -------- d-----w- c:\program files\Hamachi
2009-06-05 13:15 . 2009-06-05 13:16 -------- d-----w- c:\program files\Metin2_CZ
2009-05-29 13:22 . 2009-05-29 13:22 -------- d-----w- c:\windows\Sun
2009-05-27 20:40 . 2009-05-27 20:40 -------- d-----w- c:\program files\uTorrent
2009-05-27 20:40 . 2009-05-30 10:29 -------- d-----w- c:\users\Hp\AppData\Roaming\uTorrent
2009-05-26 20:09 . 2009-05-26 20:09 -------- d-----w- c:\programdata\Google Updater
2009-05-18 16:39 . 2009-06-05 21:35 45248 ----a-w- c:\windows\system32\perfh005.dat
2009-05-18 16:39 . 2009-06-05 21:35 11240 ----a-w- c:\windows\system32\perfc005.dat
2009-05-16 11:38 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-05-16 11:38 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-05-16 11:37 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-05-16 11:37 . 2009-02-13 08:49 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-05-16 11:37 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-05-16 11:37 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-05-16 11:37 . 2009-02-13 08:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-05-16 11:34 . 2008-12-05 04:32 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-05-16 11:34 . 2008-12-05 04:32 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-05-16 11:34 . 2008-04-12 03:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-16 11:34 . 2008-04-26 08:26 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-05-16 11:34 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-05-16 11:34 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-05-16 11:34 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-05-16 11:33 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-05-16 11:32 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-05-16 11:32 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-05-16 11:32 . 2008-11-01 01:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-16 11:31 . 2008-12-16 05:31 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-05-16 11:31 . 2008-12-16 05:31 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-05-16 11:31 . 2008-12-16 03:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-05-16 11:29 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-05-16 09:45 . 2009-05-16 09:45 -------- d-----w- c:\programdata\TomTom
2009-05-16 09:45 . 2009-05-16 09:45 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-05-16 07:02 . 2009-05-16 07:02 -------- d-----w- c:\program files\LFS
2009-05-15 21:05 . 2009-05-15 21:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-15 21:04 . 2009-05-15 21:04 -------- d-----w- c:\users\Hp\AppData\Local\O&O
2009-05-15 20:49 . 2009-05-15 20:49 0 --sha-r- \MSDOS.SYS
2009-05-15 20:49 . 2009-05-15 20:49 0 --sha-r- \IO.SYS
2009-05-15 20:39 . 2009-05-15 20:42 -------- d-----w- c:\users\Hp\AppData\Roaming\vlc
2009-05-15 20:38 . 2009-05-15 20:38 -------- d-----w- c:\program files\VideoLAN
2009-05-15 20:31 . 2009-05-15 20:31 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-05-09 22:03 . 2009-05-09 22:06 -------- d-----w- C:\Andrea
2009-05-09 22:03 . 2009-05-09 22:06 -------- d-----w- \Andrea
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 22:09 . 2009-04-04 18:24 -------- d-----w- c:\users\Hp\AppData\Roaming\Skype
2009-06-05 22:06 . 2008-07-26 01:17 3218956288 --sha-w- \hiberfil.sys
2009-06-05 22:06 . 2008-07-26 00:29 3532546048 --sha-w- \pagefile.sys
2009-06-05 22:05 . 2008-07-26 00:36 836 ----a-w- c:\windows\bthservsdp.dat
2009-06-05 22:05 . 2009-04-04 18:25 -------- d-----w- c:\users\Hp\AppData\Roaming\skypePM
2009-06-05 21:35 . 2008-06-11 23:32 718846 ----a-w- c:\windows\system32\perfh015.dat
2009-06-05 21:35 . 2008-06-11 23:32 151194 ----a-w- c:\windows\system32\perfc015.dat
2009-06-05 20:20 . 2009-04-04 19:19 -------- d-----w- c:\users\Hp\AppData\Roaming\Hamachi
