Facebook vir

Zpráva

zralok · #1 Příspěvek od **zralok** » 21 srp 2011 19:08

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jirka at 2011-08-21 20:07:26
Microsoft Windows 7 Ultimate
System drive C: has 67 GB (67%) free of 100 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:07:31, on 21.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\update.tray-3-0\svchost.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Jirka\Downloads\RSIT.exe
C:\Program Files\trend micro\Jirka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-3-0\svchost.exe
O4 - HKLM\..\Run: [7230630.exe] "C:\Windows\Temp\7230630.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [8916745.exe] "C:\Users\Jirka\AppData\Local\Temp\8916745.exe"
O4 - HKLM\..\Run: [2244134.exe] "C:\Windows\Temp\2244134.exe"
O4 - HKLM\..\Run: [36312333-loader2.exe] "C:\Windows\Temp\36312333-loader2.exe"
O4 - HKLM\..\Run: [2394436.exe] "C:\Windows\Temp\2394436.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Pidgin] "C:\Program Files\Pidgin\pidgin.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3306548873-3707734994-3830648221-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3306548873-3707734994-3830648221-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ddservice - Unknown owner - C:\Windows\update.7.1\svchostdriver.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: wxpdrivers - Unknown owner - C:\Windows\update.1\svchost.exe

--
End of file - 6044 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3306548873-3707734994-3830648221-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3306548873-3707734994-3830648221-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-21 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-06-09 10082920]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"wxpdrv"=C:\Windows\services32.exe [2011-08-21 1213440]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-3-0\svchost.exe [2011-08-21 1213440]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"7230630.exe"=C:\Windows\Temp\7230630.exe [2011-08-21 258048]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-08-21 258048]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-08-21 258048]
"8916745.exe"=C:\Users\Jirka\AppData\Local\Temp\8916745.exe [2011-08-21 258048]
"2244134.exe"=C:\Windows\Temp\2244134.exe [2011-08-21 634880]
"36312333-loader2.exe"=C:\Windows\Temp\36312333-loader2.exe [2011-08-21 258048]
"2394436.exe"=C:\Windows\Temp\2394436.exe [2011-08-21 258048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"Google Update"=C:\Users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 136176]
"Pidgin"=C:\Program Files\Pidgin\pidgin.exe [2011-06-24 49340]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-07-29 17361032]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Aktualizovat ESET licenci.lnk - C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-21 20:07:26 ----D---- C:\rsit
2011-08-21 20:07:26 ----D---- C:\Program Files\trend micro
2011-08-21 20:02:37 ----D---- C:\Windows\ufa
2011-08-21 20:02:37 ----D---- C:\Windows\rpcminer
2011-08-21 20:02:37 ----D---- C:\Windows\phoenix
2011-08-21 19:57:37 ----A---- C:\Windows\unrar.exe
2011-08-21 19:55:05 ----A---- C:\Windows\iecheck_iplist.txt
2011-08-21 19:54:53 ----HD---- C:\Windows\update.7.1
2011-08-21 19:54:50 ----A---- C:\Windows\btc_client_iplist.txt
2011-08-21 19:54:37 ----HD---- C:\Windows\update.2
2011-08-21 19:54:04 ----HD---- C:\Windows\update.5.0
2011-08-21 19:52:59 ----A---- C:\Windows\iplist.txt
2011-08-21 19:52:18 ----A---- C:\Windows\sysdriver32_.exe
2011-08-21 19:52:04 ----A---- C:\Windows\sysdriver32.exe
2011-08-21 19:51:51 ----D---- C:\Windows\av_ico
2011-08-21 19:51:44 ----A---- C:\Windows\front_ip_list.txt
2011-08-21 19:50:25 ----HD---- C:\Windows\update.1
2011-08-21 19:50:24 ----HD---- C:\Windows\update.tray-3-0-lnk
2011-08-21 19:50:24 ----HD---- C:\Windows\update.tray-3-0
2011-08-21 19:38:40 ----A---- C:\Windows\winlog-ids.txt
2011-08-21 19:38:40 ----A---- C:\Windows\winlog-dirs.txt
2011-08-21 19:38:36 ----A---- C:\Windows\services32.exe
2011-08-21 17:35:53 ----A---- C:\Windows\system32\drivers\AmdLLD.sys
2011-08-21 17:35:51 ----D---- C:\Program Files\AMD
2011-08-21 17:30:41 ----D---- C:\Program Files\2K Games
2011-08-21 15:04:44 ----D---- C:\Program Files\FinalWire
2011-08-21 13:14:29 ----D---- C:\Users\Jirka\AppData\Roaming\NVIDIA
2011-08-21 12:52:29 ----D---- C:\Windows\cs
2011-08-21 12:50:11 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2011-08-21 12:48:56 ----D---- C:\Windows\PCHEALTH
2011-08-21 12:48:16 ----D---- C:\Program Files\Windows Live
2011-08-21 12:47:25 ----A---- C:\Windows\system32\UIRibbonRes.dll
2011-08-21 12:47:25 ----A---- C:\Windows\system32\UIRibbon.dll
2011-08-21 12:47:12 ----A---- C:\Windows\system32\WMVDECOD.DLL
2011-08-21 12:47:12 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-08-21 12:47:12 ----A---- C:\Windows\system32\mf.dll
2011-08-21 12:46:31 ----D---- C:\Program Files\Common Files\Windows Live
2011-08-21 12:31:23 ----SHD---- C:\ProgramData\DSS
2011-08-21 12:31:22 ----D---- C:\ProgramData\Codemasters
2011-08-21 12:30:12 ----D---- C:\Windows\system32\xlive
2011-08-21 12:30:08 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2011-08-21 12:29:19 ----A---- C:\Windows\system32\rapture3d_oal.dll
2011-08-21 12:29:19 ----A---- C:\Windows\system32\mkl_blueripple.dll
2011-08-21 12:29:18 ----D---- C:\Program Files\BRS
2011-08-21 12:29:17 ----RA---- C:\Windows\system32\tmpB426.tmp
2011-08-21 12:29:17 ----D---- C:\Program Files\OpenAL
2011-08-21 12:29:17 ----A---- C:\Windows\system32\wrap_oal.dll
2011-08-21 12:29:17 ----A---- C:\Windows\system32\OpenAL32.dll
2011-08-21 12:18:33 ----D---- C:\Program Files\Codemasters
2011-08-21 10:56:11 ----D---- C:\Fraps
2011-08-21 10:03:02 ----D---- C:\Program Files\Western Digital Corporation
2011-08-21 09:40:36 ----D---- C:\Users\Jirka\AppData\Roaming\Skype
2011-08-21 09:40:33 ----RD---- C:\Program Files\Skype
2011-08-21 09:40:29 ----D---- C:\ProgramData\Skype
2011-08-21 09:39:53 ----D---- C:\Program Files\uTorrent
