VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

CPU na 100%

https://forum.viry.cz:443/viewtopic.php?t=127243

Stránka 1 z 1

CPU na 100%

Napsal: 13 led 2013 16:36
od NapoleonIV
Dobry den prajem.
Na pocitaci mi pracuje stale procesor na 100 percent.
Nevedeli by ste mi pomoct?
Posielam aj vypis z programu Combofix.
Predom dakujem.

ComboFix 13-01-13.01 - Jana 13/01/2013 16:23:21.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.3035.2193 [GMT 1:00]
Running from: c:\users\Jana\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))
.
.
2013-01-13 15:29 . 2013-01-13 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-12 22:46 . 2013-01-13 15:29 -------- d-----w- c:\users\Jana\AppData\Local\temp
2013-01-12 22:10 . 2012-11-22 09:33 627712 ----a-w- c:\windows\system32\usp10.dll
2013-01-12 22:10 . 2012-11-23 03:06 2344960 ----a-w- c:\windows\system32\win32k.sys
2013-01-12 22:10 . 2012-11-09 04:49 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-12 22:03 . 2012-12-07 03:21 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-12 22:01 . 2012-11-20 05:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-12 20:04 . 2013-01-13 05:41 -------- d-----w- c:\program files\HDD Regenerator
2013-01-12 20:03 . 2013-01-12 20:03 -------- d-----w- c:\users\Jana\AppData\Local\Downloaded Installations
2013-01-12 19:05 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C876B72A-D4A7-456C-8F27-2BB516558364}\mpengine.dll
2013-01-12 18:12 . 2013-01-12 18:12 -------- d-----w- c:\program files\CCleaner
2013-01-12 18:10 . 2013-01-12 18:27 -------- d-----w- c:\program files\Google
2012-12-21 23:31 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 23:31 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 23:11 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-16 11:44 . 2012-12-16 11:44 -------- d-----w- c:\program files\iPod
2012-12-16 11:44 . 2012-12-16 11:46 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-16 11:44 . 2012-12-16 11:46 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-07 10:34 . 2012-12-07 10:34 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-07 10:34 . 2011-02-13 19:09 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-14 02:09 . 2012-12-12 00:03 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 00:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 00:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 00:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 00:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 00:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:49 . 2012-12-11 19:35 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 04:48 . 2012-12-11 19:35 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-19 09:08 . 2012-10-19 09:08 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 20:34 . 2012-11-30 22:42 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-24 7719456]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ModemListener"="c:\program files\HSPA USB MODEM\ModemListener.exe" [2009-12-01 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 18:12]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 18:12]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718913100-3639185411-1979516537-1000Core.job
- c:\users\Jana\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-07 10:28]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718913100-3639185411-1979516537-1000UA.job
- c:\users\Jana\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-07 10:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://it.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.20
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-13 16:32:05
ComboFix-quarantined-files.txt 2013-01-13 15:32
ComboFix2.txt 2013-01-13 15:06
.
Pre-Run: 4.998.270.976 bytes free
Post-Run: 4.966.858.752 bytes free
.
- - End Of File - - 11865A1595C8E10D0A0E4C89287EAEC9

Re: CPU na 100%

Napsal: 13 led 2013 17:14
od NapoleonIV
Ahoj.
Ja som sem skopiroval vsetko co bolo v subore, ktory vytvoril combofix. Viac tam nie je.....
Ked si pozrel spravcu uloh tak procesy, ktore najviac zatazuju procak maju oznacenie svchost.exe, kokretne su tam dva tieto procesy a ich popis je Host Process for Windows Services.
Vies mi prosim dako poradit?

Dakujem.

