Nejde mi příkaz PING

[vyosek]

Poprosim o log z DDS

• Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/dds.com a ulozte na plochu
• Spustte a kliknete na Start
• Po chvili vyskoci log, ten rad uvidim

[blai]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by ondra at 16:39:27 on 2012-02-09
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2046.1238 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\InstallBrainService\InstallBrainService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Searchcore Toolbar\Datamngr\datamngrUI.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\conime.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchcore.net/426
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyPl.dll
mURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: XTTBPos00 Class: {055fd26d-3a88-4e15-963d-dc8493744b1d} - c:\progra~1\icqtoo~1\toolbaru.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyPl.dll
BHO: DataMngr: {7da17d5a-5718-4130-a605-fc316c827836} - c:\progra~1\search~1\datamngr\BROWSE~1.DLL
BHO: Searchcore Toolbar: {af6ac4f2-9825-4fb6-a600-92bc5361f209} - c:\progra~1\search~1\datamngr\toolbar\searchcoredtx.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyPl.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: Searchcore Toolbar: {af6ac4f2-9825-4fb6-a600-92bc5361f209} - c:\progra~1\search~1\datamngr\toolbar\searchcoredtx.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
StartupFolder: c:\users\ondra\appdata\roaming\micros~1\windows\startm~1\programs\startup\vezyob~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 10.0.18.234 88.86.107.86
TCP: Interfaces\{264328F4-3E88-468B-9532-C6E9B4F6159D} : DhcpNameServer = 10.0.18.234 88.86.107.86
AppInit_DLLs: c:\progra~1\search~1\datamngr\datamngr.dll c:\progra~1\search~1\datamngr\IEBHO.dll
.
============= SERVICES / DRIVERS ===============
.
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-11-20 13560]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-7-15 247608]
R2 InstallBrainService;InstallBrain Updater Service;c:\program files\installbrainservice\InstallBrainService.exe [2012-2-8 273912]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2007-6-29 32256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-28 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-28 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-11-18 80744]
.
=============== Created Last 30 ================
.
2012-02-09 11:08:10 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d44deda0-7dbc-4f6a-b686-e4d71f7f4b3f}\offreg.dll
2012-02-08 17:04:10 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-08 16:25:14 -------- d-----w- C:\ComboFix
2012-02-08 13:51:20 -------- d-----w- c:\program files\trend micro
2012-02-08 13:20:42 -------- d-----w- c:\program files\Searchcore Toolbar
2012-02-08 13:20:26 -------- d-----w- c:\users\ondra\appdata\roaming\PerformerSoft
2012-02-08 13:19:59 -------- d-----w- c:\program files\PC Performer
2012-02-08 13:19:33 -------- d-----w- c:\program files\InstallBrainService
2012-02-08 11:45:35 -------- d-----w- c:\program files\GetData
2012-02-08 11:01:27 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d44deda0-7dbc-4f6a-b686-e4d71f7f4b3f}\mpengine.dll
2012-02-08 00:35:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-07 21:06:34 98816 ----a-w- c:\windows\sed.exe
2012-02-07 21:06:34 518144 ----a-w- c:\windows\SWREG.exe
2012-02-07 21:06:34 256000 ----a-w- c:\windows\PEV.exe
2012-02-07 21:06:34 208896 ----a-w- c:\windows\MBR.exe
2012-02-06 00:30:59 -------- d-----w- c:\users\ondra\.idlerc
2012-02-06 00:09:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-05 22:07:18 -------- d-----w- c:\program files\CCleaner
2012-02-05 15:45:13 -------- d-----w- C:\Python27
2012-01-30 17:51:12 423656 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-30 14:46:57 -------- d-----w- C:\winnt
2012-01-30 14:46:57 -------- d-----w- C:\phptriad
2012-01-30 14:45:49 -------- d-----w- C:\apache
2012-01-28 23:20:12 -------- d-----w- c:\users\ondra\appdata\roaming\TrojanHunter
2012-01-28 10:59:21 -------- d-----w- c:\windows\system32\ondra
2012-01-28 00:46:42 -------- d-----w- c:\users\ondra\slozka
2012-01-27 14:59:54 -------- d-----w- C:\Dev-Cpp
2012-01-24 01:17:21 -------- d-----w- c:\users\ondra\složka
.
==================== Find3M ====================
.
2012-01-26 23:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:42:31,27 ===============