2011-08-21 09:39:26 ----D---- C:\Users\Jirka\AppData\Roaming\uTorrent
2011-08-21 00:24:42 ----D---- C:\ProgramData\Sun
2011-08-21 00:24:42 ----D---- C:\Program Files\Common Files\Java
2011-08-21 00:24:36 ----A---- C:\Windows\system32\javaws.exe
2011-08-21 00:24:36 ----A---- C:\Windows\system32\javaw.exe
2011-08-21 00:24:36 ----A---- C:\Windows\system32\java.exe
2011-08-21 00:24:36 ----A---- C:\Windows\system32\deployJava1.dll
2011-08-21 00:24:29 ----D---- C:\Program Files\Java
2011-08-21 00:22:28 ----D---- C:\Users\Jirka\AppData\Roaming\ESET
2011-08-20 23:46:23 ----D---- C:\Users\Jirka\AppData\Roaming\Macromedia
2011-08-20 23:46:23 ----D---- C:\Users\Jirka\AppData\Roaming\Adobe
2011-08-20 23:43:01 ----D---- C:\Windows\Panther
2011-08-20 23:34:27 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-08-20 23:34:27 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-08-20 23:34:27 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-08-20 23:34:27 ----A---- C:\Windows\system32\D3DX9_43.dll
2011-08-20 23:34:27 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-08-20 23:34:27 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-08-20 23:34:27 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-08-20 23:34:27 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-08-20 23:34:26 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-08-20 23:34:26 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-08-20 23:34:26 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-08-20 23:34:26 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-08-20 23:34:26 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-08-20 23:34:26 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-08-20 23:34:26 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-08-20 23:34:26 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-08-20 23:34:26 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-08-20 23:34:26 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-08-20 23:34:26 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-08-20 23:34:26 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-08-20 23:34:26 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-08-20 23:34:25 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-08-20 23:34:25 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-08-20 23:34:25 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-08-20 23:34:25 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-08-20 23:34:25 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-08-20 23:34:25 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-08-20 23:34:25 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-08-20 23:34:25 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-08-20 23:34:25 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-08-20 23:34:25 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-08-20 23:34:25 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-08-20 23:34:25 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-08-20 23:34:24 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-08-20 23:34:24 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-08-20 23:34:24 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-08-20 23:34:24 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-08-20 23:34:24 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-08-20 23:34:24 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-08-20 23:34:23 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-08-20 23:34:22 ----A---- C:\Windows\system32\xinput1_3.dll
2011-08-20 23:34:22 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-08-20 23:34:22 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-08-20 23:34:22 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-08-20 23:34:22 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-08-20 23:34:22 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-08-20 23:34:22 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-08-20 23:34:22 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-08-20 23:34:22 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-08-20 23:34:22 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-08-20 23:34:22 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-08-20 23:34:22 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-08-20 23:34:22 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-08-20 23:34:21 ----A---- C:\Windows\system32\xinput1_2.dll
2011-08-20 23:34:21 ----A---- C:\Windows\system32\xinput1_1.dll
2011-08-20 23:34:21 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-08-20 23:34:21 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-08-20 23:34:21 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-08-20 23:34:21 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-08-20 23:34:21 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-08-20 23:34:21 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-08-20 23:34:21 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-08-20 23:34:21 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-08-20 23:34:21 ----A---- C:\Windows\system32\d3dx9_32.dll
2011-08-20 23:34:21 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-08-20 23:34:21 ----A---- C:\Windows\system32\d3dx10.dll
2011-08-20 23:34:18 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-08-20 23:34:18 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-08-20 23:34:18 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-08-20 23:34:18 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-08-20 23:34:18 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-08-20 23:34:18 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-08-20 23:34:18 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-08-20 23:34:18 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-08-20 23:34:17 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-08-20 23:32:43 ----D---- C:\Program Files\Ubisoft
2011-08-20 23:28:52 ----D---- C:\Users\Jirka\AppData\Roaming\WinRAR
2011-08-20 23:28:50 ----D---- C:\Program Files\WinRAR
2011-08-20 23:23:57 ----A---- C:\Windows\system32\drivers\sptd.sys