Re: CPU na 100%

Napsal: 13 led 2013 18:26
od NapoleonIV
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-13 17:41:31
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 FUJITSU_MJA2250BH_G2 rev.00400018 232,89GB
Running: gmer.exe; Driver: C:\Users\Jana\AppData\Local\Temp\kxldypow.sys


---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 84280839 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 842A53F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.0 ----

.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtCreateFile + 6 771846B6 4 Bytes [28, C4, 21, 00] {SUB AH, AL; AND [EAX], EAX}
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtCreateFile + B 771846BB 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtMapViewOfSection + 6 77184D16 4 Bytes [28, C7, 21, 00] {SUB BH, AL; AND [EAX], EAX}
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtMapViewOfSection + B 77184D1B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtOpenFile + 6 77184DC6 4 Bytes [68, C4, 21, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtOpenFile + B 77184DCB 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtOpenProcess + 6 77184E76 4 Bytes [A8, C5, 21, 00] {TEST AL, 0xc5; AND [EAX], EAX}
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtOpenProcess + B 77184E7B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtOpenProcessToken + 6 77184E86 4 Bytes CALL 76187050 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtOpenProcessToken + B 77184E8B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtOpenProcessTokenEx + 6 77184E96 4 Bytes [A8, C6, 21, 00] {TEST AL, 0xc6; AND [EAX], EAX}
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtOpenProcessTokenEx + B 77184E9B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtOpenThread + 6 77184EF6 4 Bytes [68, C5, 21, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtOpenThread + B 77184EFB 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtOpenThreadToken + 6 77184F06 4 Bytes [68, C6, 21, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtOpenThreadToken + B 77184F0B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtOpenThreadTokenEx + 6 77184F16 4 Bytes CALL 761870E1 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtOpenThreadTokenEx + B 77184F1B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtQueryAttributesFile + 6 77185026 4 Bytes [A8, C4, 21, 00] {TEST AL, 0xc4; AND [EAX], EAX}
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtQueryAttributesFile + B 7718502B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtQueryFullAttributesFile + 6 771850D6 4 Bytes CALL 7618729F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtQueryFullAttributesFile + B 771850DB 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtSetInformationFile + 6 77185726 4 Bytes [28, C5, 21, 00] {SUB CH, AL; AND [EAX], EAX}
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtSetInformationFile + B 7718572B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtSetInformationThread + 6 77185786 4 Bytes [28, C6, 21, 00] {SUB DH, AL; AND [EAX], EAX}
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtSetInformationThread + B 7718578B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtUnmapViewOfSection + 6 77185AA6 4 Bytes [68, C7, 21, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[620] ntdll.dll!NtUnmapViewOfSection + B 77185AAB 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtCreateFile + 6 771846B6 4 Bytes [28, F8, F5, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtCreateFile + B 771846BB 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtMapViewOfSection + 6 77184D16 4 Bytes [28, FB, F5, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtMapViewOfSection + B 77184D1B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenFile + 6 77184DC6 4 Bytes [68, F8, F5, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenFile + B 77184DCB 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcess + 6 77184E76 4 Bytes [A8, F9, F5, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcess + B 77184E7B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcessToken + 6 77184E86 4 Bytes CALL 76194484 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcessToken + B 77184E8B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcessTokenEx + 6 77184E96 4 Bytes [A8, FA, F5, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcessTokenEx + B 77184E9B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThread + 6 77184EF6 4 Bytes [68, F9, F5, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThread + B 77184EFB 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThreadToken + 6 77184F06 4 Bytes [68, FA, F5, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThreadToken + B 77184F0B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThreadTokenEx + 6 77184F16 4 Bytes CALL 76194515 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThreadTokenEx + B 77184F1B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtQueryAttributesFile + 6 77185026 4 Bytes [A8, F8, F5, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtQueryAttributesFile + B 7718502B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtQueryFullAttributesFile + 6 771850D6 4 Bytes CALL 761946D3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtQueryFullAttributesFile + B 771850DB 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtSetInformationFile + 6 77185726 4 Bytes [28, F9, F5, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtSetInformationFile + B 7718572B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtSetInformationThread + 6 77185786 4 Bytes [28, FA, F5, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtSetInformationThread + B 7718578B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtUnmapViewOfSection + 6 77185AA6 4 Bytes [68, FB, F5, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtUnmapViewOfSection + B 77185AAB 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtCreateFile + 6 771846B6 4 Bytes [28, 80, 56, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtCreateFile + B 771846BB 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtMapViewOfSection + 6 77184D16 4 Bytes [28, 83, 56, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtMapViewOfSection + B 77184D1B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenFile + 6 77184DC6 4 Bytes [68, 80, 56, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenFile + B 77184DCB 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenProcess + 6 77184E76 4 Bytes [A8, 81, 56, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenProcess + B 77184E7B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenProcessToken + 6 77184E86 4 Bytes CALL 7618A50C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenProcessToken + B 77184E8B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenProcessTokenEx + 6 77184E96 4 Bytes [A8, 82, 56, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenProcessTokenEx + B 77184E9B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenThread + 6 77184EF6 4 Bytes [68, 81, 56, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenThread + B 77184EFB 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenThreadToken + 6 77184F06 4 Bytes [68, 82, 56, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenThreadToken + B 77184F0B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenThreadTokenEx + 6 77184F16 4 Bytes CALL 7618A59D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenThreadTokenEx + B 77184F1B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtQueryAttributesFile + 6 77185026 4 Bytes [A8, 80, 56, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtQueryAttributesFile + B 7718502B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtQueryFullAttributesFile + 6 771850D6 4 Bytes CALL 7618A75B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtQueryFullAttributesFile + B 771850DB 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtSetInformationFile + 6 77185726 4 Bytes [28, 81, 56, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtSetInformationFile + B 7718572B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtSetInformationThread + 6 77185786 4 Bytes [28, 82, 56, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtSetInformationThread + B 7718578B 1 Byte [E2]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtUnmapViewOfSection + 6 77185AA6 4 Bytes [68, 83, 56, 00]
.text C:\Users\Jana\AppData\Local\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtUnmapViewOfSection + B 77185AAB 1 Byte [E2]