[blai]

Ještě mi tam vyběhlo toto :



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 21.11.2007 0:20:58
System Uptime: 9.2.2012 11:38:43 (5 hours ago)
.
Motherboard: Acer | | Fuquene
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-56 | Socket A | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 30,712 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 61,273 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: Jednotka CD-ROM
Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-T20N________________WP03____\5&13E66E17&0&0.0.0
Manufacturer: (Standardní jednotky CD-ROM)
Name: HL-DT-ST DVDRAM GSA-T20N ATA Device
PNP Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-T20N________________WP03____\5&13E66E17&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
RP1054: 8.2.2012 12:35:55 - Windows Vista™ Service Pack 2
RP1056: 8.2.2012 14:28:32 - PC Performer Wed, Feb 08, 12 14:28
RP1057: 9.2.2012 2:58:12 - Removed Ask Toolbar.
RP1058: 9.2.2012 3:00:27 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer Arcade Deluxe
Acer Crystal Eye webcam
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 11 ActiveX
Adobe Reader 9.3.3 - Czech
AGEIA PhysX v6.10.25
ALPS Touch Pad Driver
µTorrent
Bing Bar
CCleaner
Dev-C++ 5 beta 9 release (4.9.9.2)
FSX_Screensaver
Google Chrome
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICQ Toolbar
ICQ7.5
InstallBrain Updater Service
Launch Manager
LightScribe 1.4.142.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - csy
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile CSY Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPlayCity Toolbar
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
PC Performer
PowerProducer
Python 2.7.2
RAR Backup
Realtek High Definition Audio Driver
Recover My Files
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Searchcore Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
VC80CRTRedist - 8.0.50727.6195
Vista Codec Package
WinRAR
Zlomek kalkulator 1.2
.
==== End Of File ===========================

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Mia::
  C:\Windows\system32\ping.exe
  
  Restore::
  C:\Windows\system32\ping.exe
  
  Folder::
  c:\program files\icq6toolbar
  c:\progra~1\search~1\datamngr\toolbar
  c:\program files\Searchcore Toolbar
  C:\Program Files\Ask.com
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "ehTray.exe"=-
  "ICQ"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "!SearchcoreDSCR"=-
  "!SearchcoreCRHP"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=dword:00000000
  [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  
  File::
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\PC Performer_DEFAULT.job
  C:\Windows\tasks\PC Performer_UPDATES.job
  C:\Windows\tasks\User_Feed_Synchronization-{AA07CD0E-5B9A-485F-AE2D-12EF9BED0280}.job
  
  Driver::
  ICQ Service
  gupdate
  gupdatem
  
  DDS::
  uStart Page = hxxp://www.searchcore.net/426
  uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
  mStart Page = hxxp://cs.intl.acer.yahoo.com
  uSearchAssistant = hxxp://www.google.com/ie
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
  uURLSearchHooks: H - No File
  uURLSearchHooks: H - No File
  uURLSearchHooks: H - No File
  mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
  mURLSearchHooks: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyPl.dll
  mURLSearchHooks: H - No File
  mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
  mURLSearchHooks: H - No File
  mURLSearchHooks: H - No File
  BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
  BHO: XTTBPos00 Class: {055fd26d-3a88-4e15-963d-dc8493744b1d} - c:\progra~1\icqtoo~1\toolbaru.dll
  BHO: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyPl.dll
  BHO: DataMngr: {7da17d5a-5718-4130-a605-fc316c827836} - c:\progra~1\search~1\datamngr\BROWSE~1.DLL
  BHO: Searchcore Toolbar: {af6ac4f2-9825-4fb6-a600-92bc5361f209} - c:\progra~1\search~1\datamngr\toolbar\searchcoredtx.dll
  BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
  TB: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyPl.dll
  TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
  TB: Searchcore Toolbar: {af6ac4f2-9825-4fb6-a600-92bc5361f209} - c:\progra~1\search~1\datamngr\toolbar\searchcoredtx.dll
  TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
  TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
  TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
  TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
  mRun: [Adobe Reader Speed Launcher]
  mRun: [Adobe ARM]
  mRun: [DATAMNGR]
  