2011-08-20 23:23:55 ----D---- C:\Program Files\DAEMON Tools Lite
2011-08-20 23:22:58 ----D---- C:\Users\Jirka\AppData\Roaming\DAEMON Tools Lite
2011-08-20 23:22:56 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-08-20 23:14:15 ----SHD---- C:\Windows\Installer
2011-08-20 23:13:35 ----N---- C:\Windows\system32\MpSigStub.exe
2011-08-20 23:13:13 ----D---- C:\ProgramData\NVIDIA
2011-08-20 23:13:05 ----A---- C:\Windows\system32\nvvsvc.exe
2011-08-20 23:13:05 ----A---- C:\Windows\system32\nvsvcr.dll
2011-08-20 23:13:05 ----A---- C:\Windows\system32\nvsvc.dll
2011-08-20 23:13:05 ----A---- C:\Windows\system32\nvshext.dll
2011-08-20 23:13:05 ----A---- C:\Windows\system32\nvmctray.dll
2011-08-20 23:13:05 ----A---- C:\Windows\system32\nvcpl.dll
2011-08-20 23:13:05 ----A---- C:\Windows\system32\easyupdatusapiu.dll
2011-08-20 23:12:55 ----D---- C:\ProgramData\NVIDIA Corporation
2011-08-20 23:12:23 ----A---- C:\Windows\system32\OpenCL.dll
2011-08-20 23:12:23 ----A---- C:\Windows\system32\nvoglv32.dll
2011-08-20 23:12:23 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-08-20 23:12:22 ----A---- C:\Windows\system32\nvgenco32.dll
2011-08-20 23:12:22 ----A---- C:\Windows\system32\nvdispco32.dll
2011-08-20 23:12:22 ----A---- C:\Windows\system32\nvcuvid.dll
2011-08-20 23:12:22 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-08-20 23:12:22 ----A---- C:\Windows\system32\nvcuda.dll
2011-08-20 23:12:22 ----A---- C:\Windows\system32\nvcompiler.dll
2011-08-20 23:12:22 ----A---- C:\Windows\system32\nvapi.dll
2011-08-20 23:05:40 ----D---- C:\Program Files\SystemRequirementsLab
2011-08-20 23:04:29 ----D---- C:\Program Files\NVIDIA Corporation
2011-08-20 23:03:32 ----D---- C:\Windows\system32\RTCOM
2011-08-20 23:03:11 ----A---- C:\Windows\system32\WavesLib.dll
2011-08-20 23:03:11 ----A---- C:\Windows\system32\WavesGUILib.dll
2011-08-20 23:03:11 ----A---- C:\Windows\system32\SRSWOW.dll
2011-08-20 23:03:11 ----A---- C:\Windows\system32\SRSTSXT.dll
2011-08-20 23:03:11 ----A---- C:\Windows\system32\SRSTSHD.dll
2011-08-20 23:03:11 ----A---- C:\Windows\system32\SRSHP360.dll
2011-08-20 23:03:11 ----A---- C:\Windows\system32\SFNHK.dll
2011-08-20 23:03:11 ----A---- C:\Windows\system32\SFCOM.dll
2011-08-20 23:03:11 ----A---- C:\Windows\system32\SFAPO.dll
2011-08-20 23:03:11 ----A---- C:\Windows\system32\RtkPgExt.dll
2011-08-20 23:03:11 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2011-08-20 23:03:10 ----A---- C:\Windows\system32\RtkCoInst.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\RtkApoApi.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\RtkAPO.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\RTEEP32A.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\RTEEL32A.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\RTEEG32A.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\RTEED32A.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\RP3DHT32.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\RP3DAA32.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\RCoRes.dat
2011-08-20 23:03:10 ----A---- C:\Windows\system32\R4EEP32A.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\R4EEL32A.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\R4EEG32A.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\R4EED32A.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\R4EEA32A.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\MaxxVolumeSDAPO.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\MaxxAudioRealtek.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\MaxxAudioAPO.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\KAAPORT.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\FMAPO.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\DTSVoiceClarityDLL.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\DTSSymmetryDLL.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\DTSS2SpeakerDLL.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL.dll
2011-08-20 23:03:10 ----A---- C:\Windows\system32\DTSNeoPCDLL.dll
2011-08-20 23:03:09 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-20 23:03:09 ----D---- C:\Program Files\Realtek
2011-08-20 23:03:09 ----A---- C:\Windows\system32\DTSLimiterDLL.dll
2011-08-20 23:03:09 ----A---- C:\Windows\system32\DTSLFXAPO.dll
2011-08-20 23:03:09 ----A---- C:\Windows\system32\DTSGFXAPONS.dll
2011-08-20 23:03:09 ----A---- C:\Windows\system32\DTSGFXAPO.dll
2011-08-20 23:03:09 ----A---- C:\Windows\system32\DTSGainCompensatorDLL.dll
2011-08-20 23:03:09 ----A---- C:\Windows\system32\DTSBoostDLL.dll
2011-08-20 23:03:09 ----A---- C:\Windows\system32\DTSBassEnhancementDLL.dll
2011-08-20 23:03:09 ----A---- C:\Windows\system32\AERTARen.dll
2011-08-20 23:03:09 ----A---- C:\Windows\system32\AERTACap.dll
2011-08-20 23:03:08 ----HD---- C:\Program Files\Temp
2011-08-20 23:03:08 ----A---- C:\Windows\RtlExUpd.dll
2011-08-20 23:03:06 ----D---- C:\Program Files\Common Files\InstallShield
2011-08-20 23:02:44 ----A---- C:\Windows\system32\NVCOAWY.DLL
2011-08-20 23:02:44 ----A---- C:\Windows\system32\drivers\nvamacpi.sys
2011-08-20 23:00:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-20 23:00:11 ----D---- C:\Users\Jirka\AppData\Roaming\.purple
2011-08-20 22:58:30 ----D---- C:\Program Files\Pidgin
2011-08-20 22:56:20 ----D---- C:\Users\Jirka\AppData\Roaming\Identities
2011-08-20 22:55:53 ----SD---- C:\Users\Jirka\AppData\Roaming\Microsoft
2011-08-20 22:55:53 ----D---- C:\Users\Jirka\AppData\Roaming\Media Center Programs
2011-08-20 22:54:20 ----SHD---- C:\ProgramData\Šablony
2011-08-20 22:54:20 ----SHD---- C:\ProgramData\Plocha
2011-08-20 22:54:20 ----SHD---- C:\ProgramData\Oblíbené položky
2011-08-20 22:54:20 ----SHD---- C:\ProgramData\Nabídka Start
2011-08-20 22:54:20 ----SHD---- C:\ProgramData\Dokumenty
2011-08-20 22:54:20 ----SHD---- C:\ProgramData\Data aplikací
2011-08-20 22:46:44 ----D---- C:\Windows\SoftwareDistribution
2011-08-20 22:44:08 ----D---- C:\Windows\Prefetch
2011-08-03 03:31:54 ----A---- C:\Windows\system32\nvStreaming.exe
2011-07-31 08:51:08 ----A---- C:\Windows\system32\frapsvid.dll