---- EOF - GMER 2.0 ----



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-01-2013
Ran by SYSTEM at 13-01-2013 18:18:06
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-05-26] (Elaborate Bytes AG)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7719456 2009-08-24] (Realtek Semiconductor)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [111856 2009-02-23] (Yahoo! Inc)
HKLM\...\Run: [ModemListener] C:\Program Files\HSPA USB MODEM\ModemListener.exe start [98304 2009-12-01] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKU\Jana\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [5244216 2009-11-10] (Yahoo! Inc.)
HKU\Jana\...\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKLM\...\Runonce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.20
Startup: C:\Users\Jana\Start Menu\Programs\Startup\Výrezy obrazovky a spuštení aplikace OneNote 2007.lnk
ShortcutTarget: Výrezy obrazovky a spuštení aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -start [40960 2009-11-17] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [20472 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [287824 2012-09-12] (Microsoft Corporation)
3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [x]
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [x]

==================== Drivers (Whitelisted) ====================

3 eamon; C:\Windows\System32\DRIVERS\eamon.sys [116008 2009-09-10] ()
1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [108792 2009-09-10] (ESET)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2009-08-27] (TCT International Mobile Ltd)
3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [110080 2008-12-08] (ZTE Corporation)
3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [104960 2008-12-08] (ZTE Incorporated)
3 catchme; \??\C:\Users\Jana\AppData\Local\Temp\catchme.sys [x]
3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [x]
3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [x]
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [x]
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-01-13 08:42 - 2013-01-13 08:42 - 00909506 ____A (Farbar) C:\Users\Jana\Downloads\FRST.exe
2013-01-13 08:41 - 2013-01-13 08:41 - 00014183 ____A C:\Users\Jana\Desktop\gmer.log
2013-01-13 08:35 - 2013-01-13 08:35 - 00356179 ____A C:\Users\Jana\Downloads\gmer.zip
2013-01-13 06:54 - 2013-01-13 07:34 - 00001550 ____A C:\Windows\PFRO.log
2013-01-13 06:26 - 2013-01-13 06:26 - 00000000 ____A C:\Users\Jana\defogger_reenable
2013-01-13 06:21 - 2013-01-13 08:50 - 00001188 ____A C:\Windows\setupact.log
2013-01-13 06:21 - 2013-01-13 06:21 - 00000000 ____A C:\Windows\setuperr.log
2013-01-13 01:43 - 2013-01-13 06:27 - 00000470 ____A C:\Users\Jana\Downloads\defogger_disable.log
2013-01-13 01:42 - 2013-01-13 01:42 - 00049965 ____A C:\Users\Jana\Downloads\Defogger.exe
2013-01-12 14:33 - 2013-01-13 06:33 - 05021655 ____R (Swearware) C:\Users\Jana\Desktop\ComboFix.exe
2013-01-12 14:17 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-01-12 14:17 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-01-12 14:17 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-01-12 14:17 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-01-12 14:17 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-01-12 14:17 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-01-12 14:17 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-01-12 14:16 - 2013-01-13 07:32 - 00000000 ____D C:\Qoobox
2013-01-12 14:15 - 2013-01-13 02:15 - 00000000 ____D C:\Windows\erdnt
2013-01-12 14:10 - 2013-01-12 14:13 - 10132322 ____A C:\Users\Jana\Downloads\mbam-setup-1.70.0.1100.zip