  RegLock::
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[blai]

Zdá se, že vše funguje naprosto perfektně.Je to napsaný i v logu
Moc děkuji



ComboFix 12-02-08.01 - ondra 09.02.2012 21:01:12.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2046.1236 [GMT 1:00]
Spuštěný z: c:\users\ondra\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\ondra\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\PC Performer_DEFAULT.job"
"c:\windows\tasks\PC Performer_UPDATES.job"
"c:\windows\tasks\User_Feed_Synchronization-{AA07CD0E-5B9A-485F-AE2D-12EF9BED0280}.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\icqtoo~1\toolbaru.dll
c:\progra~1\search~1\datamngr\BROWSE~1.DLL
c:\progra~1\search~1\datamngr\toolbar\searchcoredtx.dll
c:\program files\icq6toolbar\ICQToolBar.dll
c:\program files\myplaycity\tbMyPl.dll
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\PC Performer_DEFAULT.job
c:\windows\tasks\PC Performer_UPDATES.job
c:\windows\tasks\User_Feed_Synchronization-{AA07CD0E-5B9A-485F-AE2D-12EF9BED0280}.job
.
Nakažená kopie c:\windows\system32\ping.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a931a5078fdac855\PING.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-09 do 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 20:22 . 2012-02-09 20:25 -------- d-----w- c:\users\ondra\AppData\Local\temp
2012-02-09 20:22 . 2012-02-09 20:22 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-09 20:22 . 2012-02-09 20:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-09 20:01 . 2008-01-19 07:33 15360 ----a-w- c:\windows\system32\ping.exe
2012-02-08 13:51 . 2012-02-08 13:51 -------- d-----w- C:\rsit
2012-02-08 13:51 . 2012-02-08 13:51 -------- d-----w- c:\program files\trend micro
2012-02-08 13:20 . 2012-02-08 13:21 -------- d-----w- c:\program files\Searchcore Toolbar
2012-02-08 13:20 . 2012-02-08 14:01 -------- d-----w- c:\users\ondra\AppData\Roaming\PerformerSoft
2012-02-08 13:19 . 2012-02-08 13:20 -------- d-----w- c:\program files\PC Performer
2012-02-08 13:19 . 2012-02-08 13:19 -------- d-----w- c:\program files\InstallBrainService
2012-02-08 11:45 . 2012-02-08 11:45 -------- d-----w- c:\program files\GetData
2012-02-08 11:01 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D44DEDA0-7DBC-4F6A-B686-E4D71F7F4B3F}\mpengine.dll
2012-02-08 00:35 . 2012-02-08 00:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-06 00:30 . 2012-02-06 00:31 -------- d-----w- c:\users\ondra\.idlerc
2012-02-06 00:09 . 2012-02-06 00:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-05 22:07 . 2012-02-05 22:07 -------- d-----w- c:\program files\CCleaner
2012-02-05 15:45 . 2012-02-07 23:14 -------- d-----w- C:\Python27
2012-01-30 17:51 . 2012-01-30 17:50 423656 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-30 14:46 . 2012-01-30 17:25 -------- d-----w- C:\phptriad
2012-01-30 14:46 . 2012-01-30 14:46 -------- d-----w- C:\winnt
2012-01-30 14:45 . 2012-01-30 14:46 -------- d-----w- C:\apache
2012-01-28 23:20 . 2012-01-28 23:20 -------- d-----w- c:\users\ondra\AppData\Roaming\TrojanHunter
2012-01-28 10:59 . 2012-01-28 10:59 -------- d-----w- c:\windows\system32\ondra
2012-01-28 00:46 . 2012-01-28 00:46 -------- d-----w- c:\users\ondra\slozka
2012-01-27 14:59 . 2012-01-27 15:00 -------- d-----w- C:\Dev-Cpp
2012-01-24 01:17 . 2012-01-24 01:17 -------- d-----w- c:\users\ondra\složka
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-10-03 08:48 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 206952]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
.
c:\users\ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-6-28 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 78443707;78443707;c:\windows\system32\drivers\57764368.sys [x]
R0 95726315;95726315;c:\windows\system32\drivers\83472297.sys [x]
.
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.0.18.234 88.86.107.86
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-09 21:27
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3456)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\PC Performer\PCPerformer.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\InstallBrainService\InstallBrainService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-02-09 21:36:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-09 20:35
ComboFix2.txt 2012-02-08 17:03
ComboFix3.txt 2012-02-07 21:47
.
Před spuštěním: Volných bajtů: 32 853 323 776
Po spuštění: Volných bajtů: 32 599 027 712
.
- - End Of File - - E8FF8B380E73892D8D7FDA1688B5F972

