WIN32

Zpráva

Webmann · #1 Příspěvek od **Webmann** » 23 led 2013 21:57

Dobrý den, prosím o pomoc s odstraněním spiware

děkuji

log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by 1 at 2013-01-23 21:48:38
Microsoft Windows 7 Ultimate N
System drive C: has 201 GB (66%) free of 305 GB
Total RAM: 4094 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:48:45, on 23.1.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Advanced System Protector\advancedsystemprotector.exe
C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\Common Files\PCTV Systems\PVR\VideoControl.exe
C:\Program Files\trend micro\1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com/?affID=11663 ... 241ddb58c5
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [StrmServer.exe] C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Facebook Messenger.lnk = 1\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
O4 - Global Startup: Vyhledat aktualizace.lnk = C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10101 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
taskeng.exe {29AAFA6E-7282-4028-B4AC-4FEE9695D879}
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Advanced System Protector\advancedsystemprotector.exe" autolaunch
"C:\Program Files (x86)\GoforFiles\GFFUpdater.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
"C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe"
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2384
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe"
KHALMNPR.EXE /API
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
"C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
notepad.exe "C:\Users\1\AppData\Local\Temp\log.txt"
"C:\Program Files (x86)\Common Files\PCTV Systems\PVR\VideoControl.exe" -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe11_ Global\UsGthrCtrlFltPipeMssGthrPipe11 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\1\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-502028391-178142309-3488692791-1001Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-502028391-178142309-3488692791-1001UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04 366904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-08-09 12666984]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2012-11-04 2419512]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2012-09-07 2777296]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2012-09-07 3673808]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-11-26 6325936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StrmServer.exe"=C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe [2010-12-21 746768]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
"Facebook Update"=C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"RemoTerm.exe"=C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe [2010-06-10 226576]
"SpyEmergency"=C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [2013-01-11 3466040]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"CloneCDTray"=C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Vyhledat aktualizace.lnk - C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe

C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Messenger.lnk - C:\Users\1\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2012-10-01 68408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-01-23 21:48:38 ----D---- C:\rsit
2013-01-23 21:48:38 ----D---- C:\Program Files\trend micro
2013-01-23 21:38:10 ----A---- C:\ComboFix.txt
2013-01-23 21:15:30 ----A---- C:\Windows\zip.exe
2013-01-23 21:15:30 ----A---- C:\Windows\SWSC.exe
2013-01-23 21:15:30 ----A---- C:\Windows\SWREG.exe
2013-01-23 21:15:30 ----A---- C:\Windows\sed.exe
2013-01-23 21:15:30 ----A---- C:\Windows\PEV.exe
2013-01-23 21:15:30 ----A---- C:\Windows\NIRCMD.exe
2013-01-23 21:15:30 ----A---- C:\Windows\MBR.exe
2013-01-23 21:15:30 ----A---- C:\Windows\grep.exe
2013-01-23 21:15:26 ----D---- C:\ComboFix
2013-01-23 21:14:48 ----D---- C:\Qoobox
2013-01-23 21:14:33 ----D---- C:\Windows\erdnt
2013-01-23 17:28:40 ----RD---- C:\Program Files (x86)\Skype
2013-01-23 17:23:35 ----A---- C:\Windows\ntbtlog.txt
2013-01-23 17:13:48 ----D---- C:\ProgramData\ESET
2013-01-23 17:13:48 ----D---- C:\Program Files\ESET
2013-01-23 16:53:28 ----A---- C:\Windows\system32\drivers\stflt.sys
2013-01-23 16:53:27 ----D---- C:\Users\1\AppData\Roaming\Spyware Terminator
2013-01-23 16:53:27 ----D---- C:\ProgramData\Spyware Terminator
2013-01-23 16:53:21 ----D---- C:\Program Files (x86)\Spyware Terminator
2013-01-21 21:17:28 ----D---- C:\Users\1\AppData\Roaming\Spy Emergency
2013-01-21 21:17:26 ----A---- C:\Windows\system32\drivers\spyemrg_guard.sys
2013-01-21 21:17:26 ----A---- C:\Windows\system32\drivers\spyemrg_access.sys
2013-01-21 21:17:26 ----A---- C:\Windows\system32\drivers\spyemrg.sys
2013-01-21 21:17:24 ----D---- C:\ProgramData\NETGATE
2013-01-21 21:17:13 ----D---- C:\Program Files\NETGATE
2013-01-21 21:10:21 ----AH---- C:\Users\1\AppData\Roaming\winsvcns.sys
2013-01-21 18:04:33 ----D---- C:\Program Files (x86)\Artisteer 4 (2)
2013-01-20 20:46:48 ----D---- C:\Users\1\AppData\Roaming\Babylon
2013-01-20 20:46:48 ----D---- C:\ProgramData\Babylon
2013-01-20 20:46:40 ----D---- C:\Users\1\AppData\Roaming\GoforFiles
2013-01-20 20:46:40 ----D---- C:\Program Files (x86)\GoforFiles
2013-01-09 12:50:35 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-01-09 12:50:35 ----A---- C:\Windows\system32\win32spl.dll
2013-01-09 12:50:17 ----A---- C:\Windows\system32\msxml6.dll
2013-01-09 12:50:16 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2013-01-09 12:50:16 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2013-01-09 12:50:16 ----A---- C:\Windows\system32\msxml3.dll
2013-01-09 12:50:14 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-01-09 12:50:14 ----A---- C:\Windows\system32\ncrypt.dll
2013-01-09 12:50:12 ----A---- C:\Windows\SYSWOW64\usp10.dll
2013-01-09 12:50:12 ----A---- C:\Windows\system32\usp10.dll
2013-01-09 12:50:06 ----A---- C:\Windows\system32\Wpc.dll
2013-01-09 12:50:05 ----A---- C:\Windows\SYSWOW64\Wpc.dll
2013-01-09 12:50:05 ----A---- C:\Windows\SYSWOW64\gameux.dll
2013-01-09 12:50:05 ----A---- C:\Windows\system32\gameux.dll
2013-01-09 12:49:56 ----A---- C:\Windows\system32\KernelBase.dll
2013-01-09 12:49:55 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 12:49:54 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 12:49:54 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-01-09 12:49:54 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-01-09 12:49:54 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2013-01-09 12:49:54 ----A---- C:\Windows\system32\wow64win.dll
2013-01-09 12:49:54 ----A---- C:\Windows\system32\wow64cpu.dll
2013-01-09 12:49:54 ----A---- C:\Windows\system32\wow64.dll
2013-01-09 12:49:54 ----A---- C:\Windows\system32\winsrv.dll
2013-01-09 12:49:54 ----A---- C:\Windows\system32\ntvdm64.dll
2013-01-09 12:49:54 ----A---- C:\Windows\system32\kernel32.dll
2013-01-09 12:49:54 ----A---- C:\Windows\system32\conhost.exe
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 12:49:53 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 12:49:53 ----A---- C:\Windows\SYSWOW64\user.exe
2013-01-09 12:49:53 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-01-09 12:49:53 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-01-09 12:49:44 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2013-01-23 21:48:41 ----D---- C:\Windows\Temp
2013-01-23 21:48:38 ----RD---- C:\Program Files
2013-01-23 21:37:07 ----D---- C:\Windows\Tasks
2013-01-23 21:36:09 ----D---- C:\Windows
2013-01-23 21:36:09 ----A---- C:\Windows\system.ini
2013-01-23 21:36:04 ----D---- C:\Windows\system32\drivers\etc
2013-01-23 21:35:22 ----D---- C:\Windows\SysWOW64
2013-01-23 21:26:25 ----D---- C:\Windows\SYSWOW64\drivers
2013-01-23 21:26:25 ----D---- C:\Windows\AppPatch
2013-01-23 21:26:24 ----D---- C:\Program Files (x86)\Common Files
2013-01-23 21:14:48 ----D---- C:\Windows\system32\drivers
2013-01-23 21:04:45 ----D---- C:\Windows\System32
2013-01-23 21:04:45 ----D---- C:\Windows\inf
2013-01-23 21:04:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-23 21:02:22 ----D---- C:\Users\1\AppData\Roaming\Skype
2013-01-23 21:01:46 ----D---- C:\Windows\system32\Tasks
2013-01-23 17:52:26 ----SD---- C:\ProgramData\Microsoft
2013-01-23 17:40:01 ----D---- C:\Windows\system32\config
2013-01-23 17:28:52 ----SHD---- C:\Windows\Installer
2013-01-23 17:28:52 ----D---- C:\ProgramData\Skype
2013-01-23 17:28:40 ----RD---- C:\Program Files (x86)
2013-01-23 17:23:33 ----D---- C:\Program Files (x86)\AskTBar
2013-01-23 17:15:38 ----D---- C:\Windows\system32\DriverStore
2013-01-23 17:15:38 ----D---- C:\Windows\system32\catroot
2013-01-23 17:13:48 ----D---- C:\ProgramData
2013-01-23 17:11:48 ----SHD---- C:\System Volume Information
2013-01-23 16:53:21 ----D---- C:\Windows\Prefetch
2013-01-21 21:19:05 ----SD---- C:\Users\1\AppData\Roaming\Microsoft
2013-01-20 20:18:13 ----D---- C:\Users\1\AppData\Roaming\Artisteer
2013-01-10 08:17:40 ----D---- C:\Windows\rescache
2013-01-10 07:56:42 ----D---- C:\Windows\Microsoft.NET
2013-01-10 07:56:20 ----RSD---- C:\Windows\assembly
2013-01-10 07:40:35 ----D---- C:\Windows\winsxs
2013-01-10 07:38:31 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-01-10 07:38:31 ----D---- C:\Windows\system32\cs-CZ
2013-01-10 03:02:00 ----D---- C:\ProgramData\Microsoft Help
2013-01-09 12:49:37 ----D---- C:\Windows\system32\catroot2
2013-01-08 20:20:25 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-01-07 15:38:30 ----D---- C:\Windows\LiveKernelReports