======List of files/folders modified in the last 1 month======

2011-08-21 20:07:27 ----D---- C:\Windows\Temp
2011-08-21 20:07:26 ----RD---- C:\Program Files
2011-08-21 20:03:03 ----D---- C:\Windows\System32
2011-08-21 20:03:03 ----D---- C:\Windows\inf
2011-08-21 20:02:37 ----D---- C:\Windows
2011-08-21 19:54:56 ----D---- C:\Windows\system32\drivers\etc
2011-08-21 19:38:49 ----D---- C:\Windows\system32\config
2011-08-21 17:37:13 ----RSD---- C:\Windows\assembly
2011-08-21 17:36:40 ----D---- C:\Windows\Logs
2011-08-21 17:36:12 ----SHD---- C:\Config.Msi
2011-08-21 17:36:03 ----D---- C:\Windows\system32\drivers
2011-08-21 17:36:01 ----D---- C:\Windows\system32\DriverStore
2011-08-21 17:36:01 ----D---- C:\Windows\system32\catroot
2011-08-21 16:26:34 ----D---- C:\Windows\winsxs
2011-08-21 12:49:01 ----SD---- C:\ProgramData\Microsoft
2011-08-21 12:48:56 ----D---- C:\Program Files\Common Files\microsoft shared
2011-08-21 12:46:31 ----D---- C:\Program Files\Common Files
2011-08-21 12:31:23 ----HD---- C:\ProgramData
2011-08-21 10:18:48 ----D---- C:\Windows\Microsoft.NET
2011-08-21 10:08:06 ----D---- C:\Windows\Registration
2011-08-21 09:40:34 ----D---- C:\Windows\system32\Tasks
2011-08-21 00:03:20 ----D---- C:\Windows\system32\catroot2
2011-08-20 23:42:55 ----RASH---- C:\BOOTSECT.BAK
2011-08-20 23:42:54 ----SHD---- C:\Boot
2011-08-20 23:42:40 ----D---- C:\Windows\Setup
2011-08-20 23:27:25 ----D---- C:\Windows\Tasks
2011-08-20 23:26:55 ----D---- C:\Windows\system32\wdi
2011-08-20 23:14:05 ----RD---- C:\Users
2011-08-20 23:13:03 ----D---- C:\Windows\Help
2011-08-20 23:06:29 ----D---- C:\Windows\system32\drivers\UMDF
2011-08-20 23:05:40 ----D---- C:\Windows\Downloaded Program Files
2011-08-20 23:05:38 ----D---- C:\Windows\system32\CodeIntegrity
2011-08-20 23:04:47 ----D---- C:\Windows\system32\LogFiles
2011-08-20 22:59:53 ----D---- C:\Windows\system32\wbem
2011-08-20 22:56:09 ----SHD---- C:\$Recycle.Bin
2011-08-20 22:54:26 ----D---- C:\Windows\rescache
2011-08-20 22:54:21 ----SHD---- C:\Recovery
2011-08-20 22:54:20 ----D---- C:\Program Files\Windows NT
2011-08-20 22:53:55 ----D---- C:\Windows\debug
2011-08-20 22:46:23 ----D---- C:\Windows\system32\sysprep
2011-08-20 22:44:36 ----D---- C:\Windows\CSC
2011-08-03 13:50:00 ----A---- C:\Windows\system32\nvwgf2um.dll
2011-08-03 13:50:00 ----A---- C:\Windows\system32\nvd3dum.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvamacpi;NVIDIA Away Mode System; C:\Windows\system32\DRIVERS\NVAMACPI.sys [2009-11-24 24680]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-08-20 443448]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-12-21 134000]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-12-21 33120]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-06-14 3520168]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 am5vvcrw;am5vvcrw; C:\Windows\system32\drivers\am5vvcrw.sys []
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ddservice;ddservice; C:\Windows\update.7.1\svchostdriver.exe [2011-08-21 382464]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-08-03 599144]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-08-21 352768]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-08-21 634880]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-08-21 258048]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-08-21 1213440]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe []
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 21 srp 2011 19:13

