VIRY.CZ

Prosím o kontrolu logu, CPU mi bez zjevných důvodů šlape přes 50 % v klidu, při práci až na 100%, díky

Logfile of random's system information tool 1.07 (written by random/random)
Run by Petr at 2010-06-23 23:15:10
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 144 GB (62%) free of 234 GB
Total RAM: 3066 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:15:22, on 23.6.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\System32\WerFault.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IP Anonymizer\IP Anonymizer.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Petr\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Internet Explorer: Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPAnonymizer] C:\Program Files\IP Anonymizer\IP Anonymizer.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\Windows\rundll32.exe C:\Windows\system32\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\Program Files\DivX\Symantec\scstubinstaller.exe /runonce
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 14223 bytes

======Scheduled tasks folder======

zdravim

zazalohujte dulezite veci

stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim (nikoli pod uctem s omezenym opravnenim)

v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:

Obrázek

dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

Zdravím,
tu je ten log z Combofix:

ComboFix 10-07-05.02 - Petr 06.07.2010 10:43:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.1502 [GMT 2:00]
Spuštěný z: c:\users\Petr\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpeC3FA.dll
c:\users\Petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1B66D343-75A2-4DFC-97C7-9639277BF420}.xps
c:\windows\system32\AutoRun.inf
c:\windows\system32\st325939.dll
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-06 do 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 08:53 . 2010-07-06 08:55 -------- d-----w- c:\users\Petr\AppData\Local\temp
2010-07-06 08:53 . 2010-07-06 08:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-03 11:09 . 2010-07-03 11:09 -------- d-----w- c:\program files\AIM Toolbar
2010-07-03 11:09 . 2010-07-03 11:09 -------- d-----w- c:\programdata\AIM Toolbar
2010-07-03 11:09 . 2010-07-03 11:09 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-07-03 11:09 . 2010-07-03 11:09 -------- d-----w- c:\users\Petr\AppData\Roaming\acccore
2010-07-03 11:09 . 2010-07-03 11:09 -------- d-----w- c:\users\Petr\AppData\Local\AIM
2010-07-03 11:08 . 2010-07-03 11:08 -------- d-----w- C:\searchplugins
2010-07-03 11:08 . 2010-07-03 11:08 -------- d-----w- c:\programdata\AIM
2010-07-03 11:08 . 2010-07-03 11:08 -------- d-----w- c:\program files\AIM
2010-07-03 11:07 . 2010-07-03 11:07 -------- d-----w- c:\program files\Common Files\AOL
2010-07-03 09:53 . 2009-09-04 15:29 1892184 begin_of_the_skype_highlighting 29 1892184 end_of_the_skype_highlighting ----a-w- c:\windows\system32\D3DX9_42.dll
2010-07-03 09:53 . 2010-07-03 09:53 -------- d-----w- c:\program files\Winamp Detect
2010-07-03 09:52 . 2010-07-03 09:52 -------- d-----w- c:\program files\Winamp Toolbar
2010-07-03 09:52 . 2010-07-03 09:52 -------- d-----w- c:\programdata\Winamp Toolbar
2010-07-03 09:52 . 2010-07-03 10:11 -------- d-----w- c:\users\Petr\AppData\Roaming\Winamp
2010-07-03 09:52 . 2010-07-03 09:54 -------- d-----w- c:\program files\Winamp
2010-06-26 16:46 . 2010-06-26 16:46 208896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{AD584B1A-D998-5196-9C74-903B24E69C01}-btmmhook.dll
2010-06-26 16:46 . 2010-06-26 16:46 184320 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{D5845C2D-2038-A92C-85F8-C54496E810A3}-btncopy.dll
2010-06-25 21:21 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 21:21 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 21:21 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 21:21 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 21:21 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-25 20:24 . 2010-06-25 20:24 -------- d-----w- c:\program files\iPod
2010-06-25 20:24 . 2010-06-25 20:25 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-25 20:24 . 2010-06-25 20:25 -------- d-----w- c:\program files\iTunes