2013-01-12 14:10 - 2012-11-22 19:06 - 02344960 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-12 14:10 - 2012-11-22 01:33 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-12 14:10 - 2012-11-08 20:49 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-12 14:05 - 2012-11-29 21:06 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-12 14:05 - 2012-11-29 21:00 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-12 14:05 - 2012-11-29 21:00 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 20:56 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 19:07 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-12 14:05 - 2012-11-29 18:51 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 18:51 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 18:51 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 18:51 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-12 14:05 - 2012-11-29 15:21 - 00420032 ____A C:\Windows\System32\locale.nls
2013-01-12 14:05 - 2012-11-01 20:50 - 01388544 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-12 14:03 - 2012-12-06 21:04 - 00308736 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-12 14:03 - 2012-12-06 20:57 - 02576384 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-12 14:03 - 2012-12-06 19:21 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-12 14:03 - 2012-12-06 19:21 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-12 14:03 - 2012-12-06 19:21 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-12 14:03 - 2012-12-06 19:21 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-12 14:03 - 2012-12-06 19:21 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-12 14:03 - 2012-12-06 19:21 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-12 14:03 - 2012-12-06 19:21 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-12 14:03 - 2012-12-06 19:21 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-12 14:03 - 2012-12-06 19:21 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-12 14:03 - 2012-12-06 19:21 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-12 14:03 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-12 14:03 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-12 14:03 - 2012-12-06 19:21 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-12 14:03 - 2012-12-06 19:21 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-12 14:01 - 2012-11-19 21:10 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-12 14:00 - 2013-01-12 14:02 - 05021494 ____R (Swearware) C:\Users\Jana\Downloads\ComboFix.exe
2013-01-12 13:56 - 2013-01-12 14:12 - 108581360 ____A C:\Users\Jana\Downloads\cureit.exe
2013-01-12 12:23 - 2013-01-12 12:24 - 00924517 ____A C:\Users\Jana\Downloads\HDD-Regenerator-1.71__CracK.zip
2013-01-12 12:04 - 2013-01-12 21:41 - 00000000 ____D C:\Program Files\HDD Regenerator
2013-01-12 12:03 - 2013-01-12 12:03 - 00000000 ____D C:\Users\Jana\AppData\Local\Downloaded Installations
2013-01-12 10:12 - 2013-01-13 08:51 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-12 10:12 - 2013-01-13 08:23 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-12 10:12 - 2013-01-12 10:12 - 00000969 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-01-12 10:12 - 2013-01-12 10:12 - 00000000 ____D C:\Program Files\CCleaner
2013-01-12 10:10 - 2013-01-12 10:27 - 00000000 ____D C:\Program Files\Google
2013-01-12 10:10 - 2013-01-12 10:13 - 00000000 ____D C:\Users\All Users\Google
2013-01-12 10:03 - 2013-01-12 10:04 - 04077368 ____A (Piriform Ltd) C:\Users\Jana\Downloads\ccleaner_3.25.1872.exe
2012-12-21 15:31 - 2012-12-16 06:25 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 15:31 - 2012-12-16 06:25 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 03:46 - 2012-12-16 03:46 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-16 03:44 - 2012-12-16 03:46 - 00000000 ____D C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-16 03:44 - 2012-12-16 03:46 - 00000000 ____D C:\Program Files\iTunes
2012-12-16 03:44 - 2012-12-16 03:44 - 00000000 ____D C:\Program Files\iPod