[vyosek]

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Dejte novy log z RSIT a napiste co PC

[blai]

Běhá jako nově zakoupený .Všechno šlape na jedničku
Akorát mi dělal starosti, když zcela nečekaně vyběhne program PCPERFORMER- myslel jsem, že jsem ho odinstaloval, ale furt tam někde byl.Ale teď by to už mohlo být v pohodě.
Moc Vám děkuji




Logfile of random's system information tool 1.09 (written by random/random)
Run by ondra at 2012-02-09 23:03:55
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 31 GB (44%) free of 71 GB
Total RAM: 2046 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:04:49, on 9.2.2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ondra\Downloads\RSIT.exe
C:\Program Files\trend micro\ondra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallBrain Updater Service (InstallBrainService) - Unknown owner - C:\Program Files\InstallBrainService\InstallBrainService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6001 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"eAudio"=C:\Acer\Empowering Technology\eAudio\eAudio.exe [2007-06-11 1286144]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-06-27 752136]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [2007-05-03 206952]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-06 159744]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-05-22 151552]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-06-06 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-06-06 8433664]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-06-06 81920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

C:\Users\ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.mkdmp3enc"=C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM
"MSVideo8"=VfWWDM32.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.XVID"=xvidvfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.avis"=ff_acm.acm
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-02-09 23:03:55 ----D---- C:\rsit
2012-02-09 21:25:15 ----D---- C:\$RECYCLE.BIN
2012-02-09 21:22:28 ----D---- C:\Windows\temp
2012-02-09 21:01:10 ----A---- C:\Windows\system32\ping.exe
2012-02-08 16:36:13 ----A---- C:\TDSSQ.txt
2012-02-08 15:43:08 ----D---- C:\Program Files\WinRAR
2012-02-08 14:51:20 ----D---- C:\Program Files\trend micro
2012-02-08 14:20:42 ----D---- C:\Program Files\Searchcore Toolbar
2012-02-08 14:19:59 ----D---- C:\Program Files\PC Performer
2012-02-08 14:19:33 ----D---- C:\Program Files\InstallBrainService
2012-02-08 12:45:35 ----D---- C:\Program Files\GetData
2012-02-08 01:35:40 ----D---- C:\TDSSKiller_Quarantine
2012-02-07 22:06:14 ----D---- C:\Windows\ERDNT
2012-02-07 15:55:30 ----A---- C:\Windows\system32\www.zpovednice.txt
2012-02-07 15:54:47 ----A---- C:\Windows\system32\zpovednice.txt
2012-02-05 23:07:18 ----D---- C:\Program Files\CCleaner
2012-02-05 16:45:13 ----D---- C:\Python27
2012-01-30 18:53:17 ----D---- C:\ProgramData\Sun
2012-01-30 18:51:12 ----A---- C:\Windows\system32\deployJava1.dll
2012-01-30 15:46:57 ----D---- C:\winnt
2012-01-30 15:46:57 ----D---- C:\phptriad
2012-01-30 15:45:49 ----D---- C:\apache
2012-01-29 00:20:12 ----D---- C:\Users\ondra\AppData\Roaming\TrojanHunter
2012-01-28 22:29:20 ----R---- C:\Windows\system32\streamhlp.dll
2012-01-28 11:59:21 ----D---- C:\Windows\system32\ondra
2012-01-27 15:59:54 ----D---- C:\Dev-Cpp

