procesor bezi na 50%

[stan87]

a aky antivir by si odporucil? alebo ako sa chranit dobre?

[JaRon]

odinstaluj C:\Program Files\IObit\IObit Malware Fighter

[stan87]

obcas mavam aj blue screen, ale to bdue suvsiset asi s garfikou pretoze po starte nb sa mi rozsvietia kontrolky ale svieti mi len tmava obrazovka a ked ohnem tu obrazovku nizsie tak sa mi rozbehne cely nb neviem preco mi ten procesor zacal bezat takto napsoledy som instaloval program ANSYS

[JaRon]

stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

[stan87]

po odinstalovani iobit a restarte

Logfile of random's system information tool 1.09 (written by random/random)
Run by JST at 2012-03-30 14:10:48
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 3 GB (10%) free of 35 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:11:18, on 30. 3. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
D:\downloads\viry\RSIT.exe
C:\Program Files\trend micro\JST.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3006E4AA-D776-47ED-982E-98EE80A58C65}: NameServer = 195.80.175.66 195.80.171.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ANSYS, Inc. License Manager - ANSYS, Inc. - C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

--
End of file - 6110 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\JST\AppData\Roaming\Mozilla\Firefox\Profiles\g3a2n4hh.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}:5.0.19, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.3.3&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\JST\AppData\Roaming\Mozilla\Firefox\Profiles\g3a2n4hh.default\extensions\
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

C:\Users\JST\AppData\Roaming\Mozilla\Firefox\Profiles\g3a2n4hh.default\searchplugins\
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2011-03-04 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"reset"=regedit /s reset.reg []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2006-12-08 241664]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-27 1721640]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"msacm.l3codecp"=

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-30 13:39:12 ----D---- C:\Program Files\CCleaner
2012-03-30 13:33:39 ----D---- C:\Avenger
2012-03-30 13:33:39 ----A---- C:\avenger.txt
2012-03-30 10:41:32 ----D---- C:\Users\JST\AppData\Roaming\Malwarebytes
2012-03-30 10:41:27 ----D---- C:\ProgramData\Malwarebytes
2012-03-30 10:41:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-03-30 10:41:26 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-03-29 22:20:47 ----D---- C:\Program Files\trend micro
2012-03-29 22:20:44 ----D---- C:\rsit
2012-03-16 19:02:52 ----D---- C:\ProgramData\FNP
2012-03-16 18:49:17 ----D---- C:\Users\JST\AppData\Roaming\HP
2012-03-15 23:06:37 ----D---- C:\Program Files\ANSYS Inc
2012-03-15 23:04:50 ----D---- C:\Users\JST\AppData\Roaming\Ansys
2012-03-15 00:14:48 ----D---- C:\ProgramData\install_clap
2012-03-15 00:12:09 ----D---- C:\HP
2012-03-13 19:44:48 ----A---- C:\Windows\system32\ntkrnlpa.exe
2012-03-13 19:44:46 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-03-13 19:43:47 ----A---- C:\Windows\system32\win32k.sys
2012-03-13 19:43:45 ----A---- C:\Windows\system32\DWrite.dll
2012-03-13 19:43:34 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-13 19:43:33 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-13 19:43:33 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-13 19:43:24 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-13 19:43:24 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-13 19:43:23 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-11 23:31:49 ----D---- C:\ProgramData\Temp
2012-03-10 23:27:45 ----D---- C:\ProgramData\PC Drivers HeadQuarters Inc

======List of files/folders modified in the last 1 month======

2012-03-30 14:10:37 ----D---- C:\Windows\system32\catroot2
2012-03-30 14:09:30 ----D---- C:\Windows\inf
2012-03-30 14:09:25 ----D---- C:\Windows\Temp
2012-03-30 14:09:12 ----D---- C:\Windows
2012-03-30 13:56:13 ----D---- C:\Windows\SoftwareDistribution
2012-03-30 13:48:20 ----D---- C:\Windows\system32\config
2012-03-30 13:41:57 ----D---- C:\Users\JST\AppData\Roaming\DAEMON Tools Lite
2012-03-30 13:41:21 ----D---- C:\Windows\Panther
2012-03-30 13:41:21 ----D---- C:\Windows\debug
2012-03-30 13:39:12 ----RD---- C:\Program Files
2012-03-30 13:33:39 ----HD---- C:\ProgramData
2012-03-30 13:33:39 ----D---- C:\Windows\system32\drivers
2012-03-30 13:33:39 ----D---- C:\Windows\System32
2012-03-30 13:20:54 ----D---- C:\Windows\PLA
2012-03-30 10:51:30 ----D---- C:\Windows\SchCache
2012-03-30 10:25:36 ----SHD---- C:\Windows\Installer
2012-03-30 10:25:34 ----D---- C:\Windows\system32\Tasks
2012-03-30 10:25:13 ----SHD---- C:\System Volume Information
2012-03-30 10:20:41 ----D---- C:\Windows\system32\DriverStore
2012-03-30 10:20:41 ----D---- C:\Windows\system32\catroot
2012-03-29 22:25:53 ----D---- C:\Windows\system32\drivers\etc
2012-03-29 21:39:05 ----D---- C:\Users\JST\AppData\Roaming\ICQ
2012-03-29 07:13:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-28 19:42:10 ----D---- C:\ProgramData\IObit
2012-03-18 21:44:06 ----D---- C:\Program Files\Mozilla Firefox
2012-03-15 23:08:48 ----D---- C:\Windows\winsxs
2012-03-15 12:05:19 ----D---- C:\Users\JST\AppData\Roaming\Canon
2012-03-15 00:17:51 ----D---- C:\ProgramData\CyberLink
2012-03-15 00:17:49 ----D---- C:\Users\JST\AppData\Roaming\CyberLink
2012-03-15 00:14:48 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-14 23:54:26 ----SD---- C:\ProgramData\Microsoft
2012-03-13 19:46:05 ----A---- C:\Windows\system32\MRT.exe
2012-03-13 19:45:35 ----D---- C:\Windows\Prefetch
2012-03-13 19:45:17 ----D---- C:\ProgramData\Microsoft Help
2012-03-12 19:48:41 ----D---- C:\swsetup
2012-03-11 23:26:16 ----D---- C:\Program Files\Common Files\InstallShield
2012-03-11 23:25:58 ----RSD---- C:\Windows\Fonts
2012-03-11 23:23:20 ----D---- C:\Program Files\Hp
2012-03-11 23:08:45 ----D---- C:\Program Files\SystemRequirementsLab
2012-03-10 23:27:40 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-11-01 691696]
R1 LUMDriver;LUMDriver; \??\C:\Windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263}; \??\C:\Program Files\HP\QuickPlay\000.fcl [2007-12-19 41456]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-17 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-06-25 48128]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2009-06-25 44544]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2009-06-25 38400]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2009-04-29 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-09 1096704]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\Windows\System32\Drivers\gHidPnp.Sys [2006-07-14 14848]
R3 gMouUsb;USB Mouse Device Drv; C:\Windows\system32\DRIVERS\gMouUsb.sys [2006-07-14 9984]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2009-02-12 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2009-02-12 207360]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 245936]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2009-02-12 661504]
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atjupmvr;atjupmvr; C:\Windows\system32\drivers\atjupmvr.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys []
S3 cpuz134;cpuz134; \??\C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2009-02-17 57672]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2002-04-03 49457]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys []
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe [2010-09-20 3326976]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 BBDemon;Backbone Service; C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [2009-09-26 36864]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1136448]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-01 1343400]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]

-----------------EOF-----------------

[stan87]

ComboFix 12-03-30.06 - JST . 03. 2012 14:18:39.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.2047.1271 [GMT 2:00]
Running from: c:\users\JST\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JST\go_ex.exe
c:\windows\IsUn0405.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 12:31 . 2012-03-30 12:32 -------- d-----w- c:\users\JST\AppData\Local\temp
2012-03-30 12:31 . 2012-03-30 12:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-30 12:31 . 2012-03-30 12:31 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-03-30 12:31 . 2012-03-30 12:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-30 12:21 . 2012-03-30 12:21 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA6F824F-D954-4C4D-A9C4-3D409A4CD2B2}\offreg.dll
2012-03-30 11:39 . 2012-03-30 11:39 -------- d-----w- c:\program files\CCleaner
2012-03-30 08:41 . 2012-03-30 08:41 -------- d-----w- c:\users\JST\AppData\Roaming\Malwarebytes
2012-03-30 08:41 . 2012-03-30 08:41 -------- d-----w- c:\programdata\Malwarebytes
2012-03-30 08:41 . 2012-03-30 08:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-30 08:41 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 20:20 . 2012-03-30 12:10 -------- d-----w- c:\program files\trend micro
2012-03-29 20:20 . 2012-03-29 20:22 -------- d-----w- C:\rsit
2012-03-29 04:42 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA6F824F-D954-4C4D-A9C4-3D409A4CD2B2}\mpengine.dll
2012-03-18 19:44 . 2012-03-18 19:44 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 19:44 . 2012-03-18 19:44 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 17:02 . 2012-03-16 17:02 -------- d-----w- c:\programdata\FNP
2012-03-16 16:49 . 2012-03-16 16:49 -------- d-----w- c:\users\JST\AppData\Roaming\HP
2012-03-15 21:06 . 2012-03-16 09:51 -------- d-----w- c:\program files\ANSYS Inc
2012-03-15 21:04 . 2012-03-16 17:04 -------- d-----w- c:\users\JST\AppData\Roaming\Ansys
2012-03-14 22:17 . 2012-03-14 22:17 -------- d-----w- c:\users\Public\CyberLink
2012-03-14 22:17 . 2012-03-14 22:17 -------- d-----w- c:\users\JST\AppData\Local\CyberLink
2012-03-14 22:14 . 2012-03-14 22:14 -------- d-----w- c:\programdata\install_clap
2012-03-14 22:12 . 2012-03-14 22:13 -------- d-----w- C:\HP
2012-03-13 17:44 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-13 17:44 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 17:43 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 17:43 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 17:43 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:43 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:43 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:43 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:43 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:43 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-11 21:26 . 2012-03-16 19:32 -------- d-----w- c:\users\JST\AppData\Local\QuickPlay
2012-03-10 21:27 . 2012-03-10 21:27 -------- d-----w- c:\programdata\PC Drivers HeadQuarters Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 06:05 . 2011-06-09 19:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-05-21 06:58 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 08:58 . 2012-02-15 16:44 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-18 19:44 . 2011-05-11 18:52 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-01 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-01 691696]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2007-12-19 41456]
S2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;c:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe [2010-09-20 3326976]
S2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [2009-09-26 36864]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2006-07-14 14848]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2006-07-14 9984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: Interfaces\{3006E4AA-D776-47ED-982E-98EE80A58C65}: NameServer = 195.80.175.66 195.80.171.4
FF - ProfilePath - c:\users\JST\AppData\Roaming\Mozilla\Firefox\Profiles\g3a2n4hh.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-NEXIS32 3.40.13 - c:\windows\IsUn0405.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e0,18,7a,91,47,2c,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,e0,23,09,10,3d,86,44,bb,7e,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,e0,23,09,10,3d,86,44,bb,7e,a7,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-30 14:38:47
ComboFix-quarantined-files.txt 2012-03-30 12:38
.
Pre-Run: 3 326 443 520 bytes free
Post-Run: 3 201 970 176 bytes free
.
- - End Of File - - D75F4F406B20EBAEFC5798A6AC1A70F0

[stan87]

hm co to mu je ako viem slusilo by sa to preinstalovat na komplet ale nemam cas na to teraz

stale to die po starte chvilu v klude a pootm to vyskoci nad 50 a tam sa to uz kolise a v procesoch mi nic nebezi

help mee

[stan87]

tak aj obrazok prilozim toto je moj problem neveim ci to je normalne ze to bezi okolo 50% stale aj ked procesor je na nule

[cernohous13]

Zdravím,
mohl bys okno Taskmanagera zvětšit tak, aby byly vidět všechny procesy (podle svislého posuvníku jich tam dole ještě dost bude)

[stan87]

tu je

[cernohous13]

stáhni a spusť http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
některé Antiviry jej mohou blokovat, proto je budeš muset na tu chvíli odstavit
- Zvol možnost Scan a poté Deletion a následně Report - otevře se log, ten sem vlož

[stan87]

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spustené v : Normálny režim
Užívateľ: JST [Práva Správcu]
Režim: Odebrať -- Dátum: 03/30/2012 18:35:54

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrov: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{3006E4AA-D776-47ED-982E-98EE80A58C65} : NameServer (195.80.175.66 195.80.171.4) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{3006E4AA-D776-47ED-982E-98EE80A58C65} : NameServer (195.80.175.66 195.80.171.4) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač: [NAHRATÉ] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545016B9A300 ATA Device +++++
--- User ---
[MBR] 100d72561c6d2323c4301645af9de675
[BSP] 9a89881d52771d481dac4b422557c075 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 34900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 71682048 | Size: 117625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

[stan87]

doinstaloval som si pandu pro 2012 trial verziu na 3 mesiace

[stan87]

hm tak asi len preinstalovat mi ostane ten nb uz som pouzil milion programov a stale nic nezabera ale na icq mam konecne emotikony normalne a nie pomeisane

[cernohous13]

Správce úloh zobrazí 26 procesů ale běží jich 56.
"Zobrazit procesy všech uživatelů"

Stáhni a spusť http://www.slunecnice.cz/sw/process-explorer/
mohli bychom vidět, který proces způsobí vytížení procesoru.