2010-06-25 19:26 . 2010-06-25 19:26 -------- d-----w- c:\program files\Bonjour
2010-06-25 19:22 . 2010-06-25 19:22 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-25 19:17 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-25 19:17 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 21:15 . 2010-06-23 21:15 -------- d-----w- C:\rsit
2010-06-23 21:15 . 2010-06-23 21:15 -------- d-----w- c:\program files\trend micro
2010-06-23 19:55 . 2010-06-23 19:55 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-06-23 19:55 . 2010-06-23 19:55 -------- d-----w- c:\programdata\DivX
2010-06-22 22:04 . 2010-06-22 22:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-16 13:44 . 2010-06-23 18:06 -------- d-----w- c:\program files\Microsoft Office(1452)
2010-06-16 13:44 . 2010-06-22 21:45 -------- d-----w- c:\program files\Microsoft Office(1320)
2010-06-16 13:44 . 2010-06-16 13:53 -------- d-----w- c:\program files\Microsoft Office(238)
2010-06-16 10:50 . 2010-06-16 10:50 -------- d-----w- c:\program files\VS Revo Group
2010-06-16 10:08 . 2010-06-16 10:08 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-13 19:24 . 2010-06-13 19:24 -------- d-----w- c:\program files\MyAshampoo
2010-06-13 19:24 . 2010-06-13 19:24 -------- d-----w- c:\users\Petr\AppData\Local\ashampoo
2010-06-13 19:24 . 2010-06-13 19:24 -------- d-----w- c:\programdata\ashampoo
2010-06-13 19:24 . 2010-06-13 19:24 -------- d-----w- c:\program files\Ashampoo
2010-06-13 19:06 . 2010-06-13 19:06 -------- d-----w- c:\program files\FastPictureViewer
2010-06-10 16:49 . 2010-06-10 16:49 -------- d-----w- c:\program files\Common Files\Skype
2010-06-10 15:57 . 2010-06-23 18:58 -------- d-----w- c:\programdata\HP Product Assistant
2010-06-10 15:56 . 2010-06-10 15:56 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-10 15:52 . 2010-06-10 16:02 158267 ----a-w- c:\windows\hpoins15.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 06:39 . 2008-01-21 06:46 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-07-06 06:39 . 2008-01-21 06:46 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-07-06 06:36 . 2009-01-29 23:16 -------- d-----w- c:\users\Petr\AppData\Roaming\ICQ
2010-07-06 06:31 . 2008-11-17 11:26 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-29 21:33 . 2009-11-03 23:07 -------- d-----w- c:\users\Petr\AppData\Roaming\Skype
2010-06-29 20:45 . 2010-02-18 17:12 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-29 20:29 . 2009-11-03 23:10 -------- d-----w- c:\users\Petr\AppData\Roaming\skypePM
2010-06-25 20:24 . 2009-12-09 18:30 -------- d-----w- c:\program files\Common Files\Apple
2010-06-25 20:24 . 2009-11-14 14:35 -------- d-----w- c:\programdata\Apple Computer
2010-06-23 19:25 . 2010-04-20 18:43 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-23 19:25 . 2008-11-17 11:23 -------- d-----w- c:\program files\Java
2010-06-23 18:58 . 2010-02-17 18:11 -------- d-----w- c:\program files\Safari
2010-06-23 18:58 . 2009-11-25 21:21 -------- d-----w- c:\programdata\Microsoft Help
2010-06-23 18:58 . 2009-11-25 19:36 -------- d-----w- c:\program files\QuickTime
2010-06-23 18:57 . 2009-11-25 21:25 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 18:57 . 2009-11-25 21:25 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-23 18:57 . 2009-04-14 20:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-23 18:57 . 2010-04-01 20:12 -------- d-----w- c:\program files\JAP
2010-06-23 18:57 . 2009-11-25 21:22 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-06-23 18:57 . 2009-11-17 12:10 -------- d-----w- c:\program files\marketaccess
2010-06-23 18:57 . 2009-11-07 18:14 -------- d-----w- c:\program files\AskBarDis
2010-06-23 18:57 . 2009-02-15 15:13 -------- d-----w- c:\program files\BitComet
2010-06-23 18:57 . 2009-01-31 17:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-23 17:39 . 2009-01-25 13:35 101904 ----a-w- c:\users\Petr\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-22 22:57 . 2009-04-14 20:46 -------- d-----w- c:\program files\Microsoft
2010-06-22 22:57 . 2008-11-17 11:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-22 22:57 . 2008-11-17 11:32 -------- d-----w- c:\program files\Dell Webcam