2009-06-03 06:55 . 2009-04-06 05:54 1 ----a-w- c:\users\Hp\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-26 20:12 . 2009-04-04 18:23 -------- d-----w- c:\program files\Google
2009-05-18 14:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-16 06:38 . 2009-04-04 18:30 -------- d-----w- c:\users\Hp\AppData\Roaming\ICQ
2009-05-15 21:04 . 2008-06-11 15:15 -------- d-----w- c:\program files\Java
2009-05-15 20:46 . 2009-05-15 20:46 2678 ----a-w- c:\windows\Java\Packages\Data\2ZZ9NBNT.DAT
2009-05-15 20:46 . 2009-05-15 20:46 2678 ----a-w- c:\windows\Java\Packages\Data\0P77J1BD.DAT
2009-05-15 20:46 . 2009-05-15 20:46 2678 ----a-w- c:\windows\Java\Packages\Data\JBN1FF7R.DAT
2009-05-15 20:46 . 2009-05-15 20:46 2678 ----a-w- c:\windows\Java\Packages\Data\A86DVTVD.DAT
2009-05-05 18:02 . 2009-05-05 18:02 -------- d-----w- c:\users\Hp\AppData\Roaming\TomTom
2009-05-05 18:02 . 2009-05-05 18:02 -------- d-----w- c:\program files\TomTom International B.V
2009-05-05 18:01 . 2009-05-05 18:01 -------- d-----w- c:\program files\TomTom HOME 2
2009-04-29 11:25 . 2009-04-04 22:50 -------- d-----w- c:\program files\Opera 10 Preview
2009-04-25 21:13 . 2009-04-25 21:13 -------- d-----w- c:\program files\Haali
2009-04-20 10:16 . 2009-04-04 22:13 -------- d-----w- c:\users\Hp\AppData\Roaming\GHISLER
2009-04-19 19:14 . 2009-04-19 18:31 -------- d-----w- c:\program files\Sony
2009-04-19 18:41 . 2009-04-19 18:41 -------- d-----w- c:\users\Hp\AppData\Roaming\Sony Corporation
2009-04-19 18:35 . 2008-06-11 13:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-19 18:30 . 2009-04-19 18:30 10134 ----a-r- c:\users\Hp\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
2009-04-19 18:30 . 2009-04-19 18:30 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-04-19 18:29 . 2009-04-19 18:29 -------- d-----w- c:\programdata\Sony Corporation
2009-04-19 17:56 . 2009-04-19 17:56 -------- d-----w- c:\users\Hp\AppData\Roaming\InstallShield
2009-04-16 17:22 . 2009-04-16 17:22 -------- d-----w- c:\program files\Opera
2009-04-10 15:22 . 2009-04-10 15:21 -------- d-----w- c:\program files\IrfanView
2009-04-10 15:21 . 2009-04-10 15:21 -------- d-----w- c:\users\Hp\AppData\Roaming\IrfanView
2009-04-10 05:30 . 2009-04-10 05:30 -------- d-----w- c:\program files\QuickTime
2009-04-10 05:29 . 2009-04-10 05:29 -------- d-----w- c:\programdata\Apple Computer
2009-04-10 05:28 . 2009-04-10 05:28 -------- d-----w- c:\program files\Apple Software Update
2009-04-10 05:28 . 2009-04-10 05:28 -------- d-----w- c:\programdata\Apple
2009-04-06 16:09 . 2009-02-20 13:37 106824 ----a-w- c:\users\Hp\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-04 22:33 . 2009-04-04 22:33 193824 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-04-04 22:33 . 2009-04-04 22:33 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-04-04 18:25 . 2009-04-04 18:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-04 08:32 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-04 08:12 . 2009-04-04 08:13 737280 ----a-w- c:\windows\iun6002.exe
2009-04-02 15:39 . 2009-04-02 15:39 34724 ----a-w- c:\windows\inf\PERFLIB\0405\perfd.dat
2009-04-02 15:39 . 2009-04-02 15:39 34724 ----a-w- c:\windows\inf\PERFLIB\0405\perfc.dat
2009-04-02 15:39 . 2009-04-02 15:39 286912 ----a-w- c:\windows\inf\PERFLIB\0405\perfi.dat
2009-04-02 15:39 . 2009-04-02 15:39 286912 ----a-w- c:\windows\inf\PERFLIB\0405\perfh.dat
2009-03-08 11:34 . 2009-05-16 11:53 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-16 11:53 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-16 11:53 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-16 11:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-16 11:53 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-16 11:53 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-16 11:53 132608 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-16 11:53 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-16 11:53 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-16 11:53 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-16 11:53 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-16 11:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-16 11:53 66560 ----a-w- c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-16 11:53 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-16 11:53 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-16 11:53 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-16 11:53 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-16 11:53 156160 ----a-w- c:\windows\system32\msls31.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-04 39408]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-24 251240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-17 1033512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-16 442433]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-15 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-19 2245984]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
c:\users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
Picture Motion Browser Medien-Prfung.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-4-19 380928]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1771170135-3552977847-6501162-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{70E15C6F-F34B-48CA-BBBE-11E2763AAC6A}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{97D70102-0218-4AAF-BB86-4412765E7C7B}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{C460AC67-3968-46E7-91FB-2CC238E7C371}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{06C83265-FE96-481B-ABB2-F013E2BDB3B1}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E26EF6F4-FF92-4AA9-B1A4-F106A0D2FF07}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{17B564DC-3F3B-4BE1-848F-A2C7F148B2D4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{799F4848-48D3-4185-BC83-437DF93AE72D}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{BA583E36-58A4-42AF-943D-C9BCE847E1E5}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{BF8DF9BB-54A5-4FEE-98BF-E9E5AE23EED3}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{C22C981F-19C8-4812-A6F6-54427D292689}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{DB66D3E8-1ED8-4955-A874-28A2DD361D3C}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{08E95082-B7C3-4A59-997F-3EBA78F76904}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{74028197-84EA-4556-83DC-26F5842F35A7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C2E916F1-61C0-4AC2-B0C4-9CBAD9A169D8}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{4C330B59-AA26-4A7E-B461-918A87CCF3DA}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"TCP Query User{34604DD9-CFC5-4EA5-AE99-2E2DCA60ABBD}c:\\users\\hp\\desktop\\chmat ziduv\\zidbure server.exe.exe"= UDP:c:\users\hp\desktop\chmat ziduv\zidbure server.exe.exe:zidbure server.exe.exe
"UDP Query User{D0F6FAF1-4ACB-4BA4-A817-7E0A6ED03A13}c:\\users\\hp\\desktop\\chmat ziduv\\zidbure server.exe.exe"= TCP:c:\users\hp\desktop\chmat ziduv\zidbure server.exe.exe:zidbure server.exe.exe
"TCP Query User{F4232D71-EF1D-4A1A-820D-B34D48F9CF12}c:\\users\\hp\\desktop\\chmatakov15n.exe"= UDP:c:\users\hp\desktop\chmatakov15n.exe:chmatakov15n.exe
"UDP Query User{9849FCBC-3C15-4EF1-A16D-4B5D767438BA}c:\\users\\hp\\desktop\\chmatakov15n.exe"= TCP:c:\users\hp\desktop\chmatakov15n.exe:chmatakov15n.exe
"{A9E077C1-10FB-4FE5-BBE2-38CE7E1D5C9A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{41BE04D4-4837-402B-8FD5-69CE4E9DA01B}c:\\users\\hp\\desktop\\chmatakov15n.exe"= UDP:c:\users\hp\desktop\chmatakov15n.exe:chmatakov15n.exe
"UDP Query User{DD69DD1D-D97B-420F-8C57-5883921EFEBE}c:\\users\\hp\\desktop\\chmatakov15n.exe"= TCP:c:\users\hp\desktop\chmatakov15n.exe:chmatakov15n.exe
"TCP Query User{04051DA5-E45D-43E4-A897-E9095ABADF65}c:\\users\\hp\\desktop\\chmat ziduv\\zidbure server.exe.exe"= UDP:c:\users\hp\desktop\chmat ziduv\zidbure server.exe.exe:zidbure server.exe.exe
"UDP Query User{B40EF847-F424-412C-8ED8-F73782A0FAD0}c:\\users\\hp\\desktop\\chmat ziduv\\zidbure server.exe.exe"= TCP:c:\users\hp\desktop\chmat ziduv\zidbure server.exe.exe:zidbure server.exe.exe
"TCP Query User{82C044DC-ABEE-432A-A453-6755EC489A76}c:\\users\\hp\\desktop\\server01.exe"= UDP:c:\users\hp\desktop\server01.exe:server01.exe
"UDP Query User{6143399A-1906-432A-92C8-7371FCA18546}c:\\users\\hp\\desktop\\server01.exe"= TCP:c:\users\hp\desktop\server01.exe:server01.exe
"TCP Query User{1762DFEF-279F-42B9-89BF-3376FB6C9F28}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{BF0D8C3E-2D85-4B29-A98D-DC8EE10AC995}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"TCP Query User{D6A1C32D-5958-4201-A0C5-98F5F7D65AB0}c:\\program files\\pinnacle\\studio 12\\programs\\studio.exe"= UDP:c:\program files\pinnacle\studio 12\programs\studio.exe:Studio program file
"UDP Query User{BF860D5B-EA9A-4A6F-A8A0-77B48D6C755E}c:\\program files\\pinnacle\\studio 12\\programs\\studio.exe"= TCP:c:\program files\pinnacle\studio 12\programs\studio.exe:Studio program file
"TCP Query User{4C6E66B4-A1EA-41CE-B78E-1FFC36043CCF}c:\\totalcmd\\totalcmd.exe"= UDP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{D02210F1-AECB-4BB7-BB8D-D9394F3FD3FD}c:\\totalcmd\\totalcmd.exe"= TCP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{5FCF19FA-232B-40C3-ADA4-8E4A85AAADD4}c:\\naturista\\chmatakov15.exe.exe"= UDP:c:\naturista\chmatakov15.exe.exe:Multimedia Fusion Stand Alone Application
"UDP Query User{D2DE835E-1747-4ABE-A784-68FE83BCAECA}c:\\naturista\\chmatakov15.exe.exe"= TCP:c:\naturista\chmatakov15.exe.exe:Multimedia Fusion Stand Alone Application
"TCP Query User{138FCE68-7C51-4A99-9083-45E21B687B86}c:\\totalcmd\\totalcmd.exe"= UDP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{1F29300D-2F9E-4821-8227-5AEC1A8F725A}c:\\totalcmd\\totalcmd.exe"= TCP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"{194E481F-9B8D-4C6F-8E25-5A599389A484}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{42E96676-F090-4473-BD8C-B681513DB309}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{058743D5-DE44-487F-9FE4-D327C0A2C16E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BC21C017-AAD3-47EA-8D18-266CEE8CA1FC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A5084FF4-A781-472E-8F3C-31BCBC27919A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4FC11146-6AF5-4BE5-A23F-1E9146E463A9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B2B55BF0-4D2F-4347-A9D8-FBCE9D6936CF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{9E98EB72-6066-49D5-840B-602AEA6EE25A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{508F7D6D-1D5A-4069-9963-1492185B933B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9C427709-414F-4713-A766-16CBDAC9F4A6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9B8A5119-3C00-4A8A-9913-8EB710CBF00B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{55D1610F-2079-44E9-80C3-624BF0E84DDC}c:\\program files\\google\\chrome\\application\\chrome.exe"= UDP:c:\program files\google\chrome\application\chrome.exe:Google Chrome
"UDP Query User{418427D9-FC67-4A81-B363-984768A36FAB}c:\\program files\\google\\chrome\\application\\chrome.exe"= TCP:c:\program files\google\chrome\application\chrome.exe:Google Chrome
"{5DE7EE1C-3A60-41F8-AD37-5D090AF4DBE4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C9F3AE62-8CEA-4C2D-BD97-2352D7B98E47}"= c:\program files\Skype\Phone\Skype.exe:Skype
R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [26.7.2008 2:50 15416]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [11.6.2008 16:12 61424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe [26.7.2008 2:46 73728]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [6.2.2009 14:24 92800]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18.3.2008 16:24 19456]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [4.4.2009 20:31 222456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [11.6.2008 17:10 341328]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\System32\dllhost.exe [2.11.2006 10:50 7168]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.4.2009 13:57 92008]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [26.3.2008 18:27 595248]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11.6.2008 16:25 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [23.1.2008 23:23 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [1.4.2008 13:14 81296]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20.12.2007 17:13 1553896]
R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [26.3.2008 18:28 40752]
S2 gupdate1c9de3eec4506f;Služba Google Update (gupdate1c9de3eec4506f);c:\program files\Google\Update\GoogleUpdate.exe [26.5.2009 22:10 133104]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-06-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-04 20:09]
2009-06-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 20:10]
2009-06-05 c:\windows\Tasks\User_Feed_Synchronization-{6DC6DCC9-BCFB-4FD7-B98A-94AA70C8BC9A}.job
- c:\windows\system32\msfeedssync.exe [2009-05-16 11:31]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
SafeBoot-procexp90.Sys
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 00:09
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,8a,a0,a4,84,6a,
48,46,22,e2,63,26,f1,3f,c8,ff,68,1d,06,2f,c5,65,31,87,d2,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,99,a2,66,f0,5b,
57,20,ea,6a,9c,d6,61,af,45,84,18,12,08,79,ef,2d,8d,59,d5,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c0,91,0b,78,05,
82,9c,9e,ff,7c,85,e0,43,d4,0e,fe,9c,27,6f,49,5b,17,72,06,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,2e,a4,62,9b,3d,
2e,83,4f,86,8c,21,01,be,91,eb,e7,3d,dc,46,40,ff,bf,ff,df,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,93,a4,fe,96,1d,
5c,bf,15,f5,1d,4d,73,a8,13,5c,05,40,f2,4f,64,f0,6c,c2,f5,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,dd,e2,54,b4,ee,
a9,99,4f,df,20,58,62,78,6b,cf,c8,0d,b9,ad,9d,94,94,51,23,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,a7,45,17,a9,b2,
e5,bc,60,fb,a7,78,e6,12,2f,9a,ea,97,c6,23,06,02,54,47,c0,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,7e,9e,53,d2,a3,
16,5a,ba,01,3a,48,fc,e8,04,4a,f1,2e,86,4a,80,a3,f3,9d,8c,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,5c,ae,70,af,21,
44,20,d1,f6,0f,4e,58,98,5b,89,c9,5a,1b,d3,d2,cc,f0,b7,ff,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,e7,d1,8f,9d,dd,
6b,b9,9c,3d,ce,ea,26,2d,45,aa,78,0b,86,aa,3c,4e,42,05,08,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,fa,e5,8b,1c,eb,
08,d4,3d,2a,b7,cc,b5,b9,7f,41,e7,dd,99,e6,52,38,22,84,c5,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,1d,c2,12,c7,15,
ee,c5,3f,6c,43,2d,1e,aa,22,2f,9c,08,3d,e2,ac,cf,e1,8f,cd,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="57C0FEEF89F5CFBDBC70DC86F27C0515D06021B538D9037C8BAA7814CC7E9B1B19DC075898114343F9187FA39605EA5F3108C215966A69B5002A96B57A247B7838DD652E11614423164A0F537A6771B035144D7A23B2E0140A6229A5C360DA90F0AE77777BEADFD64DEF7181F73701F43B8AD057A7F2C696C71507F984BEB499C36F8090E5284A6722A571EF6C7CA2AB64233EF074E0A0D31CB96C1F1DC0235BF5F3A2A9E0875672D83CBC333A3187E818CCEFE2DA2396F1AE7AFAD271DAE9358DC369C6006BFE2BF9B66633C64481D200A82098B156F2AE6AB636A7E7F7EC96D61AC13EDC29E35753CFE5AEFA1A86A4090DED55D209A7597E7F0705ECFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3D9DB7CE019D40AA5CCD208BBB4AA0B14393CA3F9F6FE8BE438C9C04B9750D072F3A04473F619A1EA998CADFEA356F2BEBF98BD53CB7725007B5A0EEC28553E7BCA03A100479DB09E35F6FF1DFDE55DF62FCED9819F4F7D8AFD933ACDB45EE976FE9D3966347EC3E93BFDD731F56C90A1765BB4EFC73B836C090B2BB2D5B8A387C97692D866D7FC73F45892BF3DAA737816E60D5F330DA9AC1DFA52D212533429B2039385BC52A02F07507F6ECE42FC99DC7EB9C4B5EE38E3EC6B4A5E9B05A020A6CA43493DC659D35479245DA9B82F6E616912A1865426BC6B5ADDF7AC2D497885B33AFA272139F1D250C17D3DDA948E2712A9331DE47DF6D117F298BD15C745B3E8C4AC3FAF2DF41EDF406B3BC111C97E5B0853119A4EF4B33416199898EE24C5C7FBCF11F2E8B38F3F4BC967D07248F73C44276977570FB682A7E63496C7EA66EFDD0EFBC4BA4A17FD5FAE0993E65590E2B1C2510B48E1E7118096DA55BB5BB231FE3C2E23BFE1D4B8892B63FCFBB861E4CFD25ECC14755840B20016526CBDF1D9AE8B2D6CF4353879EEC03D0B6522F7E32E0214DE2ED4B4929732A04785BEBF05066CC103FEE6B54CD03F3E0512CED800F57860340A9A85D3AC838B1E34DBBA94076E33CA5D113CBF3E57BBBE31E60E7B5838B16E5F4A0512C79BF515FE2B14512470B3C7E907D768DB651DD9554AAEB9CA0A43FC31EE32B0F7319F9C1AFB1B50F9A9DA2AE25DFD5BE306C79714A71B962788DEDAE49AAE218B5DF784B1CA3602447B5B97ADB72DACD9B8DF2675361F0456CC7C45F6B31E620D7734B1BE275A0E4B7B77E8E54F4EC2657B664CA1428A429F0921A71D0B717A303F926B793164386E9471FF785A767D5D7AD9A538578DE950E77F7E59780C84473DA710B92FB8AE2F0CC02A9B6D09991A47B981BF78998385F421DA1B15344C6F9C1C761971E2C7771F6BEF7843AC6AD57EE13240C15C5DF9601FDEBE7FDC794FD"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\DPPWDFLT.dll
- - - - - - - > 'Explorer.exe'(2080)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\wlanext.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\msdtc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2009-06-05 0:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-05 22:15
Před spuštěním: Volných bajtů: 211 699 355 648
Po spuštění: Volných bajtů: 211 198 971 904
407 --- E O F --- 2009-05-16 12:10
Procesor u ntb na 100% +-
-
CZechBoY
- Master Level 9.5
- Příspěvky: 8813
- Registrován: srpen 08
- Bydliště: Brno
- Pohlaví:
- Stav:
Offline
- Kontakt:
Procesor u ntb na 100% +-
PHP, Nette, MySQL, C#, TypeScript, Python
IntelliJ Idea, Docker, Opera browser, Linux Mint
iPhone XS
Raspberry PI 3 (KODI, Raspbian)
XBox One S, PS 4, nVidia GeForce NOW
IntelliJ Idea, Docker, Opera browser, Linux Mint
iPhone XS
Raspberry PI 3 (KODI, Raspbian)
XBox One S, PS 4, nVidia GeForce NOW
-
Crave
- Level 4
- Příspěvky: 1300
- Registrován: říjen 06
- Bydliště: Huštěnovice - Brno
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Procesor u ntb na 100% +-
hod sem i HJT log..pro jistotu..to ti vypisuje procesy, tak to možná vypíše a odhalí aj nějakou potvoru..:)
-
CZechBoY
- Master Level 9.5
- Příspěvky: 8813
- Registrován: srpen 08
- Bydliště: Brno
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Procesor u ntb na 100% +-
Možná by ses mohl kouknout na nadpis: Jiné spuštěné procesy, tam to je taky 
PHP, Nette, MySQL, C#, TypeScript, Python
IntelliJ Idea, Docker, Opera browser, Linux Mint
iPhone XS
Raspberry PI 3 (KODI, Raspbian)
XBox One S, PS 4, nVidia GeForce NOW
IntelliJ Idea, Docker, Opera browser, Linux Mint
iPhone XS
Raspberry PI 3 (KODI, Raspbian)
XBox One S, PS 4, nVidia GeForce NOW
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Procesor u ntb na 100% +-
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkus ve správci úloh zastavit: c:\program files\Windows Media Player\wmpnetwk.exe
Stáhni si a spusť DDS (by sUBs)
a ulož si ho na plochu.
- spusť ho, objeví se ti okno a tak do něho neklikej a počkej až program proběhne
- po ukončení své činnosti program vytvoří 2 logy a vyhodí ti informativní okno. To zavři přes OK
- vlož sem pak celý obsah logu z DDS
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\bthservsdp.dat
c:\windows\system32\ezsidmv.dat
c:\windows\iun6002.exe
Registry::
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1771170135-3552977847-6501162-1000]
"EnableNotificationsRef"=dword:00000000Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkus ve správci úloh zastavit: c:\program files\Windows Media Player\wmpnetwk.exe
Stáhni si a spusť DDS (by sUBs)
a ulož si ho na plochu.
- spusť ho, objeví se ti okno a tak do něho neklikej a počkej až program proběhne
- po ukončení své činnosti program vytvoří 2 logy a vyhodí ti informativní okno. To zavři přes OK
- vlož sem pak celý obsah logu z DDS
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 81 hostů