======List of files/folders modified in the last 1 month======

2012-02-09 23:04:07 ----D---- C:\Windows\Prefetch
2012-02-09 22:59:05 ----D---- C:\Windows\System32
2012-02-09 22:59:05 ----D---- C:\Windows\inf
2012-02-09 22:59:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-09 22:55:31 ----D---- C:\Windows\system32\Tasks
2012-02-09 22:51:08 ----D---- C:\Windows
2012-02-09 21:36:22 ----D---- C:\Windows\system32\drivers
2012-02-09 21:25:26 ----A---- C:\Windows\system.ini
2012-02-09 21:25:09 ----D---- C:\Windows\system32\drivers\etc
2012-02-09 21:23:21 ----D---- C:\Windows\system32\config
2012-02-09 21:20:35 ----D---- C:\Windows\Tasks
2012-02-09 21:20:31 ----D---- C:\Program Files\MyPlayCity
2012-02-09 21:20:30 ----D---- C:\Program Files\ICQ6Toolbar
2012-02-09 21:20:27 ----D---- C:\Program Files\ICQToolbar
2012-02-09 21:10:48 ----D---- C:\Windows\AppPatch
2012-02-09 21:10:42 ----D---- C:\Program Files\Common Files
2012-02-09 13:11:43 ----D---- C:\Users\ondra\AppData\Roaming\ICQ
2012-02-09 03:05:04 ----SHD---- C:\Windows\Installer
2012-02-09 03:00:58 ----SHD---- C:\System Volume Information
2012-02-09 02:59:42 ----RD---- C:\Program Files
2012-02-08 14:21:15 ----D---- C:\ProgramData
2012-02-08 03:15:15 ----D---- C:\Program Files\Microsoft Office
2012-02-08 02:41:48 ----SD---- C:\ProgramData\Microsoft
2012-02-08 01:59:01 ----D---- C:\Windows\SoftwareDistribution
2012-02-08 01:58:45 ----D---- C:\Users\ondra\AppData\Roaming\uTorrent
2012-02-07 12:23:38 ----D---- C:\Windows\system32\catroot2
2012-02-06 01:00:03 ----D---- C:\ProgramData\Microsoft Help
2012-02-06 01:00:00 ----D---- C:\Windows\ShellNew
2012-02-06 00:57:50 ----D---- C:\Program Files\Common Files\microsoft shared
2012-02-05 23:17:22 ----D---- C:\Users\ondra\AppData\Roaming\Media Player Classic
2012-02-05 23:16:31 ----D---- C:\Windows\Panther
2012-02-05 23:16:28 ----D---- C:\Windows\Debug
2012-02-05 17:15:50 ----D---- C:\Windows\winsxs
2012-02-04 16:31:38 ----HD---- C:\Program Files\InstallShield Installation Information
2012-02-01 18:11:59 ----RSD---- C:\Windows\assembly
2012-02-01 18:11:59 ----D---- C:\Windows\Microsoft.NET
2012-01-30 21:05:27 ----D---- C:\Windows\Logs
2012-01-30 20:51:48 ----D---- C:\Program Files\Google
2012-01-30 20:51:21 ----D---- C:\Program Files\Common Files\PX Storage Engine
2012-01-30 19:12:13 ----D---- C:\Windows\Minidump
2012-01-27 00:21:24 ----N---- C:\Windows\system32\MpSigStub.exe
2012-01-12 09:02:19 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 20776]
R0 PSDNServ;PSDNSERVER; C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16680]
R0 psdvdisk;psdvdisk; C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 60712]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-05-17 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-14 154624]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 735232]
R3 Cam5607;Acer Crystal Eye webcam; C:\Windows\System32\Drivers\BisonC07.sys [2007-05-28 767664]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-05-17 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-05-17 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-10-18 3546664]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-17 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-06-06 7120768]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 12032]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-05-17 659968]
S0 78443707;78443707; C:\Windows\system32\drivers\57764368.sys []
S0 95726315;95726315; C:\Windows\system32\drivers\83472297.sys []
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys []
S3 WSVD;WSVD; \??\C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-03-14 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-02-13 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 24576]
R2 InstallBrainService;InstallBrain Updater Service; C:\Program Files\InstallBrainService\InstallBrainService.exe [2012-02-08 273912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 163840]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-05-17 386560]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[vyosek]

Nikde v logu ten PCPERFORMER videt neni, vy jste s nim neco delal

[blai]

Nikde v logu ten PCPERFORMER videt neni, vy jste s nim neco delal

Asi dvakrát jsem ho odinstaloval a pokaždé se vrátil po restartu.Teď už je to v pohodě.

[vyosek]

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :services
  78443707
  95726315
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  "AppInit_DLLs"=""
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
  "{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
  
  :files
  C:\Program Files\ICQ6Toolbar
  C:\Program Files\ICQToolbar
  C:\Users\ondra\AppData\Roaming\TrojanHunter
  C:\TDSSKiller_Quarantine
  C:\TDSSQ.txt
  C:\Program Files\Searchcore Toolbar
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[blai]

Zajímavé...
Hned po restartu se ten prevít ukázal znova...Ale PC funguje jinak skvěle.

Log :


All processes killed
========== SERVICES/DRIVERS ==========
Service 78443707 stopped successfully!
Service 78443707 deleted successfully!
Service 95726315 stopped successfully!
Service 95726315 deleted successfully!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
========== FILES ==========
C:\Program Files\ICQ6Toolbar folder moved successfully.
C:\Program Files\ICQToolbar\Cache folder moved successfully.
C:\Program Files\ICQToolbar folder moved successfully.
C:\Users\ondra\AppData\Roaming\TrojanHunter folder moved successfully.
C:\TDSSKiller_Quarantine\08.02.2012_01.49.03\susp0000\svc0000 folder moved successfully.
C:\TDSSKiller_Quarantine\08.02.2012_01.49.03\susp0000 folder moved successfully.
C:\TDSSKiller_Quarantine\08.02.2012_01.49.03 folder moved successfully.
C:\TDSSKiller_Quarantine\08.02.2012_01.34.04\susp0001\svc0000 folder moved successfully.
C:\TDSSKiller_Quarantine\08.02.2012_01.34.04\susp0001 folder moved successfully.
C:\TDSSKiller_Quarantine\08.02.2012_01.34.04\susp0000\svc0000 folder moved successfully.
C:\TDSSKiller_Quarantine\08.02.2012_01.34.04\susp0000 folder moved successfully.
C:\TDSSKiller_Quarantine\08.02.2012_01.34.04 folder moved successfully.
C:\TDSSKiller_Quarantine folder moved successfully.
C:\TDSSQ.txt moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\js folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\css folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.RadioBeta folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files\Searchcore Toolbar\Datamngr folder moved successfully.
C:\Program Files\Searchcore Toolbar folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ondra
->Temp folder emptied: 31975 bytes
->Temporary Internet Files folder emptied: 1949802 bytes
->Google Chrome cache emptied: 313055731 bytes
->Flash cache emptied: 1259 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 532778 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 301,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: ondra
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 02102012_183652

[vyosek]

Kde je umisten, jak jste na nej prisel

[blai]

C:\Users\ondra\AppData\Roaming\PerformerSoft\PC Performer

Přísahám ale, že jsem ho už několikrát házel do koše.

[vyosek]

Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :folderfind
  *Performer*
  
  :regfind
  *Performer*

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

[blai]

SystemLook 30.07.11 by jpshortstuff
Log created at 19:07 on 10/02/2012 by ondra
Administrator - Elevation successful

========== folderfind ==========

Searching for "*Performer*"
C:\Users\ondra\AppData\Roaming\PerformerSoft d------ [14:01 10/02/2012]

========== regfind ==========

Searching for "*Performer*"
No data found.

-= EOF =-