Zdravim a pekny den preji

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost 2 a potvrte enterem
Utilita provede svou cinnost a da log - ten sem vlozte
Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

zralok · #3 Příspěvek od **zralok** » 21 srp 2011 19:15

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Jirka [Admin rights]
Mode: Remove -- Date : 08/21/2011 20:14:24

Bad processes: 8
[HJ NAME] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.tray-3-0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.1\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED [TermProc]

Registry Entries: 25
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\Windows\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\Windows\update.tray-3-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 7230630.exe ("C:\Windows\Temp\7230630.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\Windows\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\Windows\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 8916745.exe ("C:\Users\Jirka\AppData\Local\Temp\8916745.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 2244134.exe ("C:\Windows\Temp\2244134.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 36312333-loader2.exe ("C:\Windows\Temp\36312333-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 2394436.exe ("C:\Windows\Temp\2394436.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\Windows\l1rezerv.exe") -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

Děkuji za rychlou reakci a přeji dobrý večer. Vidím že máte plné ruce s tímdle svinstvem, zde je log!

zralok · #4 Příspěvek od **zralok** » 21 srp 2011 19:15

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Jirka [Admin rights]
Mode: HOSTSFix -- Date : 08/21/2011 20:15:28

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Jirka [Admin rights]
Mode: ProxyFix -- Date : 08/21/2011 20:15:45

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#5 Příspěvek od **vyosek** » 21 srp 2011 19:18

Fajn, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

zralok · #6 Příspěvek od **zralok** » 21 srp 2011 19:26

ComboFix 11-08-21.01 - Jirka 21.08.2011 20:20:07.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2047.1503 [GMT 2:00]
Spuštěný z: c:\users\Jirka\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-21 do 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 18:24 . 2011-08-21 18:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-21 18:07 . 2011-08-21 18:07 -------- d-----w- C:\rsit
2011-08-21 18:07 . 2011-08-21 18:07 -------- d-----w- c:\program files\trend micro
2011-08-21 18:02 . 2011-08-21 18:24 -------- d-----w- c:\windows\phoenix
2011-08-21 18:02 . 2011-08-21 18:02 -------- d-----w- c:\windows\ufa
2011-08-21 17:57 . 2011-08-21 18:02 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 17:54 . 2011-08-21 17:55 -------- d--h--w- c:\windows\update.7.1
2011-08-21 17:51 . 2011-08-21 17:51 -------- d-----w- c:\windows\av_ico
2011-08-21 17:50 . 2011-08-21 17:50 -------- d--h--w- c:\windows\update.tray-3-0
2011-08-21 17:50 . 2011-08-21 17:50 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-08-21 15:35 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2011-08-21 15:35 . 2011-08-21 15:35 -------- d-----w- c:\program files\AMD
2011-08-21 15:30 . 2011-08-21 15:30 -------- d-----w- c:\program files\2K Games
2011-08-21 13:04 . 2011-08-21 13:04 -------- d-----w- c:\program files\FinalWire
2011-08-21 10:52 . 2011-08-21 10:52 -------- d-----w- c:\windows\cs
2011-08-21 10:50 . 2011-08-21 10:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-08-21 10:48 . 2011-08-21 10:48 -------- d-----w- c:\windows\PCHEALTH
2011-08-21 10:48 . 2011-08-21 10:49 -------- d-----w- c:\program files\Windows Live
2011-08-21 10:47 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-08-21 10:47 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-08-21 10:47 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-08-21 10:47 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-08-21 10:47 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2011-08-21 10:46 . 2011-08-21 10:46 -------- d-----w- c:\program files\Common Files\Windows Live
2011-08-21 10:31 . 2011-08-21 10:31 -------- d-sh--w- c:\programdata\DSS
2011-08-21 10:31 . 2011-08-21 10:31 -------- d-----w- c:\programdata\Codemasters
2011-08-21 10:30 . 2011-08-21 10:30 -------- d-----w- c:\windows\system32\xlive
2011-08-21 10:30 . 2011-08-21 10:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-08-21 10:29 . 2011-03-19 13:16 1417216 ----a-w- c:\windows\system32\rapture3d_oal.dll
2011-08-21 10:29 . 2010-09-22 11:12 19087360 ----a-w- c:\windows\system32\mkl_blueripple.dll
2011-08-21 10:29 . 2011-08-21 10:29 -------- d-----w- c:\program files\BRS
2011-08-21 10:29 . 2011-08-21 10:29 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-21 10:29 . 2011-08-21 10:29 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-21 10:29 . 2011-08-21 10:29 -------- d-----w- c:\program files\OpenAL
2011-08-21 10:29 . 2011-04-15 23:40 809496 ----a-r- c:\windows\system32\tmpB426.tmp
2011-08-21 10:18 . 2011-08-21 10:18 -------- d-----w- c:\program files\Codemasters
2011-08-21 08:56 . 2011-08-21 10:38 -------- d-----w- C:\Fraps
2011-08-21 08:03 . 2011-08-21 08:03 -------- d-----w- c:\program files\Western Digital Corporation
2011-08-21 07:40 . 2011-08-21 07:40 -------- d-----r- c:\program files\Skype
2011-08-21 07:40 . 2011-08-21 07:40 -------- d-----w- c:\programdata\Skype
2011-08-21 07:39 . 2011-08-21 07:39 -------- d-----w- c:\program files\uTorrent
2011-08-20 22:24 . 2011-08-20 22:24 -------- d-----w- c:\program files\Common Files\Java
2011-08-20 22:24 . 2011-08-20 22:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-20 22:24 . 2011-08-20 22:24 -------- d-----w- c:\program files\Java
2011-08-20 21:43 . 2011-08-20 20:55 -------- d-----w- c:\windows\Panther
2011-08-20 21:23 . 2011-08-20 21:23 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-08-20 21:23 . 2011-08-20 21:23 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-08-20 21:22 . 2011-08-21 15:30 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-08-20 21:14 . 2011-08-21 15:36 -------- d-sh--w- c:\windows\Installer
2011-08-20 21:14 . 2011-08-20 21:14 -------- d-----w- c:\users\UpdatusUser
2011-08-20 21:13 . 2011-08-16 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68C1C4B4-F4E9-48A4-962C-F72CA4C64EE8}\mpengine.dll
2011-08-20 21:13 . 2011-05-24 17:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-20 21:13 . 2011-08-21 17:56 -------- d-----w- c:\programdata\NVIDIA
2011-08-20 21:13 . 2011-08-03 11:50 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-20 21:13 . 2011-08-03 11:50 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-20 21:13 . 2011-08-03 11:50 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-20 21:13 . 2011-08-03 11:50 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-20 21:13 . 2011-08-03 11:50 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-20 21:13 . 2011-08-03 11:50 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-20 21:13 . 2011-08-03 11:50 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-20 21:12 . 2011-08-20 21:12 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-08-20 21:12 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-20 21:12 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-08-20 21:12 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-20 21:12 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-20 21:12 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-20 21:12 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-20 21:12 . 2011-08-03 11:50 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-20 21:12 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-20 21:12 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-20 21:12 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-20 21:05 . 2011-08-20 21:05 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-20 21:04 . 2011-08-20 21:14 -------- d-----w- c:\program files\NVIDIA Corporation
2011-08-20 21:02 . 2009-11-24 10:33 24680 ----a-w- c:\windows\system32\drivers\nvamacpi.sys
2011-08-20 21:02 . 2009-11-23 23:14 182888 ----a-w- c:\windows\system32\NVCOAWY.DLL
2011-08-20 20:59 . 2011-08-21 18:03 -------- d-----w- c:\windows\system32\wbem\Performance
2011-08-20 20:58 . 2011-08-20 20:58 -------- d-----w- c:\program files\Pidgin
2011-08-20 20:55 . 2011-08-20 20:56 -------- d-----w- c:\users\Jirka
2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\system32\nvStreaming.exe
2011-07-31 06:51 . 2011-07-31 06:51 65536 ----a-w- c:\windows\system32\frapsvid.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-21 10:48 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-03 11:50 . 2009-07-13 22:09 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-08-03 11:50 . 2009-06-10 21:19 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Pidgin"="c:\program files\Pidgin\pidgin.exe" [2011-06-24 49340]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-09 10082920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe [2011-08-21 382464]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-11-24 24680]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306548873-3707734994-3830648221-1001Core.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 21:27]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306548873-3707734994-3830648221-1001UA.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 21:27]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-egui - c:\program files\ESET\ESET Smart Security\egui.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-MiNODLogin - c:\program files\ESET\MiNODLogin\MiNODLoginUninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-21 20:26:20
ComboFix-quarantined-files.txt 2011-08-21 18:26
.
Před spuštěním: Volných bajtů: 69 720 076 288
Po spuštění: Volných bajtů: 69 832 417 280
.
- - End Of File - - 7A2BE6339568482C01C12782336C1A58
Zde je log z combofixu

#7 Příspěvek od **vyosek** » 21 srp 2011 20:47

Doufam ze po ukonceni leceni si tam date free zabezpeceni, crackly antivir tu fakt podporovat nebudem

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\windows\phoenix
c:\windows\ufa
c:\windows\update.7.1
c:\windows\av_ico
c:\windows\update.tray-3-0
c:\windows\update.tray-3-0-lnk
c:\program files\ESET\MiNODLogin

File::
c:\windows\unrar.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizovat ESET licenci.lnk
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306548873-3707734994-3830648221-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306548873-3707734994-3830648221-1001UA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Skype"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

AtJob::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

zralok · #8 Příspěvek od **zralok** » 21 srp 2011 21:25

Dobře já se tomu nebráním,dokonce jsem se už po free alternativě poohlížel ale je jich tolik že nevím jakou. mohl bych vás poprosit jakou free alternativu bych měl využít ? Chtěl bych taky firewall a antivirus v jednom, kdyby to šlo:)

Jinak zde je log!

ComboFix 11-08-21.01 - Jirka 21.08.2011 22:14:35.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2047.1277 [GMT 2:00]
Spuštěný z: c:\users\Jirka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jirka\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizovat ESET licenci.lnk"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306548873-3707734994-3830648221-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306548873-3707734994-3830648221-1001UA.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ESET\MiNODLogin
c:\program files\ESET\MiNODLogin\MiNODLogin.exe
c:\program files\ESET\MiNODLogin\MiNODLogin.jar
c:\program files\ESET\MiNODLogin\MiNODLoginLib.dll
c:\program files\ESET\MiNODLogin\MiNODLoginUninst.exe
c:\program files\ESET\MiNODLogin\servidores.xml
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizovat ESET licenci.lnk
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\phoenix
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306548873-3707734994-3830648221-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306548873-3707734994-3830648221-1001UA.job
c:\windows\ufa
c:\windows\unrar.exe
c:\windows\update.7.1
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0-lnk\svchost.exe
c:\windows\update.tray-3-0
c:\windows\update.tray-3-0\svchost.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-21 do 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 20:19 . 2011-08-21 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-21 19:06 . 2011-08-21 20:19 -------- d-----w- c:\program files\ESET
2011-08-21 18:07 . 2011-08-21 18:07 -------- d-----w- c:\program files\trend micro
2011-08-21 15:35 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2011-08-21 15:35 . 2011-08-21 15:35 -------- d-----w- c:\program files\AMD
2011-08-21 15:30 . 2011-08-21 15:30 -------- d-----w- c:\program files\2K Games
2011-08-21 13:04 . 2011-08-21 13:04 -------- d-----w- c:\program files\FinalWire
2011-08-21 10:52 . 2011-08-21 10:52 -------- d-----w- c:\windows\cs
2011-08-21 10:50 . 2011-08-21 10:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-08-21 10:48 . 2011-08-21 10:48 -------- d-----w- c:\windows\PCHEALTH
2011-08-21 10:48 . 2011-08-21 10:49 -------- d-----w- c:\program files\Windows Live
2011-08-21 10:47 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-08-21 10:47 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-08-21 10:47 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-08-21 10:47 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-08-21 10:47 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2011-08-21 10:46 . 2011-08-21 10:46 -------- d-----w- c:\program files\Common Files\Windows Live
2011-08-21 10:31 . 2011-08-21 10:31 -------- d-sh--w- c:\programdata\DSS
2011-08-21 10:31 . 2011-08-21 10:31 -------- d-----w- c:\programdata\Codemasters
2011-08-21 10:30 . 2011-08-21 10:30 -------- d-----w- c:\windows\system32\xlive
2011-08-21 10:30 . 2011-08-21 10:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-08-21 10:29 . 2011-03-19 13:16 1417216 ----a-w- c:\windows\system32\rapture3d_oal.dll
2011-08-21 10:29 . 2010-09-22 11:12 19087360 ----a-w- c:\windows\system32\mkl_blueripple.dll
2011-08-21 10:29 . 2011-08-21 10:29 -------- d-----w- c:\program files\BRS
2011-08-21 10:29 . 2011-08-21 10:29 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-21 10:29 . 2011-08-21 10:29 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-21 10:29 . 2011-08-21 10:29 -------- d-----w- c:\program files\OpenAL
2011-08-21 10:29 . 2011-04-15 23:40 809496 ----a-r- c:\windows\system32\tmpB426.tmp
2011-08-21 10:18 . 2011-08-21 10:18 -------- d-----w- c:\program files\Codemasters
2011-08-21 08:56 . 2011-08-21 10:38 -------- d-----w- C:\Fraps
2011-08-21 08:03 . 2011-08-21 08:03 -------- d-----w- c:\program files\Western Digital Corporation
2011-08-21 07:40 . 2011-08-21 07:40 -------- d-----r- c:\program files\Skype
2011-08-21 07:40 . 2011-08-21 07:40 -------- d-----w- c:\programdata\Skype
2011-08-21 07:39 . 2011-08-21 07:39 -------- d-----w- c:\program files\uTorrent
2011-08-20 22:24 . 2011-08-20 22:24 -------- d-----w- c:\program files\Common Files\Java
2011-08-20 22:24 . 2011-08-20 22:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-20 22:24 . 2011-08-20 22:24 -------- d-----w- c:\program files\Java
2011-08-20 21:43 . 2011-08-20 20:55 -------- d-----w- c:\windows\Panther
2011-08-20 21:23 . 2011-08-20 21:23 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-08-20 21:23 . 2011-08-20 21:23 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-08-20 21:22 . 2011-08-21 15:30 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-08-20 21:14 . 2011-08-21 19:06 -------- d-sh--w- c:\windows\Installer
2011-08-20 21:14 . 2011-08-20 21:14 -------- d-----w- c:\users\UpdatusUser
2011-08-20 21:13 . 2011-08-16 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68C1C4B4-F4E9-48A4-962C-F72CA4C64EE8}\mpengine.dll
2011-08-20 21:13 . 2011-05-24 17:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-20 21:13 . 2011-08-21 20:21 -------- d-----w- c:\programdata\NVIDIA
2011-08-20 21:13 . 2011-08-03 11:50 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-20 21:13 . 2011-08-03 11:50 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-20 21:13 . 2011-08-03 11:50 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-20 21:13 . 2011-08-03 11:50 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-20 21:13 . 2011-08-03 11:50 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-20 21:13 . 2011-08-03 11:50 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-20 21:13 . 2011-08-03 11:50 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-20 21:12 . 2011-08-20 21:12 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-08-20 21:12 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-20 21:12 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-08-20 21:12 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-20 21:12 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-20 21:12 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-20 21:12 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-20 21:12 . 2011-08-03 11:50 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-20 21:12 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-20 21:12 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-20 21:12 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-20 21:05 . 2011-08-20 21:05 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-20 21:04 . 2011-08-20 21:14 -------- d-----w- c:\program files\NVIDIA Corporation
2011-08-20 21:02 . 2009-11-24 10:33 24680 ----a-w- c:\windows\system32\drivers\nvamacpi.sys
2011-08-20 21:02 . 2009-11-23 23:14 182888 ----a-w- c:\windows\system32\NVCOAWY.DLL
2011-08-20 20:59 . 2011-08-21 20:16 -------- d-----w- c:\windows\system32\wbem\Performance
2011-08-20 20:58 . 2011-08-20 20:58 -------- d-----w- c:\program files\Pidgin
2011-08-20 20:55 . 2011-08-20 20:56 -------- d-----w- c:\users\Jirka
2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\system32\nvStreaming.exe
2011-07-31 06:51 . 2011-07-31 06:51 65536 ----a-w- c:\windows\system32\frapsvid.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-21 10:48 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-03 11:50 . 2009-07-13 22:09 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-08-03 11:50 . 2009-06-10 21:19 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pidgin"="c:\program files\Pidgin\pidgin.exe" [2011-06-24 49340]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-09 10082920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-11-24 24680]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
.
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 192.168.1.1
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\system32\rundll32.exe
c:\users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-08-21 22:24:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-21 20:24
ComboFix2.txt 2011-08-21 18:26
.
Před spuštěním: Volných bajtů: 70 203 928 576
Po spuštění: Volných bajtů: 70 743 859 200
.
- - End Of File - - AEA47F1BE494B2AE450CF05B29C53C69

zralok · #9 Příspěvek od **zralok** » 22 srp 2011 14:57

To je vše ?

#10 Příspěvek od **vyosek** » 22 srp 2011 16:49

Ne neni, ale nase forum funguje na bazi dobrovolnosti - vsichni jsme tu zdarma a ve svem volnem case = nemuzeme tu byt porad - mame pracovni ci treba rodinne povinnosti

Free reseni v podobe komplexniho balicku pokud vim, tak neni. Ale treba kombinace Avast+ZoneAlarm ci Comodo FW je dobra volba - vice info zde http://www.viry.cz/forum/viewtopic.php?f=29&t=6152

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

v nouzovem rezimu aplikujte tohle http://download.eset.com/special/ESETUninstaller.exe navod zde http://www.viry.cz/forum/viewtopic.php?f=29&t=103558

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Nainstalujte free zabezpeceni

Dejte novy log z RSIT a napiste jak se chova PC

VIRY.CZ

Facebook vir

Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir