Vytazenie CPU na 100% svchost.exe

Zpráva

gogy27 · #1 Příspěvek od **gogy27** » 30 lis 2011 18:58

Zdravim,
chcel by som Vas poprosit a skontrolovanie mojho logu. Mam problem, ze vacsinou casu moj CPU mojho PC je vytazeny na 100%, pomaly to neskor klesne na take rozhranie od 70-100 a tam to uz zostane po cely cas.
Pc som skontroloval cez MBAM, kde som odstranil jeden virus a aj cez Microsoft Essential, kde bol taktiez 1 alebo 2 virusy.
Pripajam log z MBAM a HiJackThis.
Dakujem za pomoc.

HiJackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:04, on 30. 11. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\T-Mobile Communication Center\TMCC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: T-Mobile Communication Center.lnk = C:\Program Files (x86)\T-Mobile Communication Center\TMCC.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B059CF4-CEA6-40AC-9042-92255D9F85AC}: NameServer = 92.245.2.245,92.245.2.162
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Unknown owner - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7552 bytes

MBAM
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verzia databázy: 8279

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30. 11. 2011 18:39:41
mbam-log-2011-11-30 (18-39-41).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 173674
Uplynutý čas: 27 min, 16 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 1

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\Users\Cunky\AppData\Local\Temp\opr. pkuniverzita sv.doc (Trojan.Agent) -> Quarantined and deleted successfully.

gogy27 · #2 Příspěvek od **gogy27** » 30 lis 2011 19:06

momentalne som precistil PC aj s CCleaner a nejak ten svchost klesol a je to zvladnutelne, skusim restartovat PC. Aj tak vsak budem rad ak mi poviete co fixnut popripade odstranit

EDIT: Po restartovani PC je to opat 100%

gogy27 · #3 Příspěvek od **gogy27** » 30 lis 2011 21:02

este pripojim kod z RSIT, ak to pomoze viac.

log
Logfile of random's system information tool 1.09 (written by random/random)
Run by Cunky at 2011-11-30 20:44:48
Microsoft Windows 7 Ultimate
System drive C: has 11 GB (7%) free of 150 GB
Total RAM: 3037 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:45:43, on 30. 11. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\T-Mobile Communication Center\TMCC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Cunky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: T-Mobile Communication Center.lnk = C:\Program Files (x86)\T-Mobile Communication Center\TMCC.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B059CF4-CEA6-40AC-9042-92255D9F85AC}: NameServer = 92.245.2.245,92.245.2.162
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Unknown owner - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7319 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Cunky\AppData\Roaming\Mozilla\Firefox\Profiles\f6lpg8rs.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, toolbar@ask.com:3.11.3.15590, plugin3@gameplaylabs.com:3.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"smartwebprinting@hp.com"=C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
npwachk.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Cunky\AppData\Roaming\Mozilla\Firefox\Profiles\f6lpg8rs.default\extensions\
plugin3@gameplaylabs.com
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Users\Cunky\AppData\Roaming\Mozilla\Firefox\Profiles\f6lpg8rs.default\searchplugins\
askcom.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
T-Mobile Communication Center.lnk - C:\Program Files (x86)\T-Mobile Communication Center\TMCC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2011-11-30 20:44:48 ----D---- C:\rsit
2011-11-30 18:44:47 ----D---- C:\Program Files (x86)\Trend Micro
2011-11-30 17:02:49 ----D---- C:\Program Files (x86)\Google
2011-11-30 16:52:16 ----D---- C:\Users\Cunky\AppData\Roaming\Malwarebytes
2011-11-30 16:51:39 ----D---- C:\ProgramData\Malwarebytes
2011-11-30 16:51:31 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-30 00:40:21 ----D---- C:\Windows\pss
2011-11-29 23:33:23 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2011-11-29 23:33:12 ----D---- C:\Program Files (x86)\Microsoft Security Client
2011-11-24 15:28:20 ----D---- C:\Users\Cunky\AppData\Roaming\Zoner
2011-11-23 18:33:54 ----D---- C:\Program Files (x86)\Zoner
2011-11-23 18:29:25 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-09-25 20:05:48 ----D---- C:\Program Files (x86)\Mojzík

======List of files/folders modified in the last 3 months======

2011-11-30 20:42:01 ----D---- C:\Windows\Temp
2011-11-30 20:39:44 ----RD---- C:\Downloads
2011-11-30 20:13:07 ----D---- C:\Windows
2011-11-30 19:46:53 ----D---- C:\Windows\inf
2011-11-30 18:51:02 ----SHD---- C:\Windows\Installer
2011-11-30 18:50:59 ----HD---- C:\Config.Msi
2011-11-30 18:50:21 ----SHD---- C:\System Volume Information
2011-11-30 18:49:35 ----D---- C:\Program Files (x86)\Opera
2011-11-30 18:44:48 ----SD---- C:\Users\Cunky\AppData\Roaming\Microsoft
2011-11-30 18:44:47 ----RD---- C:\Program Files (x86)
2011-11-30 18:43:52 ----D---- C:\Users\Cunky\AppData\Roaming\Winamp
2011-11-30 18:41:46 ----D---- C:\Windows\SoftwareDistribution
2011-11-30 18:41:46 ----D---- C:\Windows\Panther
2011-11-30 18:41:46 ----D---- C:\Windows\Minidump
2011-11-30 18:41:46 ----D---- C:\Windows\Logs
2011-11-30 18:41:46 ----D---- C:\Windows\debug
2011-11-30 18:40:10 ----D---- C:\Windows\SysWOW64\drivers
2011-11-30 17:55:11 ----D---- C:\Program Files (x86)\HP
2011-11-30 17:45:03 ----D---- C:\Program Files (x86)\ICQ7.5
2011-11-30 17:02:56 ----RD---- C:\Program Files
2011-11-30 16:51:39 ----HD---- C:\ProgramData
2011-11-30 16:28:02 ----SD---- C:\ProgramData\Microsoft
2011-11-30 00:06:56 ----D---- C:\Windows\winsxs
2011-11-29 23:33:23 ----D---- C:\Windows\SysWOW64
2011-11-29 23:27:37 ----D---- C:\Windows\System32
2011-11-26 19:59:01 ----D---- C:\Users\Cunky\AppData\Roaming\vlc
2011-11-23 18:34:00 ----RSD---- C:\Windows\Fonts
2011-11-23 18:32:17 ----D---- C:\Dominikaa
2011-11-23 18:29:25 ----D---- C:\Program Files (x86)\Common Files
2011-11-16 16:29:23 ----D---- C:\Foto
2011-11-16 16:24:43 ----D---- C:\Filmy
2011-11-11 21:27:20 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-11-10 19:15:24 ----D---- C:\Users\Cunky\AppData\Roaming\Skype
2011-11-10 17:08:56 ----D---- C:\Users\Cunky\AppData\Roaming\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys []
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys []
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys []
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys []
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys []
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/15 11:47:25]; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys []
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-26 267824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

info
info.txt logfile of random's system information tool 1.09 2011-11-30 20:46:03

======Uninstall list======

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe -maintain plugin
Adobe Reader 9.3.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Apple Application Support-->MsiExec.exe /I{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUS USB2.0 UVC VGA WebCam-->C:\Program Files (x86)\InstallShield Installation Information\{044B477C-3AF5-4DF2-A946-200C2C9E8933}\setup.exe
Audacity 1.3.12 (Unicode)-->"C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\unins000.exe"
BitLord 1.1-->C:\Program Files (x86)\BitLord\uninst.exe
CyberLink PowerDVD 10-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
CyberLink PowerDVD 10-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hafík 1.1L-->"C:\Program Files (x86)\Mojzík\Hafík\unins000.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Malwarebytes' Anti-Malware verzia 1.51.2.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox 8.0 (x86 sk)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Nero 7 Essentials-->MsiExec.exe /X{97F32DF8-D66E-446A-A425-C1D7B45C1051}
ObjectDock Free-->"C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}\ObjectDock_free.exe" REMOVE=TRUE MODIFY=FALSE
ObjectDock Free-->C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}\ObjectDock_free.exe
Opera 11.52-->MsiExec.exe /X{95A36786-E9A6-4CC8-AE28-29D038DDBDC6}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
T-Mobile Communication Center 3.57.95.14-->"C:\Program Files (x86)\T-Mobile Communication Center\unins000.exe"
VIA Platform Device Manager-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VLC media player 1.1.9-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Wireless Console 3-->MsiExec.exe /I{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}
Zoner Callisto 5-->MsiExec.exe /X{4F62B1AE-E778-49E2-9C57-C1C65A122098}

======System event log======

Computer Name: Cunky-PC
Event Code: 30013
Message: The DHCP allocator has disabled itself on IP address 192.168.0.100, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
Record Number: 266129
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20110823205352.000000-000
Event Type: Error
User:

Computer Name: Cunky-PC
Event Code: 34001
Message: The ICS_IPV6 failed to configure IPv6 stack.
Record Number: 266128
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20110823205350.000000-000
Event Type: Error
User:

Computer Name: Cunky-PC
Event Code: 34005
Message: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Record Number: 266127
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20110823205349.000000-000
Event Type: Warning
User:

Computer Name: Cunky-PC
Event Code: 7000
Message: The Služba Google Update (gupdate) service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 266126
Source Name: Service Control Manager
Time Written: 20110823205338.325774-000
Event Type: Error
User:

Computer Name: Cunky-PC
Event Code: 7000
Message: The Power Control [2010/12/15 11:47:25] service failed to start due to the following error:
The system cannot find the path specified.
Record Number: 266092
Source Name: Service Control Manager
Time Written: 20110823205115.606118-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Cunky-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3584004389-1183693594-3197235695-1000:
Process 2848 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Microsoft\Windows\CurrentVersion\Explorer

Record Number: 7785
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100905131822.267780-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Cunky-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-3584004389-1183693594-3197235695-1000:
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Microsoft\SystemCertificates\My
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Microsoft\SystemCertificates\CA
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Microsoft\SystemCertificates\Root
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Policies\Microsoft\SystemCertificates
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Policies\Microsoft\SystemCertificates
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Policies\Microsoft\SystemCertificates
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Policies\Microsoft\SystemCertificates
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 852 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Microsoft\SystemCertificates\trust

Record Number: 7392
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100901213933.774006-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Cunky-PC
Event Code: 1002
Message: The program firefox.exe version 1.9.2.3855 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 994
Start Time: 01cb49b5e7e11bda
Termination Time: 19
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: 30c4833d-b5a9-11df-97b3-485b3947e340

Record Number: 7384
Source Name: Application Hang
Time Written: 20100901091338.000000-000
Event Type: Error
User:

Computer Name: Cunky-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
10 user registry handles leaked from \Registry\User\S-1-5-21-3584004389-1183693594-3197235695-1000:
Process 500 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000
Process 500 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Policies
Process 500 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Microsoft\SystemCertificates\My
Process 500 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Microsoft\SystemCertificates\CA
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 500 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000\Software

Record Number: 6351
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100820171814.098273-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Cunky-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3584004389-1183693594-3197235695-1000:
Process 3924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3584004389-1183693594-3197235695-1000

Record Number: 6108
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100818160548.332916-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Cunky-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 56058
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110514080335.182822-000
Event Type: Audit Success
User:

Computer Name: Cunky-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: CUNKY-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x1d0
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 56057
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110514080335.182822-000
Event Type: Audit Success
User:

Computer Name: Cunky-PC
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x15655
Record Number: 56056
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110514080334.839621-000
Event Type: Audit Success
User:

Computer Name: Cunky-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 56055
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110514080334.543221-000
Event Type: Audit Success
User:

Computer Name: Cunky-PC
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 56054
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110514080334.465221-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 30 lis 2011 21:11

Zdravim a pekny vecer preji

Mohu mit dotaz, proc si bezny uzivatel kupuje nejvyssi licenci Windows Ultimate, ktera je urcena spise pro velke korporace, kdyz stejne nevyuzije nic vic nez nabizi verze Home Premium

Nedavejte prosim logy do code - spatne se to lusti a boli z toho oci - code slouzi pouze radcum pro opravne skripty

gogy27 · #5 Příspěvek od **gogy27** » 30 lis 2011 21:23

1. Za tie logy v code sa ospravedlnujem, nevedel som, budem vediet nabuduce

2. Tento Windows mam na notebooku, nebol zvlast kupovany.

#6 Příspěvek od **vyosek** » 30 lis 2011 21:29

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

gogy27 · #7 Příspěvek od **gogy27** » 30 lis 2011 22:22

ComboFix 11-11-30.03 - Cunky . 11. 2011 22:01:33.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.3037.1991 [GMT 1:00]
Running from: c:\downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-30 21:14 . 2011-11-30 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-30 20:38 . 2011-11-30 20:38 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{948B38BA-7B01-483E-B23D-7FFABBE9C96D}\offreg.dll
2011-11-30 19:44 . 2011-11-30 19:46 -------- d-----w- C:\rsit
2011-11-30 17:44 . 2011-11-30 17:44 388096 ----a-r- c:\users\Cunky\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-30 17:44 . 2011-11-30 19:45 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-30 16:02 . 2011-11-30 16:03 -------- d-----w- c:\program files\CCleaner
2011-11-30 16:02 . 2011-11-30 16:02 -------- d-----w- c:\program files (x86)\Google
2011-11-30 15:52 . 2011-11-30 15:52 -------- d-----w- c:\users\Cunky\AppData\Roaming\Malwarebytes
2011-11-30 15:51 . 2011-11-30 15:51 -------- d-----w- c:\programdata\Malwarebytes
2011-11-30 15:51 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 15:51 . 2011-11-30 15:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-29 22:38 . 2011-11-29 22:37 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C99AC704-86B6-4EB5-B74B-3D69D0DF8EBE}\gapaengine.dll
2011-11-29 22:37 . 2011-10-06 20:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{948B38BA-7B01-483E-B23D-7FFABBE9C96D}\mpengine.dll
2011-11-29 22:33 . 2011-11-29 22:33 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-29 22:32 . 2011-11-29 22:33 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-29 22:31 . 2010-04-09 11:06 1898376 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-29 22:31 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-29 22:27 . 2011-11-29 22:27 -------- d-----w- c:\windows\system32\appmgmt
2011-11-24 14:28 . 2011-11-24 14:28 -------- d-----w- c:\users\Cunky\AppData\Roaming\Zoner
2011-11-23 17:33 . 2011-11-23 17:33 -------- d-----w- c:\program files (x86)\Zoner
2011-11-23 17:29 . 2011-11-23 17:29 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 11:54 . 2011-05-15 09:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-21 07:00 . 2011-10-12 15:37 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6137CE0A-F218-4B61-9389-D63D3102D09C}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
T-Mobile Communication Center.lnk - c:\program files (x86)\T-Mobile Communication Center\TMCC.exe [2010-11-1 761856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/15 11:47];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-08 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2B059CF4-CEA6-40AC-9042-92255D9F85AC}: NameServer = 92.245.2.245,92.245.2.162
FF - ProfilePath - c:\users\Cunky\AppData\Roaming\Mozilla\Firefox\Profiles\f6lpg8rs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Winamp Detect - c:\program files (x86)\Winamp Detect\UninstWaDetect.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-30 22:21:04
ComboFix-quarantined-files.txt 2011-11-30 21:21
.
Pre-Run: 11 090 337 792 bytes free
Post-Run: 10 703 073 280 bytes free
.
- - End Of File - - 002F4EFDAAF799285D13D2504E16E3FE

#8 Příspěvek od **vyosek** » 01 pro 2011 10:43

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-

DDS::
uStart Page = hxxp://start.icq.com/

Firefox::
FF - ProfilePath - c:\users\Cunky\AppData\Roaming\Mozilla\Firefox\Profiles\f6lpg8rs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: network.proxy.type - 0

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

gogy27 · #9 Příspěvek od **gogy27** » 01 pro 2011 16:00

ComboFix 11-11-30.03 - Cunky . 12. 2011 15:17:35.2.2 - x64
Running from: c:\users\Cunky\Desktop\ComboFix.exe
Command switches used :: c:\users\Cunky\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-11-30 19:44 . 2011-11-30 21:23 -------- d-----w- C:\rsit
2011-11-30 17:44 . 2011-11-30 17:44 388096 ----a-r- c:\users\Cunky\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-30 17:44 . 2011-11-30 19:45 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-30 16:02 . 2011-11-30 16:03 -------- d-----w- c:\program files\CCleaner
2011-11-30 16:02 . 2011-11-30 16:02 -------- d-----w- c:\program files (x86)\Google
2011-11-30 15:52 . 2011-11-30 15:52 -------- d-----w- c:\users\Cunky\AppData\Roaming\Malwarebytes
2011-11-30 15:51 . 2011-11-30 15:51 -------- d-----w- c:\programdata\Malwarebytes
2011-11-30 15:51 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 15:51 . 2011-11-30 15:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-29 22:33 . 2011-11-29 22:33 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-29 22:32 . 2011-11-29 22:33 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-29 22:31 . 2010-04-09 11:06 1898376 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-29 22:31 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-29 22:27 . 2011-11-29 22:27 -------- d-----w- c:\windows\system32\appmgmt
2011-11-24 14:28 . 2011-11-24 14:28 -------- d-----w- c:\users\Cunky\AppData\Roaming\Zoner
2011-11-23 17:33 . 2011-11-23 17:33 -------- d-----w- c:\program files (x86)\Zoner
2011-11-23 17:29 . 2011-11-23 17:29 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 14:32 . 2011-12-01 14:32 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{948B38BA-7B01-483E-B23D-7FFABBE9C96D}\offreg.dll
2011-11-29 22:37 . 2011-11-29 22:38 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C99AC704-86B6-4EB5-B74B-3D69D0DF8EBE}\gapaengine.dll
2011-10-10 11:54 . 2011-05-15 09:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-06 20:16 . 2011-11-29 22:37 8570192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{948B38BA-7B01-483E-B23D-7FFABBE9C96D}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-30_21.15.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-12-01 14:38 34142 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-07-01 13:25 . 2011-11-30 20:45 10920 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3584004389-1183693594-3197235695-1000_UserData.bin
+ 2010-07-01 13:25 . 2011-12-01 14:38 10920 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3584004389-1183693594-3197235695-1000_UserData.bin
- 2010-07-01 16:11 . 2011-11-30 20:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-01 16:11 . 2011-12-01 14:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-01 16:11 . 2011-11-30 20:47 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-01 16:11 . 2011-12-01 14:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-01 16:11 . 2011-12-01 14:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-01 16:11 . 2011-11-30 20:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-01 16:11 . 2011-12-01 14:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-01 16:11 . 2011-11-30 20:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-01 16:11 . 2011-11-30 20:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-01 16:11 . 2011-12-01 14:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-30 20:38 . 2011-11-30 20:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-01 14:32 . 2011-12-01 14:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-30 20:38 . 2011-11-30 20:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-01 14:32 . 2011-12-01 14:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-11-30 20:37 439112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-01 14:31 439112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2011-12-01 14:22 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-11-29 23:19 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2011-05-09 22:39 . 2011-11-30 20:37 1268832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3584004389-1183693594-3197235695-1000-8192.dat
+ 2011-05-09 22:39 . 2011-11-30 21:46 1268832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3584004389-1183693594-3197235695-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
T-Mobile Communication Center.lnk - c:\program files (x86)\T-Mobile Communication Center\TMCC.exe [2010-11-1 761856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/15 11:47];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-08 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2B059CF4-CEA6-40AC-9042-92255D9F85AC}: NameServer = 92.245.2.245,92.245.2.162
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Cunky\AppData\Roaming\Mozilla\Firefox\Profiles\f6lpg8rs.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-01 15:56:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-01 14:56
.
Pre-Run: 10 760 839 168 bytes free
Post-Run: 11 888 582 656 bytes free
.
- - End Of File - - B3993E8BE456383D7027A1B3DFD47A90

#10 Příspěvek od **vyosek** » 01 pro 2011 16:47

Jak se chova PC

gogy27 · #11 Příspěvek od **gogy27** » 01 pro 2011 16:50

Stale rovnako, niekedy viac seka viac niekedy menej, ale vyuzitie procesora je vzdy 100%. Iba vcera sa mi podarilo nejako to dat na 3% a islo vsetko vpohode. Ak dlhsie necham pocitac len tak so spustenym Task Manager tak sa to pohybujem tak od 50% a vyssie. Poslem zoznam servisov, ktore pouziva dane svchost?

gogy27 · #12 Příspěvek od **gogy27** » 01 pro 2011 16:51

po napisani tejto spravy to je 0% - 3%

zaujimave

neviem ci to nebolo aj vcera prave o takomto case.

#13 Příspěvek od **vyosek** » 01 pro 2011 17:02

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Spise dejte screen TM kde je to vytizeni videt a mela by tam byt i videt sluzba ktera dany schvost spustila

gogy27 · #14 Příspěvek od **gogy27** » 01 pro 2011 17:41

Pri cisteni registrov mi CCleaner nechcel vymazat 2 registre (si na screenshote).
Pocitac bezi o nieco lepsie co sa tyka odozvy. Praca s TouchPadom je vsak na nervy, pripajam stale mysku cez USB (je to lepsie). Odozva zvuku a hlavne tych zvukov pri windows hlaskach je niekedy aj minutova. Pocitac taktiez sa zapne o trochu rychlejsie avsak kym mozem spustit niektory program trva to stale rovnako dlho.

Screen z TM a CCleaner
http://i42.tinypic.com/34p1b3a.png

#15 Příspěvek od **vyosek** » 01 pro 2011 17:49

Zkuste tam pustit jeste avp tool at vyloucime havet http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

VIRY.CZ

Vytazenie CPU na 100% svchost.exe

Vytazenie CPU na 100% svchost.exe

Re: Vytazenie CPU na 100% svchost.exe

Re: Vytazenie CPU na 100% svchost.exe

Re: Vytazenie CPU na 100% svchost.exe

Re: Vytazenie CPU na 100% svchost.exe

Re: Vytazenie CPU na 100% svchost.exe

Re: Vytazenie CPU na 100% svchost.exe

Re: Vytazenie CPU na 100% svchost.exe

Re: Vytazenie CPU na 100% svchost.exe

Re: Vytazenie CPU na 100% svchost.exe

Re: Vytazenie CPU na 100% svchost.exe

Re: Vytazenie CPU na 100% svchost.exe

Re: Vytazenie CPU na 100% svchost.exe

Re: Vytazenie CPU na 100% svchost.exe

Re: Vytazenie CPU na 100% svchost.exe