Prosím o kontrolu logu, CPU 100%, chybové hlášky

[Brawler]

Jako správce jsem ho spustil i prvně, takže teď jsem jen pokračoval tím delete ...
Po restartu co provedl adwcleaner je CPU opět na 100% ... pokusím se log z DDS udělat i tak, když tak budu muset znovu v nouzovém režimu ...

# AdwCleaner v2.112 - Logfile created 02/14/2013 at 12:11:17
# Updated 10/02/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Holik - HOLIK-PC
# Boot Mode : Normal
# Running from : C:\Users\Holik\Pictures\Kréta - Bali 2009\Desktop\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Users\Holik\AppData\LocalLow\Dealio
Folder Deleted : C:\Users\Holik\AppData\LocalLow\Search Settings

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Dealio
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
Key Deleted : HKLM\Software\Classes\Installer\Features\79CAA1B036589D14EA74856E2A220F1E
Key Deleted : HKLM\Software\Classes\Installer\Features\A3BB3C491A65ED342A24B8144FE679FE
Key Deleted : HKLM\Software\Classes\Installer\Products\79CAA1B036589D14EA74856E2A220F1E
Key Deleted : HKLM\Software\Classes\Installer\Products\A3BB3C491A65ED342A24B8144FE679FE
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Key Deleted : HKLM\Software\Dealio
Key Deleted : HKLM\SOFTWARE\FCTB000061107
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23A03A6765D10864EB278629A2DF32C3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3A4FCCE032CA50340A6975C92410AE30
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E00D9B24354FBA44AE2CA0FA86EF2E2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7C13F41728A69EF41AA1A3372FB86FA6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B92A2929968AED344BD6B34AD60E6604
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\79CAA1B036589D14EA74856E2A220F1E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A3BB3C491A65ED342A24B8144FE679FE
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
Key Deleted : HKLM\Software\Search Settings

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searc ... &ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v7.0 (cs)

File : C:\Users\Holik\AppData\Roaming\Mozilla\Firefox\Profiles\dmvxgt1s.default\prefs.js

C:\Users\Holik\AppData\Roaming\Mozilla\Firefox\Profiles\dmvxgt1s.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3335 octets] - [14/02/2013 11:58:31]
AdwCleaner[S1].txt - [3453 octets] - [14/02/2013 12:11:17]