2010-06-22 22:57 . 2010-03-03 21:07 -------- d-----w- c:\program files\Anti Trojan Elite
2010-06-22 22:57 . 2010-02-14 08:15 -------- d-----w- c:\program files\CIGLER SOFTWARE
2010-06-22 22:25 . 2009-01-31 17:48 -------- d-----w- c:\programdata\NOS
2010-06-16 13:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-15 22:20 . 2009-11-25 21:22 -------- d-----w- c:\program files\Microsoft Analysis Services(183)
2010-06-10 18:42 . 2009-07-01 22:54 6836 ----a-w- c:\users\Petr\AppData\Local\d3d9caps.dat
2010-06-10 16:46 . 2010-02-10 08:41 -------- d-----w- c:\program files\ICQ7.0
2010-06-10 15:57 . 2009-01-31 11:29 -------- d-----w- c:\programdata\HP
2010-06-05 06:56 . 2009-08-22 15:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 17:37 . 2009-09-30 20:20 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-30 08:29 . 2009-07-29 22:12 -------- d-----w- c:\program files\TomTom HOME
2010-05-30 08:29 . 2010-05-30 08:29 -------- d-----w- c:\programdata\TomTom
2010-05-26 17:06 . 2010-06-16 05:23 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-16 05:23 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-25 17:00 . 2010-05-25 17:00 -------- d-----w- c:\program files\TomTom International B.V
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 14:35 . 2010-05-18 14:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 05:59 . 2010-06-16 05:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-16 05:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-16 05:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-16 05:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-02 20:47 . 2010-05-02 20:47 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-02 20:47 . 2010-05-02 20:47 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-02 20:47 . 2010-05-02 20:47 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-02 20:47 . 2010-05-02 20:47 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-02 20:47 . 2010-05-02 20:47 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-02 20:47 . 2010-05-02 20:47 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-02 20:47 . 2010-05-02 20:47 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-02 20:47 . 2010-03-24 17:59 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-02 20:47 . 2010-03-24 17:59 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-02 20:04 . 2010-04-02 18:40 439816 ----a-w- c:\users\Petr\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-05-01 14:13 . 2010-06-16 05:23 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 14:09 . 2010-04-28 14:09 364544 ----a-w- c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2010-04-23 14:13 . 2010-05-26 18:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 14:22 . 2010-04-20 14:22 161104 ----a-w- c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\81ztnoae.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
2010-04-16 16:43 . 2010-06-25 19:17 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-25 19:17 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-25 19:17 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-25 19:17 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2008-11-17 19:48 . 2008-11-17 19:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 16:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Google Update"="c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-02-15 133104]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-06-08 133368]
"Aim"="c:\program files\AIM\aim.exe" [2010-05-21 3824472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-17 442433]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"IPAnonymizer"="c:\program files\IP Anonymizer\IP Anonymizer.exe" [2006-01-06 5177344]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-02 202256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NSSInstallation"="c:\windows\System32\Adobe\Shockwave 11\nssstub.exe" [2010-06-23 497016]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):53,5c,d8,07,d2,fa,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2570509325-119976199-4016077462-1000]
"EnableNotificationsRef"=dword:00000001

R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [x]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-06-16 29736]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-05-10 13224]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\DRIVERS\SE31bus.sys [2006-11-10 61600]
R3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\DRIVERS\SE31mdfl.sys [2006-11-10 9360]
R3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\DRIVERS\SE31mdm.sys [2006-11-10 97184]
R3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\SE31mgmt.sys [2006-11-10 88688]
R3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\DRIVERS\se31nd5.sys [2006-11-10 18704]
R3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\SE31obex.sys [2006-11-10 86560]
R3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\DRIVERS\se31unic.sys [2006-11-10 90800]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 73728]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-30 20968]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-07-28 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-09-22 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-09-22 277632]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570509325-119976199-4016077462-1000Core.job
- c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-15 15:19]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570509325-119976199-4016077462-1000UA.job
- c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-15 15:19]

2010-07-06 c:\windows\Tasks\Install.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-11-15 19:21]

2010-06-23 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]

2009-12-19 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-11-15 19:21]

2010-07-06 c:\windows\Tasks\User_Feed_Synchronization-{B2BB242A-7B70-447B-B505-8F951B01DB39}.job
- c:\windows\system32\msfeedssync.exe [2010-06-16 04:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout odkaz s použitím BitCometu
IE: Stáhnout všechna videa s použitím BitCometu
IE: Stáhnout všechny odkazy s použitím BitCometu
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\81ztnoae.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=03-07-2010&tb_mrud=03-07-2010
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=03-07-2010&tb_mrud=03-07-2010&query=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\81ztnoae.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\81ztnoae.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - component: c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\81ztnoae.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\81ztnoae.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Petr\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Livestation - c:\program files\Livestation\Livestation.exe
HKCU-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
HKLM-Run-ICSDCLT - c:\windows\rundll32.exe
AddRemove-EVEREST Home Edition_is1 - h:\everest home edition\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 10:54
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2570509325-119976199-4016077462-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{12189BAE-0D2F-A8C0-6B2C-C11259839DE5}*]
"bbplandgkopiggmiokaligenpifdlkhhkkih"=hex:67,61,6c,67,70,66,6f,68,6f,61,62,63,
6e,62,00,00
"abplandgkopiggmiokdlpghdopbjnlkknn"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-07-06 11:00:35
ComboFix-quarantined-files.txt 2010-07-06 09:00

Před spuštěním: Volných bajtů: 154 608 177 152
Po spuštění: Volných bajtů: 158 399 463 424

- - End Of File - - A49F3F9AA7DBF1EC6A54A5416E3A161C

ted uz to vypada mnohem lepe; jak to vypada se strojem a vytizenim CPU?

Zdravím,
využití CPU je teď po většinu času v klidu pod 10% a na 40% frekvence, vyskočí chvílemi na cca až 22% využití a 72% frekvence, při prohledávání disku pak byl cca na 60% využití a frekvenci 100%.
Je tedy vidět zlepšení.

pojdme po mne uklidit...

http://sweb.cz/Marinus/T-Cleaner.exe

stahnout, spustit, v okne potvrdit klepnutim na klavesu A vykonani akce, nechat probehnout

Velký dík,
teprve dnes jsem se dostal sem abych vše dokončil, ještě jednou díky

nemate zac

VIRY.CZ

Kontrola logu, CPU stále v zátěži i v klidu na 50 % a víc

Kontrola logu, CPU stále v zátěži i v klidu na 50 % a víc

Re: Kontrola logu, CPU stále v zátěži i v klidu na 50 % a ví

Re: Kontrola logu, CPU stále v zátěži i v klidu na 50 % a ví

Re: Kontrola logu, CPU stále v zátěži i v klidu na 50 % a ví

Re: Kontrola logu, CPU stále v zátěži i v klidu na 50 % a ví

Re: Kontrola logu, CPU stále v zátěži i v klidu na 50 % a ví

Re: Kontrola logu, CPU stále v zátěži i v klidu na 50 % a ví

Re: Kontrola logu, CPU stále v zátěži i v klidu na 50 % a ví