==================== One Month Modified Files and Folders ========

2013-01-13 09:10 - 2009-11-07 02:23 - 01268559 ____A C:\Windows\WindowsUpdate.log
2013-01-13 09:10 - 2009-07-13 20:34 - 00019792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-13 09:10 - 2009-07-13 20:34 - 00019792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-13 09:03 - 2009-11-07 02:28 - 00001156 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718913100-3639185411-1979516537-1000UA.job
2013-01-13 08:51 - 2013-01-12 10:12 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-13 08:50 - 2013-01-13 06:21 - 00001188 ____A C:\Windows\setupact.log
2013-01-13 08:50 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-13 08:42 - 2013-01-13 08:42 - 00909506 ____A (Farbar) C:\Users\Jana\Downloads\FRST.exe
2013-01-13 08:41 - 2013-01-13 08:41 - 00014183 ____A C:\Users\Jana\Desktop\gmer.log
2013-01-13 08:35 - 2013-01-13 08:35 - 00356179 ____A C:\Users\Jana\Downloads\gmer.zip
2013-01-13 08:32 - 2009-11-07 02:28 - 00736750 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-13 08:23 - 2013-01-12 10:12 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-13 07:43 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-01-13 07:34 - 2013-01-13 06:54 - 00001550 ____A C:\Windows\PFRO.log
2013-01-13 07:32 - 2013-01-12 14:16 - 00000000 ____D C:\Qoobox
2013-01-13 07:29 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2013-01-13 06:33 - 2013-01-12 14:33 - 05021655 ____R (Swearware) C:\Users\Jana\Desktop\ComboFix.exe
2013-01-13 06:27 - 2013-01-13 01:43 - 00000470 ____A C:\Users\Jana\Downloads\defogger_disable.log
2013-01-13 06:26 - 2013-01-13 06:26 - 00000000 ____A C:\Users\Jana\defogger_reenable
2013-01-13 06:26 - 2009-11-07 02:23 - 00000000 ____D C:\users\Jana
2013-01-13 06:21 - 2013-01-13 06:21 - 00000000 ____A C:\Windows\setuperr.log
2013-01-13 06:05 - 2009-07-13 20:33 - 00410640 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-13 02:40 - 2009-07-13 20:53 - 00032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-01-13 02:32 - 2009-11-07 05:00 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-13 02:32 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sk-SK
2013-01-13 02:16 - 2009-07-13 18:03 - 47448064 ____A C:\Windows\System32\config\software.bak
2013-01-13 02:16 - 2009-07-13 18:03 - 38797312 ____A C:\Windows\System32\config\system.bak
2013-01-13 02:16 - 2009-07-13 18:03 - 32243712 ____A C:\Windows\System32\config\COMPON~2.bak
2013-01-13 02:16 - 2009-07-13 18:03 - 00262144 ____A C:\Windows\System32\config\security.bak
2013-01-13 02:16 - 2009-07-13 18:03 - 00262144 ____A C:\Windows\System32\config\sam.bak
2013-01-13 02:16 - 2009-07-13 18:03 - 00262144 ____A C:\Windows\System32\config\default.bak
2013-01-13 02:15 - 2013-01-12 14:15 - 00000000 ____D C:\Windows\erdnt
2013-01-13 02:04 - 2011-02-01 10:36 - 65273848 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-13 02:03 - 2009-11-07 02:28 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718913100-3639185411-1979516537-1000Core.job
2013-01-13 01:42 - 2013-01-13 01:42 - 00049965 ____A C:\Users\Jana\Downloads\Defogger.exe
2013-01-12 21:41 - 2013-01-12 12:04 - 00000000 ____D C:\Program Files\HDD Regenerator