########## EOF - C:\AdwCleaner[S1].txt - [3513 octets] ##########

[Brawler]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by Holik at 12:20:55 on 2013-02-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3071.2083 [GMT 1:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\ifxspmgt.exe
C:\Windows\System32\IFXTCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Holik\AppData\Local\Temp\winfffjwi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Holik\AppData\Local\Temp\winxgxrtj.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: Podpora odkazu pro Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [UpgradeHelper] c:\users\holik\appdata\roaming\windows desktop search\{6e26bf69-f10d-4d1e-b990-23f7b8c5e565}\UpgradeHelper.exe
uRun: [HP Deskjet 3050A J611 series (NET)] "c:\program files\hp\hp deskjet 3050a j611 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1CN4464Z05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 91.187.32.2 77.48.100.254
TCP: Interfaces\{866F2609-443B-423B-B939-7A689140CF86} : DHCPNameServer = 91.187.32.2 77.48.100.254
TCP: Interfaces\{F96AB851-5CFB-49A6-B9D7-280C10511590} : DHCPNameServer = 91.187.32.2 77.48.100.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\holik\appdata\roaming\mozilla\firefox\profiles\dmvxgt1s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/?clid=3
FF - prefs.js: network.proxy.type - 1
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2008-10-16 15416]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-7-24 38816]
R2 602XML Updater;602Updater;c:\program files\common files\soft602\602updsvc\602updsvc.exe [2010-4-14 84520]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2007-6-20 47616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-10-16 29736]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2013-2-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-02-14 11:14:16 103140 --sh--r- C:\hcfy.pif
2013-02-14 07:57:14 -------- d-----w- c:\users\holik\appdata\local\temp
2013-02-14 07:56:35 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-14 07:45:02 98816 ----a-w- c:\windows\sed.exe
2013-02-14 07:45:02 256000 ----a-w- c:\windows\PEV.exe
2013-02-14 07:45:02 208896 ----a-w- c:\windows\MBR.exe
2013-02-10 02:43:41 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-09 08:52:38 -------- d-----w- c:\users\holik\appdata\roaming\Ymokmi
2013-02-09 00:32:15 -------- d-----w- c:\users\holik\appdata\roaming\Dopo
2013-02-07 07:38:23 -------- d-----w- c:\program files\trend micro
2013-02-06 09:04:01 -------- d-----w- c:\program files\CCleaner
2013-02-05 21:00:50 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-05 19:38:47 -------- d-----w- c:\users\holik\appdata\roaming\Lyarwy
2013-02-05 15:27:47 -------- d-----w- c:\users\holik\appdata\roaming\Igus
2013-02-05 15:27:46 -------- d-----w- c:\users\holik\appdata\roaming\Rouc
2013-02-04 20:11:17 -------- d-----w- c:\windows\cs
2013-02-04 20:09:52 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-02-04 20:06:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-02-04 20:00:46 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2013-02-04 20:00:46 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2013-02-04 20:00:45 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-02-04 20:00:35 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-02-04 19:47:37 15712 ----a-w- c:\program files\common files\windows live\.cache\7b5a60301ce031037\MeshBetaRemover.exe
2013-02-04 19:45:55 89944 ----a-w- c:\program files\common files\windows live\.cache\3ebddd551ce03102a\DSETUP.dll
2013-02-04 19:45:55 537432 ----a-w- c:\program files\common files\windows live\.cache\3ebddd551ce03102a\DXSETUP.exe
2013-02-04 19:45:55 1801048 ----a-w- c:\program files\common files\windows live\.cache\3ebddd551ce03102a\dsetup32.dll
2013-02-04 19:45:50 94040 ----a-w- c:\program files\common files\windows live\.cache\3b2b87821ce031029\DSETUP.dll
2013-02-04 19:45:50 525656 ----a-w- c:\program files\common files\windows live\.cache\3b2b87821ce031029\DXSETUP.exe
2013-02-04 19:45:50 1691480 ----a-w- c:\program files\common files\windows live\.cache\3b2b87821ce031029\dsetup32.dll
2013-02-04 19:40:16 -------- d-----w- c:\users\holik\appdata\local\Windows Live
2013-02-04 19:40:15 -------- d-----w- c:\program files\common files\Windows Live
2013-02-04 19:39:36 754688 ----a-w- c:\windows\system32\webservices.dll
2013-02-04 13:27:39 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2013-02-04 13:27:37 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-02-04 13:27:37 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-02-04 13:27:37 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-02-04 13:27:37 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-02-04 13:27:37 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-02-04 12:53:51 -------- d-----w- c:\program files\Windows Portable Devices
2013-02-03 21:06:25 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2013-02-03 21:06:24 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2013-02-03 21:06:24 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-02-03 20:56:14 5120 ----a-w- c:\windows\system32\wmi.dll
2013-02-03 20:56:14 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-02-03 20:56:14 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-02-03 20:43:58 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-02-03 20:28:12 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-02-03 20:28:04 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-02-03 20:28:04 16896 ----a-w- c:\windows\system32\winusb.dll
2013-02-03 20:28:04 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-02-03 20:28:03 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-02-03 20:28:03 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-02-03 20:28:02 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-02-03 20:28:02 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-02-03 20:28:01 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-02-03 20:28:01 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-02-03 20:28:01 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-02-03 20:20:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-02-03 20:20:36 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-02-03 19:32:42 -------- d-----w- c:\users\holik\appdata\local\Macromedia
2013-02-03 18:29:40 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2013-02-03 18:29:40 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2013-02-03 18:29:40 293376 ----a-w- c:\windows\system32\psisdecd.dll
2013-02-03 18:29:40 217088 ----a-w- c:\windows\system32\psisrndr.ax
2013-02-03 18:29:39 23552 ----a-w- c:\windows\system32\mciseq.dll
2013-02-03 18:29:39 189952 ----a-w- c:\windows\system32\winmm.dll
2013-02-03 18:29:36 623616 ----a-w- c:\windows\system32\localspl.dll
2013-02-03 18:29:18 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-02-03 18:29:18 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-02-03 18:29:17 1205064 ----a-w- c:\windows\system32\ntdll.dll
2013-02-03 18:27:11 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-02-03 18:27:10 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-02-03 18:27:09 680448 ----a-w- c:\windows\system32\msvcrt.dll
2013-02-03 18:27:00 985088 ----a-w- c:\windows\system32\crypt32.dll
2013-02-03 18:27:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-02-03 18:27:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-02-03 18:25:48 1248768 ----a-w- c:\windows\system32\msxml3.dll
2013-02-03 18:25:17 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-02-03 18:25:12 707584 ----a-w- c:\program files\common files\system\wab32.dll
2013-02-03 18:24:08 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-02-03 18:24:08 278528 ----a-w- c:\windows\system32\schannel.dll
2013-02-03 18:24:08 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-03 18:24:07 9728 ----a-w- c:\windows\system32\lsass.exe
2013-02-03 18:24:07 72704 ----a-w- c:\windows\system32\secur32.dll
2013-02-03 18:24:05 231424 ----a-w- c:\windows\system32\msshsq.dll
2013-02-03 18:24:02 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-03 18:24:02 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-03 17:39:14 613376 ----a-w- c:\windows\system32\rdpencom.dll
2013-02-03 12:23:37 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-02-03 12:23:03 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-02-03 12:22:46 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-02-03 12:22:46 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-02-03 12:16:50 -------- d-----w- C:\3322.Bin
2013-02-02 23:45:34 -------- d-----w- c:\windows\system32\eu-ES
2013-02-02 23:45:34 -------- d-----w- c:\windows\system32\ca-ES
2013-02-02 23:45:32 -------- d-----w- c:\windows\system32\vi-VN
2013-02-02 08:07:01 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-01 10:10:25 -------- d-----w- c:\users\holik\appdata\roaming\Visan
2013-02-01 10:10:00 -------- d-----w- c:\programdata\Visan
2013-02-01 09:25:51 -------- d-----w- c:\program files\Microsoft
2013-02-01 09:25:08 -------- d-----w- c:\programdata\HP Photo Creations
2013-02-01 09:25:08 -------- d-----w- c:\program files\HP Photo Creations
2013-02-01 09:24:27 -------- d-----w- c:\users\holik\appdata\roaming\HpUpdate
2013-02-01 09:23:42 544616 ------w- c:\windows\system32\HPDiscoPMa011.dll
2013-02-01 09:20:18 -------- d-----w- c:\program files\HP
2013-02-01 09:00:20 -------- d-----w- c:\users\holik\appdata\local\HP
.
==================== Find3M ====================
.
2013-02-10 02:44:12 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-03 20:43:57 98816 ----a-w- c:\windows\system32\mfps.dll
2012-11-23 01:35:53 2048000 ----a-w- c:\windows\system32\win32k.sys
2008-07-02 02:28:38 61440 ----a-w- c:\program files\common files\CPInstallAction.dll
.
============= FINISH: 12:22:23,65 ===============

[vyosek]

Pokud nemate, tak presunte Combofix primo na disk c:\

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\HP Photo Creations Communicator.job
  
  Registry::
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=dword:00000000
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  "DisableMonitoring"=dword:00000000
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000000
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "WMPNSCFG"=-
  "UpgradeHelper"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "QuickTime Task"=-
  "SunJavaUpdateSched"=-
  "HP Software Update"=-
  
  Folder::
  C:\3322.Bin
  c:\users\Holik\AppData\Roaming\Lyarwy
  c:\users\Holik\AppData\Roaming\Igus
  c:\users\Holik\AppData\Roaming\Rouc
  c:\users\Holik\AppData\Roaming\Ymokmi
  c:\users\Holik\AppData\Roaming\Dopo
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
  
  DDS::
  uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
  BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
  
  Collect::
  C:\hcfy.pif
  
  Firefox::
  FF - ProfilePath - c:\users\Holik\AppData\Roaming\Mozilla\Firefox\Profiles\dmvxgt1s.default\
  FF - prefs.js: network.proxy.type - 1
  FF - user.js: network.cookie.cookieBehavior - 0
  FF - user.js: privacy.clearOnShutdown.cookies - false
  FF - user.js: security.warn_viewing_mixed - false
  FF - user.js: security.warn_viewing_mixed.show_once - false
  FF - user.js: security.warn_submit_insecure - false
  FF - user.js: security.warn_submit_insecure.show_once - false
  
  ClearJavaCache::
  
  Reboot::
  

• Ulozte vytvoreny TXT jako CFScript.txt tez primo na c:\
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Brawler]

Tak všechno proběhlo, skript jsem použil, došlo k restartu a teď to píše, že se připravuje log report a to už trvá asi 30 minut, což se mi zdá moc ... neustále mi přes to skáče chybová hláška o tom že chybí dísk, ale tentokrát je to "SynTPEnh.exe - chybí disk"
Tohle mi dělalo i v úplném prvopočátku a mám strach, že PC prostě nic nedělá a bude to takto hodiny stát ... přičemž podle toho jak valí větrák soudím, že CPU bude zase ns 100% ...

[vyosek]

Dejte mu jeste 15 minut, pokud nic, tak znovu restart do nouzaku a aplikovat skript s tim ze po restartu jej nechate nabehnout opet do nouzaku

[Brawler]

V nouzovém ani normálním režimu skript přes ComboFix nelze spustit, píše to
NSIS Error
Installer integrity check has failed. Common causes include incomplete download and damaged media. Contact ...
http://nsi.sf.net/NSIS_Error

[vyosek]

Nooo to neni dobre, takto CF upozornuje na hodne zapeklitou havet (PE infectory, file infectory), lecnei byva hodne slozite a obcas nemozne

Smazte CF co mate na plose, stahnete novy Cf z linku jak jsem daval a spustte jej bez skriptu

[Brawler]

ComboFix 13-02-13.02 - Holik 14.02.2013 13:35:19.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3071.2647 [GMT 1:00]
Spuštěný z: c:\users\Holik\Pictures\Kréta - Bali 2009\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\hcfy.pif
c:\users\Holik\AppData\Roaming\Identities\{F23FC24B-6784-4736-87D1-14FE58F816B2}\LicenseValidator.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-14 do 2013-02-14 )))))))))))))))))))))))))))))))
.
.
2013-02-14 12:41 . 2013-02-14 12:42 -------- d-----w- c:\users\Holik\AppData\Local\temp
2013-02-10 02:43 . 2013-02-10 02:43 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-09 08:52 . 2013-02-09 08:52 -------- d-----w- c:\users\Holik\AppData\Roaming\Ymokmi
2013-02-09 00:32 . 2013-02-09 00:31 -------- d-----w- c:\users\Holik\AppData\Roaming\Dopo
2013-02-07 07:38 . 2013-02-14 06:34 -------- d-----w- c:\program files\trend micro
2013-02-07 07:38 . 2013-02-07 07:43 -------- d-----w- C:\rsit
2013-02-06 09:04 . 2013-02-06 09:04 -------- d-----w- c:\program files\CCleaner
2013-02-05 21:00 . 2013-02-05 21:00 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-05 19:38 . 2013-02-05 19:38 -------- d-----w- c:\users\Holik\AppData\Roaming\Lyarwy
2013-02-05 15:27 . 2013-02-05 15:27 -------- d-----w- c:\users\Holik\AppData\Roaming\Igus
2013-02-05 15:27 . 2013-02-05 21:00 -------- d-----w- c:\users\Holik\AppData\Roaming\Rouc
2013-02-04 20:11 . 2013-02-04 20:11 -------- d-----w- c:\windows\cs
2013-02-04 20:09 . 2012-03-08 17:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-02-04 20:06 . 2013-02-04 20:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-02-04 20:01 . 2013-02-04 20:11 -------- d-----w- c:\program files\Windows Live
2013-02-04 20:00 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2013-02-04 20:00 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2013-02-04 20:00 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-02-04 20:00 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-02-04 19:40 . 2013-02-04 19:40 -------- d-----w- c:\users\Holik\AppData\Local\Windows Live
2013-02-04 19:40 . 2013-02-04 19:40 -------- d-----w- c:\program files\Common Files\Windows Live
2013-02-04 19:39 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2013-02-04 13:27 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2013-02-04 13:27 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-02-04 13:27 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-02-04 13:27 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-02-04 13:27 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-02-04 13:27 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-02-04 12:53 . 2013-02-04 12:53 -------- d-----w- c:\program files\Windows Portable Devices
2013-02-03 21:06 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2013-02-03 21:06 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2013-02-03 21:06 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-02-03 20:56 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2013-02-03 20:56 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-02-03 20:56 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-02-03 20:43 . 2013-02-03 20:43 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-02-03 20:28 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-02-03 20:28 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-02-03 20:28 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-02-03 20:28 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2013-02-03 20:28 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-02-03 20:28 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-02-03 20:28 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-02-03 20:28 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-02-03 20:28 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-02-03 20:28 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-02-03 20:28 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-02-03 20:20 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-02-03 20:20 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-02-03 19:32 . 2013-02-03 19:32 -------- d-----w- c:\users\Holik\AppData\Local\Macromedia
2013-02-03 18:29 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2013-02-03 18:29 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2013-02-03 18:29 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2013-02-03 18:29 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2013-02-03 18:29 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2013-02-03 18:29 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2013-02-03 18:29 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2013-02-03 18:29 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-02-03 18:29 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-02-03 18:29 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2013-02-03 18:27 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-02-03 18:27 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-02-03 18:27 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2013-02-03 18:27 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2013-02-03 18:27 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-02-03 18:27 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-02-03 18:25 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2013-02-03 18:25 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-02-03 18:25 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2013-02-03 18:24 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-02-03 18:24 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2013-02-03 18:24 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-03 18:24 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2013-02-03 18:24 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2013-02-03 18:24 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2013-02-03 18:24 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-03 18:24 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-03 17:39 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2013-02-03 12:23 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-02-03 12:23 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-02-03 12:23 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-02-03 12:23 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-02-03 12:23 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-02-03 12:23 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-02-03 12:23 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-02-03 12:22 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-02-03 12:22 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-02-03 12:16 . 2013-02-03 12:16 -------- d-----w- C:\3322.Bin
2013-02-02 23:45 . 2013-02-02 23:46 -------- d-----w- c:\windows\system32\ca-ES
2013-02-02 23:45 . 2013-02-02 23:46 -------- d-----w- c:\windows\system32\eu-ES
2013-02-02 23:45 . 2013-02-02 23:46 -------- d-----w- c:\windows\system32\vi-VN
2013-02-02 08:07 . 2013-02-10 02:44 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-01 10:10 . 2013-02-01 10:10 -------- d-----w- c:\users\Holik\AppData\Roaming\Visan
2013-02-01 10:10 . 2013-02-01 10:10 -------- d-----w- c:\programdata\Visan
2013-02-01 09:26 . 2013-02-01 09:26 -------- d-----w- c:\program files\Hewlett-Packard
2013-02-01 09:25 . 2013-02-01 19:41 -------- d-----w- c:\program files\Microsoft
2013-02-01 09:25 . 2013-02-02 23:06 -------- d-----w- c:\programdata\HP Photo Creations
2013-02-01 09:25 . 2013-02-01 09:25 -------- d-----w- c:\program files\HP Photo Creations
2013-02-01 09:24 . 2013-02-09 00:51 -------- d-----w- c:\users\Holik\AppData\Roaming\HpUpdate
2013-02-01 09:23 . 2011-06-08 17:06 544616 ------w- c:\windows\system32\HPDiscoPMa011.dll
2013-02-01 09:20 . 2013-02-01 09:24 -------- d-----w- c:\program files\HP
2013-02-01 09:00 . 2013-02-01 10:06 -------- d-----w- c:\users\Holik\AppData\Local\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 02:44 . 2011-12-01 13:06 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-04 20:01 . 2011-03-28 17:36 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-02-03 20:43 . 2013-02-03 20:43 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\dxgkrnl.sys.mui
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2011-09-23 04:43 . 2011-10-24 09:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 173360]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1107240]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 241664]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 184320]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-10-16 133688]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-10-16 106864]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-01-25 759064]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 128304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-27 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52 104936 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 19:17 143360 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-02 02:44]
.
2013-02-14 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-02-01 10:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 91.187.32.2 77.48.100.254
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
FF - ProfilePath - c:\users\Holik\AppData\Roaming\Mozilla\Firefox\Profiles\dmvxgt1s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/?clid=3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-14 13:42
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-02-14 13:44:16
ComboFix-quarantined-files.txt 2013-02-14 12:44
ComboFix2.txt 2013-02-14 07:57
.
Před spuštěním: Volných bajtů: 107 596 181 504
Po spuštění: Volných bajtů: 107 461 419 008
.
- - End Of File - - 9CF1595ADC9D2C874CEDE0BE08CD543B

[vyosek]

Projedte SalityKillerem PC http://support.kaspersky.com/downloads/ ... killer.zip

Projedte PC ESET OnlineScannerem http://www.eset.com/cz/online-scanner/