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-08 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 31400]
R1 SpyEmrg;Spy Emergency Driver; C:\Windows\System32\Drivers\spyemrg.sys [2011-04-21 17240]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 138744]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2013-01-23 51496]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]
R3 azvusb;Virtual USB Hub; C:\Windows\system32\DRIVERS\azvusb.sys [2009-08-24 54784]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-12 3053160]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2012-09-18 78648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys [2012-09-18 15160]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2012-09-18 75064]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2012-09-18 61240]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 mod7700;DiBcom DIB7700 based TV tuner device; C:\Windows\system32\DRIVERS\mod7700.sys [2010-11-19 1077840]
R3 MODRC;PCTV Dib Infrared Receiver; C:\Windows\system32\DRIVERS\modrc.sys [2010-11-19 24272]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2011-07-06 367976]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; C:\Windows\System32\Drivers\spyemrg_guard.sys [2011-04-21 18776]
S2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys []
S3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver; C:\Windows\System32\Drivers\spyemrg_access.sys [2011-04-21 24408]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-12-06 235520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-11-26 1329304]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-27 624856]
R2 SpyEmrgSrv;Spy Emergency Engine Service; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2012-07-19 4111200]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-09-07 1148664]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-03 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-08 251400]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-03 136176]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2012-10-01 359224]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-08 1255736]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 23 led 2013 22:09

Zdravim a pekny vecer preji

Proc myslite ze clanek v pravidlech fora se jmenuje "Pravidla a skutečnosti - čtěte před položením dotazu" http://forum.viry.cz/viewtopic.php?f=12&t=5601

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je. Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám mi poradil kamarád\nějaký rádoby odborný web. Naše fórum je jediné z CZ-SK antivirových fór, která mají právo luštit logy z ComboFixu a mámě též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Webmann · #3 Příspěvek od **Webmann** » 23 led 2013 22:17

Dobrý den a děkuji za ochotu a za super forum.

Omlouvám se, toto jsem asi pohnojil, našel jsem si forum http://forum.viry.cz/viewtopic.php?f=13&t=96380 a vypadalo to jako muj problém, proto jsem postupoval podle jeho obsahu, což asi nebylo to pravé. V tuto chvíli tedy můžu něco udělat?

#4 Příspěvek od **vyosek** » 23 led 2013 22:18

Tema stare 2 roky, opravdu neni to prave orechove

Dejte mi sem log z CF, je zde c:\combofix.txt

Webmann · #5 Příspěvek od **Webmann** » 23 led 2013 22:20

ComboFix 13-01-23.01 - 1 23.01.2013 21:17:19.1.4 - x64
Microsoft Windows 7 Ultimate N 6.1.7600.0.1250.420.1029.18.4094.2144 [GMT 1:00]
Spuštěný z: c:\users\1\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\1\75439967573920484
c:\users\1\75439967573920484\winsvr.exe
c:\users\1\76968780866536342
c:\users\1\76968780866536342\winsvc.exe
c:\users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F0230BB-E11C-464F-8BDB-AD6BB94DE209}.xps
c:\users\1\AppData\Roaming\f4f4f4f4f.txt
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\SETD961.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-23 do 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 20:35 . 2013-01-23 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-23 19:56 . 2013-01-23 19:56 -------- d-----w- c:\users\1\AppData\Local\ESET
2013-01-23 16:30 . 2013-01-23 20:02 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5D1C256-C772-437D-B73C-71A6A1052F01}\offreg.dll
2013-01-23 16:28 . 2013-01-23 16:28 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-23 16:28 . 2013-01-23 16:28 -------- d-----r- c:\program files (x86)\Skype
2013-01-23 16:13 . 2013-01-23 16:13 -------- d-----w- c:\program files\ESET
2013-01-23 15:53 . 2013-01-23 15:53 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-01-23 15:53 . 2013-01-23 16:04 -------- d-----w- c:\programdata\Spyware Terminator
2013-01-23 15:53 . 2013-01-23 15:53 -------- d-----w- c:\users\1\AppData\Roaming\Spyware Terminator
2013-01-23 15:53 . 2013-01-23 15:53 -------- d-----w- c:\program files (x86)\Spyware Terminator
2013-01-22 07:32 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5D1C256-C772-437D-B73C-71A6A1052F01}\mpengine.dll
2013-01-21 20:17 . 2013-01-23 16:26 -------- d-----w- c:\users\1\AppData\Roaming\Spy Emergency
2013-01-21 20:17 . 2011-04-21 09:31 24408 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2013-01-21 20:17 . 2011-04-21 09:31 18776 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2013-01-21 20:17 . 2011-04-21 09:31 17240 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2013-01-21 20:17 . 2013-01-21 20:17 -------- d-----w- c:\programdata\NETGATE
2013-01-21 20:17 . 2013-01-21 20:17 -------- d-----w- c:\program files\NETGATE
2013-01-21 20:10 . 2013-01-23 11:30 0 ---ha-w- c:\users\1\AppData\Roaming\winsvcns.sys
2013-01-21 17:04 . 2013-01-21 17:04 -------- d-----w- c:\program files (x86)\Artisteer 4 (2)
2013-01-20 19:46 . 2013-01-20 19:46 -------- d-----w- c:\users\1\AppData\Roaming\Babylon
2013-01-20 19:46 . 2013-01-20 19:46 -------- d-----w- c:\programdata\Babylon
2013-01-20 19:46 . 2013-01-20 19:46 -------- d-----w- c:\users\1\AppData\Roaming\GoforFiles
2013-01-20 19:46 . 2013-01-20 19:46 -------- d-----w- c:\program files (x86)\GoforFiles
2013-01-09 11:49 . 2012-11-30 05:43 424960 ----a-w- c:\windows\system32\KernelBase.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 19:20 . 2012-11-21 16:46 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 19:20 . 2012-03-07 20:12 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 16:52 . 2012-12-22 02:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-22 02:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-22 02:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-22 02:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:56 . 2013-01-09 11:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-29 18:49 . 2012-11-29 18:49 53248 ----a-r- c:\users\1\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-11-29 18:49 . 2012-11-29 18:46 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-11-09 05:34 . 2012-12-13 02:50 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:49 . 2012-12-13 02:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:27 . 2012-12-13 02:49 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 04:48 . 2012-12-13 02:49 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrmServer.exe"="c:\program files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe" [2010-12-21 746768]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Facebook Update"="c:\users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"RemoTerm.exe"="c:\program files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-06-10 226576]
"SpyEmergency"="c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe" [2013-01-11 3466040]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
.
c:\users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\1\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Vyhledat aktualizace.lnk - c:\program files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [2009-4-17 238864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\Drivers\spyemrg_access.sys [2011-04-21 24408]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-08 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-08 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [2011-04-21 17240]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 235520]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-11-26 1329304]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 138744]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-27 624856]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2013-01-23 51496]
S2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2012-07-19 4111200]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-09-07 1148664]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 54784]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2012-09-18 78648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2012-09-18 15160]
S3 MODRC;PCTV Dib Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2010-11-19 24272]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys [2011-04-21 18776]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-23 19:15 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 19:20]
.
2013-01-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-502028391-178142309-3488692791-1001Core.job
- c:\users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 23:16]
.
2013-01-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-502028391-178142309-3488692791-1001UA.job
- c:\users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 23:16]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-03 20:55]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-03 20:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-07 2777296]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-09-07 3673808]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 6325936]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.babylon.com/?affID=116632&tt=0313_1&babsrc=HP_ss&mntrId=44d9d13600000000000000241ddb58c5
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
Wow6432Node-HKLM-Run-Advanced System Protector - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-502028391-178142309-3488692791-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-502028391-178142309-3488692791-1001)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-502028391-178142309-3488692791-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-502028391-178142309-3488692791-1001)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-01-23 21:38:09
ComboFix-quarantined-files.txt 2013-01-23 20:38
.
Před spuštěním: Volných bajtů: 199 527 968 768
Po spuštění: Volných bajtů: 210 900 365 312
.
- - End Of File - - 4E1AE8F76F819FF5563D22C18ECFEB2B

#6 Příspěvek od **vyosek** » 23 led 2013 22:21

Odinstalujte Spy Emergency a tez Spyware Terminator - prvni je kram a druhy uz neni co byval

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Search
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Webmann · #7 Příspěvek od **Webmann** » 23 led 2013 22:29

# AdwCleaner v2.107 - Logfile created 01/23/2013 at 22:28:54
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Ultimate N (64 bits)
# User : 1 - PC_ONDRA
# Boot Mode : Normal
# Running from : C:\Users\1\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\AskTBar
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\1\AppData\Roaming\Babylon

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKU\S-1-5-21-502028391-178142309-3488692791-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.babylon.com/?affID=116632&tt=0313_1&babsrc=HP_ss&mntrId=44d9d13600000000000000241ddb58c5
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.babylon.com/?affID=116632&tt=0313_1&babsrc=NT_ss&mntrId=44d9d13600000000000000241ddb58c5

-\\ Google Chrome v24.0.1312.56

File : C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.171] : homepage = "hxxp://isearch.babylon.com/?affID=116632&tt=0313_1&babsrc=HP_ss&mntrId=44d9d13600000000000000241ddb58c5",
Found [l.286] : urls_to_restore_on_startup ="session": {"restore_on_startup": 4, [ "hxxp://isearch.babylon.com/?affID=116632&tt=0313_1&babsrc=HP_ss&mntrId=44d9d13600000000000000241ddb58c5" ]}

-\\ Opera v12.12.1707.0

File : C:\Users\1\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2422 octets] - [23/01/2013 22:28:54]

########## EOF - C:\AdwCleaner[R1].txt - [2482 octets] ##########

#8 Příspěvek od **vyosek** » 23 led 2013 22:30

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Delete
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Webmann · #9 Příspěvek od **Webmann** » 23 led 2013 22:34

# AdwCleaner v2.107 - Logfile created 01/23/2013 at 22:31:33
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Ultimate N (64 bits)
# User : 1 - PC_ONDRA
# Boot Mode : Normal
# Running from : C:\Users\1\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\AskTBar
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\1\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.babylon.com/?affID=116632&tt=0313_1&babsrc=HP_ss&mntrId=44d9d13600000000000000241ddb58c5 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.babylon.com/?affID=116632&tt=0313_1&babsrc=NT_ss&mntrId=44d9d13600000000000000241ddb58c5 --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.56

File : C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.171] : homepage = "hxxp://isearch.babylon.com/?affID=116632&tt=0313_1&babsrc=HP_ss&mntrId=44d9d13600000[...]
Deleted [l.286] : urls_to_restore_on_startup ="session": {"restore_on_startup": 4, [ "hxxp://isearch.babylon.com/[...]

-\\ Opera v12.12.1707.0

File : C:\Users\1\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2549 octets] - [23/01/2013 22:28:54]
AdwCleaner[S1].txt - [2348 octets] - [23/01/2013 22:31:33]

########## EOF - C:\AdwCleaner[S1].txt - [2408 octets] ##########

#10 Příspěvek od **vyosek** » 23 led 2013 22:55

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

File::
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-502028391-178142309-3488692791-1001Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-502028391-178142309-3488692791-1001UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-
"SpywareTerminatorShield"=-
"SpywareTerminatorUpdater"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Facebook Update"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"SpyEmergency"=-
"Skype"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=-
"Adobe ARM"=-
"SwitchBoard"=-
"AdobeCS5ServiceManager"=-
"CloneCDTray"=-

Driver::
PanService

Folder::
C:\Program Files (x86)\PANDORA.TV

RegLock::
[HKEY_USERS\S-1-5-21-502028391-178142309-3488692791-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Webmann · #11 Příspěvek od **Webmann** » 23 led 2013 23:26

hotovo

log:
ComboFix 13-01-23.01 - 1 23.01.2013 23:01:45.2.4 - x64
Microsoft Windows 7 Ultimate N 6.1.7600.0.1250.420.1029.18.4094.2442 [GMT 1:00]
Spuštěný z: c:\users\1\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\1\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-502028391-178142309-3488692791-1001Core.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-502028391-178142309-3488692791-1001UA.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\PANDORA.TV
c:\program files (x86)\PANDORA.TV\PanService\avcodec-53.dll
c:\program files (x86)\PANDORA.TV\PanService\avformat-53.dll
c:\program files (x86)\PANDORA.TV\PanService\avutil-51.dll
c:\program files (x86)\PANDORA.TV\PanService\crossdomain.xml
c:\program files (x86)\PANDORA.TV\PanService\killp.exe
c:\program files (x86)\PANDORA.TV\PanService\libupnp.dll
c:\program files (x86)\PANDORA.TV\PanService\msvcp100.dll
c:\program files (x86)\PANDORA.TV\PanService\msvcr100.dll
c:\program files (x86)\PANDORA.TV\PanService\noname.gif
c:\program files (x86)\PANDORA.TV\PanService\PanConf.ini
c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe
c:\program files (x86)\PANDORA.TV\PanService\PanElevateExecutor.exe
c:\program files (x86)\PANDORA.TV\PanService\PanServiceStarter.exe
c:\program files (x86)\PANDORA.TV\PanService\PanStreamer.dll
c:\program files (x86)\PANDORA.TV\PanService\Proxy.dll
c:\program files (x86)\PANDORA.TV\PanService\pthreadVC2.dll
c:\program files (x86)\PANDORA.TV\PanService\unins000.dat
c:\program files (x86)\PANDORA.TV\PanService\unins000.exe
c:\program files (x86)\PANDORA.TV\PanService\UnistAX.exe
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-502028391-178142309-3488692791-1001Core.job
c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-502028391-178142309-3488692791-1001UA.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PanService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-23 do 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 22:18 . 2013-01-23 22:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-23 19:56 . 2013-01-23 19:56 -------- d-----w- c:\users\1\AppData\Local\ESET
2013-01-23 16:28 . 2013-01-23 16:28 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-23 16:28 . 2013-01-23 16:28 -------- d-----r- c:\program files (x86)\Skype
2013-01-23 16:13 . 2013-01-23 16:13 -------- d-----w- c:\program files\ESET
2013-01-23 15:53 . 2013-01-23 15:53 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-01-22 07:32 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5D1C256-C772-437D-B73C-71A6A1052F01}\mpengine.dll
2013-01-21 20:10 . 2013-01-23 11:30 0 ---ha-w- c:\users\1\AppData\Roaming\winsvcns.sys
2013-01-21 17:04 . 2013-01-21 17:04 -------- d-----w- c:\program files (x86)\Artisteer 4 (2)
2013-01-20 19:46 . 2013-01-20 19:46 -------- d-----w- c:\users\1\AppData\Roaming\GoforFiles
2013-01-20 19:46 . 2013-01-20 19:46 -------- d-----w- c:\program files (x86)\GoforFiles
2013-01-09 11:49 . 2012-11-30 05:43 424960 ----a-w- c:\windows\system32\KernelBase.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 19:20 . 2012-11-21 16:46 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 19:20 . 2012-03-07 20:12 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 16:52 . 2012-12-22 02:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-22 02:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-22 02:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-22 02:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:56 . 2013-01-09 11:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-29 18:49 . 2012-11-29 18:49 53248 ----a-r- c:\users\1\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-11-29 18:49 . 2012-11-29 18:46 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-11-09 05:34 . 2012-12-13 02:50 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:49 . 2012-12-13 02:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:27 . 2012-12-13 02:49 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 04:48 . 2012-12-13 02:49 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrmServer.exe"="c:\program files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe" [2010-12-21 746768]
"RemoTerm.exe"="c:\program files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-06-10 226576]
.
c:\users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\1\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Vyhledat aktualizace.lnk - c:\program files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [2009-4-17 238864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-08 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-08 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 235520]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-11-26 1329304]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 138744]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 54784]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2012-09-18 78648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2012-09-18 15160]
S3 MODRC;PCTV Dib Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2010-11-19 24272]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-23 19:15 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 6325936]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-4F6D5E84-5826-4394-9F40-3A9A19165651_is1 - c:\program files (x86)\PANDORA.TV\PanService\unins000.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\GoforFiles\GFFUpdater.exe
c:\program files (x86)\Advanced System Protector\advancedsystemprotector.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2013-01-23 23:25:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-23 22:25
ComboFix2.txt 2013-01-23 20:38
.
Před spuštěním: Volných bajtů: 211 684 569 088
Po spuštění: Volných bajtů: 210 919 186 432
.
- - End Of File - - BD94A5728E11843024BA56CDAD50ED2B

#12 Příspěvek od **vyosek** » 23 led 2013 23:29

Fajn, jak se chova PC

Webmann · #13 Příspěvek od **Webmann** » 23 led 2013 23:32

vypadá to dobře, projedu to Nodem, ale už konečně přestanu rozesílat nakažené URL.
Jinak kombofix při kroku 3 a 48 hodil okno že přestal pracovat

#14 Příspěvek od **vyosek** » 23 led 2013 23:40

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Webmann · #15 Příspěvek od **Webmann** » 23 led 2013 23:49

Paráda, moc diky, fakt super forum a moderátoři. Ještě bych měl takový dotázek, jaký je podle Vás v současnostiu nejlepší antivir, do kterého se vyplatí investovat?

Jinak ještě jednou diky.

VIRY.CZ

WIN32

WIN32

Re: WIN32

Re: WIN32

Re: WIN32

Re: WIN32

Re: WIN32

Re: WIN32

Re: WIN32

Re: WIN32

Re: WIN32

Re: WIN32

Re: WIN32

Re: WIN32

Re: WIN32

Re: WIN32