2013-01-12 21:41 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-01-12 21:41 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-01-12 21:41 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2013-01-12 15:00 - 2009-07-13 18:37 - 00000000 __RHD C:\users\Default
2013-01-12 15:00 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2013-01-12 14:13 - 2013-01-12 14:10 - 10132322 ____A C:\Users\Jana\Downloads\mbam-setup-1.70.0.1100.zip
2013-01-12 14:12 - 2013-01-12 13:56 - 108581360 ____A C:\Users\Jana\Downloads\cureit.exe
2013-01-12 14:02 - 2013-01-12 14:00 - 05021494 ____R (Swearware) C:\Users\Jana\Downloads\ComboFix.exe
2013-01-12 12:24 - 2013-01-12 12:23 - 00924517 ____A C:\Users\Jana\Downloads\HDD-Regenerator-1.71__CracK.zip
2013-01-12 12:03 - 2013-01-12 12:03 - 00000000 ____D C:\Users\Jana\AppData\Local\Downloaded Installations
2013-01-12 10:27 - 2013-01-12 10:10 - 00000000 ____D C:\Program Files\Google
2013-01-12 10:19 - 2009-11-07 11:17 - 00000000 ____D C:\Windows\Panther
2013-01-12 10:19 - 2009-11-07 03:15 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Media Player Classic
2013-01-12 10:13 - 2013-01-12 10:10 - 00000000 ____D C:\Users\All Users\Google
2013-01-12 10:12 - 2013-01-12 10:12 - 00000969 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-01-12 10:12 - 2013-01-12 10:12 - 00000000 ____D C:\Program Files\CCleaner
2013-01-12 10:04 - 2013-01-12 10:03 - 04077368 ____A (Piriform Ltd) C:\Users\Jana\Downloads\ccleaner_3.25.1872.exe
2012-12-16 06:25 - 2012-12-21 15:31 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:25 - 2012-12-21 15:31 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 03:46 - 2012-12-16 03:46 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-16 03:46 - 2012-12-16 03:44 - 00000000 ____D C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-16 03:46 - 2012-12-16 03:44 - 00000000 ____D C:\Program Files\iTunes
2012-12-16 03:44 - 2012-12-16 03:44 - 00000000 ____D C:\Program Files\iPod
2012-12-16 03:44 - 2011-12-22 17:17 - 00000000 ____D C:\Program Files\Common Files\Apple


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-11 11:35] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-13 02:02:07
Restore point made on: 2013-01-13 02:03:53
Restore point made on: 2013-01-13 02:24:48
Restore point made on: 2013-01-13 05:58:08

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 4059.18 MB
Available physical RAM: 3545.91 MB
Total Pagefile: 4057.45 MB
Available Pagefile: 3541.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.48 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:38.96 GB) (Free:4.39 GB) NTFS
2 Drive e: () (Fixed) (Total:193.82 GB) (Free:89.63 GB) NTFS
4 Drive g: (DVR-VIDEO) (Removable) (Total:3.77 GB) (Free:3.73 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3864 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 38 GB 101 MB
Partition 3 Primary 193 GB 39 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 38 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 193 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3863 MB 16 KB

=========================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G DVR-VIDEO NTFS Removable 3863 MB Healthy

=========================================================

Last Boot: 2012-12-11 03:21

==================== End Of Log ============================

Re: CPU na 100%

Napsal: 13 led 2013 19:00
od NapoleonIV
Nasiel som tam uz len toto.....
Na moju obhajobu ja som so ziadnym combofixom nezacinal preto som nevedel co sa pytas, len som zdedil dnes poobede tento problem :)

ComboFix 13-01-13.01 - Jana 13/01/2013 15:47:42.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.3035.1858 [GMT 1:00]
Running from: c:\users\Jana\Desktop\ComboFix.exe
Command switches used :: c:\users\Jana\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\siszyd32.exe"
"c:\windows\system32\fjhdyfhsn.bat"
.
.
((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))
.
.
2013-01-13 14:53 . 2013-01-13 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-12 22:46 . 2013-01-13 14:57 -------- d-----w- c:\users\Jana\AppData\Local\temp
2013-01-12 22:10 . 2012-11-22 09:33 627712 ----a-w- c:\windows\system32\usp10.dll
2013-01-12 22:10 . 2012-11-23 03:06 2344960 ----a-w- c:\windows\system32\win32k.sys
2013-01-12 22:10 . 2012-11-09 04:49 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-12 22:03 . 2012-12-07 03:21 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-12 22:01 . 2012-11-20 05:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-12 20:04 . 2013-01-13 05:41 -------- d-----w- c:\program files\HDD Regenerator
2013-01-12 20:03 . 2013-01-12 20:03 -------- d-----w- c:\users\Jana\AppData\Local\Downloaded Installations
2013-01-12 18:12 . 2013-01-12 18:12 -------- d-----w- c:\program files\CCleaner
2013-01-12 18:10 . 2013-01-12 18:27 -------- d-----w- c:\program files\Google
2012-12-21 23:31 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 23:31 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 11:44 . 2012-12-16 11:44 -------- d-----w- c:\program files\iPod
2012-12-16 11:44 . 2012-12-16 11:46 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-16 11:44 . 2012-12-16 11:46 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-13 14:34 . 2013-01-13 14:34 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C876B72A-D4A7-456C-8F27-2BB516558364}\MpKsl0eb0436c.sys
2012-12-07 10:34 . 2012-12-07 10:34 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-07 10:34 . 2011-02-13 19:09 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-14 02:09 . 2012-12-12 00:03 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 00:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 00:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 00:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 00:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 00:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:49 . 2012-12-11 19:35 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-08 18:00 . 2013-01-12 19:05 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C876B72A-D4A7-456C-8F27-2BB516558364}\mpengine.dll
2012-11-08 18:00 . 2012-12-21 23:11 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-02 04:48 . 2012-12-11 19:35 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-19 09:08 . 2012-10-19 09:08 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 20:34 . 2012-11-30 22:42 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-24 7719456]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ModemListener"="c:\program files\HSPA USB MODEM\ModemListener.exe" [2009-12-01 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
c:\users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 MpKsl0eb0436c;MpKsl0eb0436c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C876B72A-D4A7-456C-8F27-2BB516558364}\MpKsl0eb0436c.sys [x]
S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 18:12]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-12 18:12]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718913100-3639185411-1979516537-1000Core.job
- c:\users\Jana\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-07 10:28]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718913100-3639185411-1979516537-1000UA.job
- c:\users\Jana\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-07 10:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://it.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.20
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\System32\wsqmcons.exe
c:\users\Jana\AppData\Local\Google\Update\Install\{E46C09FD-53DC-4142-AFDD-0BB468F406E1}\24.0.1312.52_23.0.1271.97_chrome_updater.exe
c:\users\Jana\AppData\Local\Temp\CR_163E0.tmp\setup.exe
.
**************************************************************************
.
Completion time: 2013-01-13 16:06:40 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-13 15:06
.
Pre-Run: 5.199.327.232 bytes free
Post-Run: 4.933.742.592 bytes free
.
- - End Of File - - F76620A1CB6B9FB5E202F865E81F43BB
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz