prosim o kontrolu

Zpráva

shela · #1 Příspěvek od **shela** » 27 srp 2010 10:42

moc dekuji

Logfile of random's system information tool 1.08 (written by random/random)
Run by shelapc at 2010-08-27 11:38:54
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 101 GB (33%) free of 305 GB
Total RAM: 3070 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:39:00, on 27.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Users\shelapc\Downloads\RSIT.exe
C:\Program Files\trend micro\shelapc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\shelapc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "D:\utorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: IOCOBQSUX - Unknown owner - C:\Users\shela\AppData\Local\Temp\IOCOBQSUX.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5920 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-158432053-33250685-416099384-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-158432053-33250685-416099384-1002UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-26 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-01-19 8452640]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-07-06 98304]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"Steam"=c:\program files\steam\steam.exe [2010-08-24 1242448]
"Google Update"=C:\Users\shelapc\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-25 136176]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"uTorrent"=D:\utorrent.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Users\shelapc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Impulse Now.lnk - C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-27 11:31:52 ----D---- C:\rsit
2010-08-26 17:27:13 ----AD---- C:\Windows\VDLL.DLL
2010-08-26 17:27:13 ----AD---- C:\Windows\system32\runouce.exe
2010-08-26 17:27:13 ----AD---- C:\Windows\rundll16.exe
2010-08-26 17:27:13 ----AD---- C:\Windows\RUNDL132.EXE
2010-08-26 17:27:13 ----AD---- C:\Windows\logo1_.exe
2010-08-26 17:27:13 ----AD---- C:\Windows\logo_1.exe
2010-08-26 17:22:59 ----A---- C:\Windows\system32\msvcr80.dll
2010-08-26 17:22:58 ----A---- C:\Windows\system32\msvcp80.dll
2010-08-26 17:22:57 ----A---- C:\Windows\system32\eEmpty.exe
2010-08-26 17:22:53 ----D---- C:\Program Files\Common Files\MicroWorld
2010-08-26 17:22:50 ----D---- C:\ProgramData\MicroWorld
2010-08-26 16:27:15 ----D---- C:\Program Files\Microsoft.NET
2010-08-26 15:09:41 ----D---- C:\ProgramData\ESET
2010-08-26 15:09:41 ----D---- C:\Program Files\ESET
2010-08-26 14:59:22 ----SHD---- C:\Config.Msi
2010-08-26 14:53:38 ----D---- C:\ProgramData\Sun
2010-08-26 14:53:36 ----D---- C:\Program Files\Common Files\Java
2010-08-26 14:52:57 ----A---- C:\Windows\system32\deployJava1.dll
2010-08-26 14:52:56 ----A---- C:\Windows\system32\javaws.exe
2010-08-26 14:52:56 ----A---- C:\Windows\system32\javaw.exe
2010-08-26 14:52:56 ----A---- C:\Windows\system32\java.exe
2010-08-26 14:52:17 ----D---- C:\Program Files\Java
2010-08-26 14:33:00 ----D---- C:\Program Files\CCleaner
2010-08-26 14:32:49 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-08-26 14:32:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-24 20:30:41 ----D---- C:\ProgramData\Blizzard Entertainment
2010-08-24 20:30:41 ----D---- C:\Program Files\StarCraft II
2010-08-15 21:18:15 ----D---- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2010-08-15 21:01:42 ----D---- C:\Program Files\Dragon Age
2010-08-12 22:32:28 ----A---- C:\Windows\system32\iertutil.dll
2010-08-12 22:32:27 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 22:32:26 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 22:32:26 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\occache.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\mstime.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-12 22:32:25 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-12 22:32:25 ----A---- C:\Windows\system32\ieui.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\iesetup.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\iernonce.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-12 22:32:23 ----A---- C:\Windows\system32\iccvid.dll
2010-08-12 22:32:22 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 22:32:17 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 22:32:12 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 22:32:02 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-12 22:32:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 22:31:57 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 22:31:55 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 22:31:55 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 22:31:54 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-11 20:29:25 ----D---- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-08-11 20:29:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-08-11 20:09:46 ----D---- C:\Program Files\Mass Effect 2
2010-08-11 14:33:05 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-11 14:32:40 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-08-11 14:32:40 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-08-11 14:32:40 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-08-11 14:32:40 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-08-11 14:32:40 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-08-11 14:32:40 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-08-11 14:32:40 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-08-11 14:32:40 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-08-07 16:36:34 ----D---- C:\ProgramData\ATI
2010-08-06 18:10:20 ----A---- C:\Windows\system32\shell32.dll
2010-07-29 13:31:26 ----A---- C:\Windows\system32\drivers\epfwwfpr.sys
2010-07-29 13:31:26 ----A---- C:\Windows\system32\drivers\ehdrv.sys
2010-07-29 13:31:26 ----A---- C:\Windows\system32\drivers\eamonm.sys

======List of files/folders modified in the last 1 months======

2010-08-27 11:38:57 ----D---- C:\Windows\Temp
2010-08-27 11:38:55 ----D---- C:\Program Files\trend micro
2010-08-27 11:31:59 ----D---- C:\Windows\Prefetch
2010-08-27 11:25:30 ----D---- C:\Windows\System32
2010-08-27 11:25:30 ----D---- C:\Windows\inf
2010-08-27 11:25:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-27 11:20:38 ----D---- C:\Program Files\Steam
2010-08-26 20:28:38 ----D---- C:\Windows
2010-08-26 20:27:36 ----D---- C:\Windows\system32\drivers
2010-08-26 20:27:35 ----D---- C:\Program Files\Pando Networks
2010-08-26 17:50:50 ----RSD---- C:\Windows\assembly
2010-08-26 17:50:50 ----D---- C:\Windows\Microsoft.NET
2010-08-26 17:23:55 ----SHD---- C:\System Volume Information
2010-08-26 17:22:53 ----D---- C:\Program Files\Common Files
2010-08-26 17:22:50 ----HD---- C:\ProgramData
2010-08-26 16:31:15 ----SHD---- C:\Windows\Installer
2010-08-26 16:30:38 ----D---- C:\Windows\system32\cs-CZ
2010-08-26 16:27:16 ----D---- C:\Windows\system32\en-US
2010-08-26 16:27:15 ----RD---- C:\Program Files
2010-08-26 15:10:13 ----D---- C:\Windows\system32\catroot
2010-08-26 14:43:06 ----D---- C:\Windows\system32\drivers\etc
2010-08-26 14:41:24 ----A---- C:\Windows\system32\pbsvc.exe
2010-08-26 14:35:47 ----D---- C:\Users\shelapc\AppData\Roaming\Media Player Classic
2010-08-26 14:35:33 ----D---- C:\Windows\Debug
2010-08-26 12:31:43 ----D---- C:\Program Files\Common Files\Steam
2010-08-25 00:55:29 ----D---- C:\Program Files\Opera
2010-08-24 20:49:53 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-08-16 19:43:48 ----D---- C:\Windows\system32\catroot2
2010-08-15 22:04:36 ----D---- C:\ProgramData\BioWare
2010-08-15 21:18:07 ----D---- C:\ProgramData\Media Center Programs
2010-08-15 21:18:06 ----D---- C:\Program Files\Common Files\BioWare
2010-08-13 23:05:10 ----D---- C:\Program Files\JDownloader
2010-08-13 15:24:27 ----D---- C:\Windows\winsxs
2010-08-13 15:11:33 ----D---- C:\Windows\system32\migration
2010-08-13 15:11:33 ----D---- C:\Program Files\Internet Explorer
2010-08-13 15:11:31 ----D---- C:\Program Files\Movie Maker
2010-08-13 03:00:07 ----D---- C:\Program Files\Windows Mail
2010-08-07 16:34:11 ----D---- C:\Program Files\ATI
2010-08-07 16:33:51 ----D---- C:\Program Files\ATI Technologies
2010-08-07 16:11:19 ----D---- C:\Windows\system32\Tasks
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R2 cpuz133;cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x32.sys [2010-03-30 20968]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 105488]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-01-19 2991328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 195072]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\Windows\system32\ADFB.tmp []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 rkhdrv40;Rootkit Unhooker Driver; C:\Windows\system32\drivers\rkhdrv40.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-07-07 176128]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-08-25 407336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 IOCOBQSUX;IOCOBQSUX; C:\Users\shela\AppData\Local\Temp\IOCOBQSUX.exe []
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 27 srp 2010 15:21

Zdravim, pekne odpoledne preji a vitam Vas u nas na foru Obrázek

Tohle nebude jen preventivka, mate toho tam pozehnane

Neodpustim si oblibenou otazku: to jste si tam zapraskala sama nebo Vam nekdo pomahal

Doporucuji odinstalovat Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

Nahrady za Spybota:
- Spyware Terminator - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=44730
- SuperAntiSpyare - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=51359
Samozrejme pouzivejte jen jeden z nich
Osoben doporucuji SuperAntiSpyware
Zatim jen odinstalujte Spybota, nahradu tam dame az po ukonceni leceni

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte

shela · #3 Příspěvek od **shela** » 27 srp 2010 16:52

Děkuji za pomoc zasvineni počítače je asi mé dílo, jak se říká komu není shůry dáno v apatyce nekoupí
zde je log z combofix

ComboFix 10-08-26.04 - shelapc 27.08.2010 17:44:04.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1952 [GMT 2:00]
Spuštěný z: c:\users\shelapc\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-27 do 2010-08-27 )))))))))))))))))))))))))))))))
.

2010-08-27 15:46 . 2010-08-27 15:47 -------- d-----w- c:\users\shelapc\AppData\Local\temp
2010-08-27 15:46 . 2010-08-27 15:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-27 15:46 . 2010-08-27 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-27 09:31 . 2010-08-27 09:32 -------- d-----w- C:\rsit
2010-08-26 15:27 . 2010-08-26 15:27 -------- d---a-w- c:\windows\VDLL.DLL
2010-08-26 15:27 . 2010-08-26 15:27 -------- d---a-w- c:\windows\system32\runouce.exe
2010-08-26 15:27 . 2010-08-26 15:27 -------- d---a-w- c:\windows\rundll16.exe
2010-08-26 15:27 . 2010-08-26 15:27 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-08-26 15:27 . 2010-08-26 15:27 -------- d---a-w- c:\windows\logo1_.exe
2010-08-26 15:27 . 2010-08-26 15:27 -------- d---a-w- c:\windows\logo_1.exe
2010-08-26 15:22 . 2010-08-26 15:22 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-08-26 15:22 . 2010-08-26 15:22 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-08-26 15:22 . 2010-08-26 15:22 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-08-26 15:22 . 2010-08-26 15:22 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-08-26 15:22 . 2010-08-26 15:22 -------- d-----w- c:\programdata\MicroWorld
2010-08-26 14:27 . 2010-08-26 14:27 -------- d-----w- c:\program files\Microsoft.NET
2010-08-26 13:09 . 2010-08-26 16:51 -------- d-----w- c:\program files\ESET
2010-08-26 12:53 . 2010-08-26 12:53 -------- d-----w- c:\program files\Common Files\Java
2010-08-26 12:52 . 2010-08-26 12:52 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 12:52 . 2010-08-26 12:52 -------- d-----w- c:\program files\Java
2010-08-26 12:33 . 2010-08-26 12:33 -------- d-----w- c:\program files\CCleaner
2010-08-26 12:32 . 2010-08-27 14:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-26 12:32 . 2010-08-27 14:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-26 10:54 . 2010-08-26 10:54 -------- d-----w- c:\users\shelapc\AppData\Local\WinZip
2010-08-24 22:55 . 2010-08-24 22:55 7383104 ----a-w- c:\users\shelapc\AppData\Roaming\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build10.exe
2010-08-24 21:49 . 2010-08-24 21:49 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-24 18:30 . 2010-08-24 22:54 -------- d-----w- c:\program files\StarCraft II
2010-08-24 18:30 . 2010-08-24 21:49 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-08-15 19:18 . 2010-08-15 19:18 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2010-08-15 19:01 . 2010-08-15 19:38 -------- d-----w- c:\program files\Dragon Age
2010-08-12 20:31 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 20:31 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 20:31 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 20:31 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 18:29 . 2010-08-11 18:29 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-08-11 18:29 . 2010-08-15 19:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-11 18:09 . 2010-08-17 19:16 -------- d-----w- c:\program files\Mass Effect 2
2010-08-11 12:33 . 2010-08-11 12:33 -------- d-----w- c:\users\shelapc\AppData\Local\2K Games
2010-08-11 12:33 . 2010-08-11 12:33 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-11 12:32 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-11 12:32 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-11 12:32 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-11 12:32 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-11 12:32 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-11 12:32 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-11 12:32 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-11 12:32 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-07 14:36 . 2010-08-07 14:36 -------- d-----w- c:\programdata\ATI
2010-07-29 11:31 . 2010-07-29 11:31 96920 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-07-29 11:31 . 2010-07-29 11:31 136632 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-07-29 11:31 . 2010-07-29 11:31 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 15:04 . 2007-01-08 21:09 607232 ----a-w- c:\windows\system32\perfh005.dat
2010-08-27 15:04 . 2007-01-08 21:09 117912 ----a-w- c:\windows\system32\perfc005.dat
2010-08-27 15:00 . 2010-04-25 22:13 -------- d-----w- c:\program files\Steam
2010-08-27 09:38 . 2010-04-18 16:03 -------- d-----w- c:\program files\trend micro
2010-08-26 18:27 . 2010-07-07 12:59 -------- d-----w- c:\program files\Pando Networks
2010-08-26 12:41 . 2010-04-28 19:34 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-26 12:35 . 2010-04-18 17:05 -------- d-----w- c:\users\shelapc\AppData\Roaming\Media Player Classic
2010-08-26 10:31 . 2010-04-25 22:13 -------- d-----w- c:\program files\Common Files\Steam
2010-08-24 22:55 . 2010-04-18 13:08 -------- d-----w- c:\program files\Opera
2010-08-24 18:49 . 2010-05-29 01:56 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-15 20:04 . 2010-04-23 11:37 -------- d-----w- c:\programdata\BioWare
2010-08-15 19:18 . 2010-04-23 11:35 -------- d-----w- c:\programdata\Media Center Programs
2010-08-15 19:18 . 2010-04-23 11:21 -------- d-----w- c:\program files\Common Files\BioWare
2010-08-13 21:05 . 2010-04-26 16:06 -------- d-----w- c:\program files\JDownloader
2010-08-13 01:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-07 14:34 . 2010-04-18 15:11 -------- d-----w- c:\program files\ATI
2010-08-07 14:33 . 2010-05-15 13:06 -------- d-----w- c:\program files\ATI Technologies
2010-07-18 11:17 . 2010-07-18 11:17 -------- d-----w- c:\users\shelapc\AppData\Roaming\Zoner
2010-07-18 11:17 . 2010-07-18 11:17 -------- d-----w- c:\program files\Zoner
2010-07-13 18:15 . 2010-06-11 16:17 -------- d-----w- c:\program files\SpeedFan
2010-07-07 02:29 . 2010-07-07 02:29 5882368 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-07-07 01:55 . 2010-07-07 01:55 15461888 ----a-w- c:\windows\system32\atioglxx.dll
2010-07-07 01:54 . 2010-07-07 01:54 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:54 . 2010-07-07 01:54 513024 ----a-w- c:\windows\system32\aticfx32.dll
2010-07-07 01:51 . 2010-07-07 01:51 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51 . 2010-07-07 01:51 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-07-07 01:50 . 2010-07-07 01:50 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-07-07 01:49 . 2010-07-07 01:49 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:49 . 2010-07-07 01:49 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-07-07 01:49 . 2010-07-07 01:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:46 . 2010-07-07 01:46 3826688 ----a-w- c:\windows\system32\atidxx32.dll
2010-07-07 01:29 . 2010-07-07 01:29 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-07-07 01:29 . 2010-07-07 01:29 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-07-07 01:28 . 2010-04-07 01:40 3975680 ----a-w- c:\windows\system32\atiumdag.dll
2010-07-07 01:27 . 2010-07-07 01:27 4323840 ----a-w- c:\windows\system32\aticaldd.dll
2010-07-07 01:24 . 2010-04-07 01:46 50176 ----a-w- c:\windows\system32\coinst.dll
2010-07-07 01:23 . 2010-07-07 01:23 3058688 ----a-w- c:\windows\system32\atiumdva.dll
2010-07-07 01:16 . 2010-07-07 01:16 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 16896 ----a-w- c:\windows\system32\atigktxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 210944 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:14 . 2010-07-07 01:14 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-07-07 01:14 . 2010-04-07 01:22 22528 ----a-w- c:\windows\system32\atiu9pag.dll
2010-07-07 01:14 . 2010-04-07 01:22 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-07-07 01:14 . 2010-07-07 01:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-06-29 16:42 . 2010-06-29 16:42 -------- d-----w- c:\program files\CPUID
2010-06-26 06:05 . 2010-08-12 20:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 20:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 20:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 20:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-25 12:13 . 2010-06-25 12:13 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-21 13:37 . 2010-08-12 20:32 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 20:32 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-15 22:28 . 2010-06-15 22:28 2857 ----a-w- c:\windows\system32\atipblag.dat
2010-06-11 16:16 . 2010-08-12 20:32 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 17:35 . 2010-08-12 20:32 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 20:32 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"Google Update"="c:\users\shelapc\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-25 136176]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-19 8452640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]

c:\users\shelapc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2010-4-13 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6e,95,8f,9a,05,df,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 IOCOBQSUX;IOCOBQSUX;c:\users\shela\AppData\Local\Temp\IOCOBQSUX.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\ADFB.tmp [x]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-30 20968]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-158432053-33250685-416099384-1002Core.job
- c:\users\shelapc\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-25 21:13]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-158432053-33250685-416099384-1002UA.job
- c:\users\shelapc\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-25 21:13]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 17:47
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\ADFB.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-158432053-33250685-416099384-1002\Software\SecuROM\License information*]
"datasecu"=hex:ab,4b,23,ba,88,59,ee,76,f3,6f,dc,21,81,65,1a,6a,e1,00,23,81,fe,
c0,e0,79,d5,8a,4d,f7,56,ba,55,57,d2,47,ba,63,31,88,aa,ee,30,a2,6d,04,7a,a8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Celkový čas: 2010-08-27 17:48:35
ComboFix-quarantined-files.txt 2010-08-27 15:48
ComboFix2.txt 2010-08-27 15:19

Před spuštěním: Volných bajtů: 119 545 270 272
Po spuštění: Volných bajtů: 119 502 966 784

- - End Of File - - 3188E1A442B5F02871E5C4ED4A31CD0F

#4 Příspěvek od **vyosek** » 27 srp 2010 18:29

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Folder::
c:\users\shelapc\AppData\Local\temp
c:\users\Public\AppData\Local\temp
c:\users\Default\AppData\Local\temp

Collect::
c:\windows\system32\runouce.exe
c:\windows\rundll16.exe
c:\windows\RUNDL132.EXE
c:\windows\logo1_.exe
c:\windows\logo_1.exe

File::
c:\windows\1C4551A64743409391E41477CD655043.TMP
c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
c:\windows\system32\ADFB.tmp
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-158432053-33250685-416099384-1002Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-158432053-33250685-416099384-1002UA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"ehTray.exe"=-
"WMPNSCFG"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-

Driver::
IOCOBQSUX
MEMSWEEP2
rkhdrv40

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

shela · #5 Příspěvek od **shela** » 27 srp 2010 19:11

ComboFix 10-08-26.04 - shelapc 27.08.2010 19:57:04.4.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1765 [GMT 2:00]
Spuštěný z: c:\users\shelapc\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\shelapc\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\1C4551A64743409391E41477CD655043.TMP"
"c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP"
"c:\windows\system32\ADFB.tmp"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-158432053-33250685-416099384-1002Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-158432053-33250685-416099384-1002UA.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Default\AppData\Local\temp
c:\users\Public\AppData\Local\temp
c:\users\shelapc\AppData\Local\temp
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-158432053-33250685-416099384-1002Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-158432053-33250685-416099384-1002UA.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHDRV40
-------\Service_IOCOBQSUX
-------\Service_MEMSWEEP2
-------\Service_rkhdrv40

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-27 do 2010-08-27 )))))))))))))))))))))))))))))))
.

2010-08-27 18:02 . 2010-08-27 18:03 -------- d-----w- c:\users\shelapc\AppData\Local\Temp
2010-08-27 09:31 . 2010-08-27 09:32 -------- d-----w- C:\rsit
2010-08-26 15:27 . 2010-08-26 15:27 -------- d---a-w- c:\windows\VDLL.DLL
2010-08-26 15:27 . 2010-08-26 15:27 -------- d---a-w- c:\windows\system32\runouce.exe
2010-08-26 15:27 . 2010-08-26 15:27 -------- d---a-w- c:\windows\rundll16.exe
2010-08-26 15:27 . 2010-08-26 15:27 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-08-26 15:27 . 2010-08-26 15:27 -------- d---a-w- c:\windows\logo1_.exe
2010-08-26 15:27 . 2010-08-26 15:27 -------- d---a-w- c:\windows\logo_1.exe
2010-08-26 15:22 . 2010-08-26 15:22 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-08-26 15:22 . 2010-08-26 15:22 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-08-26 15:22 . 2010-08-26 15:22 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-08-26 15:22 . 2010-08-26 15:22 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-08-26 15:22 . 2010-08-26 15:22 -------- d-----w- c:\programdata\MicroWorld
2010-08-26 14:27 . 2010-08-26 14:27 -------- d-----w- c:\program files\Microsoft.NET
2010-08-26 13:09 . 2010-08-26 16:51 -------- d-----w- c:\program files\ESET
2010-08-26 12:53 . 2010-08-26 12:53 -------- d-----w- c:\program files\Common Files\Java
2010-08-26 12:52 . 2010-08-26 12:52 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-26 12:52 . 2010-08-26 12:52 -------- d-----w- c:\program files\Java
2010-08-26 12:33 . 2010-08-26 12:33 -------- d-----w- c:\program files\CCleaner
2010-08-26 12:32 . 2010-08-27 14:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-26 12:32 . 2010-08-27 14:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-26 10:54 . 2010-08-26 10:54 -------- d-----w- c:\users\shelapc\AppData\Local\WinZip
2010-08-24 18:30 . 2010-08-24 22:54 -------- d-----w- c:\program files\StarCraft II
2010-08-24 18:30 . 2010-08-24 21:49 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-08-15 19:18 . 2010-08-15 19:18 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2010-08-15 19:01 . 2010-08-15 19:38 -------- d-----w- c:\program files\Dragon Age
2010-08-12 20:31 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 20:31 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 20:31 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 20:31 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 18:29 . 2010-08-11 18:29 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-08-11 18:29 . 2010-08-15 19:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-11 18:09 . 2010-08-17 19:16 -------- d-----w- c:\program files\Mass Effect 2
2010-08-11 12:33 . 2010-08-11 12:33 -------- d-----w- c:\users\shelapc\AppData\Local\2K Games
2010-08-11 12:33 . 2010-08-11 12:33 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-11 12:32 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-11 12:32 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-11 12:32 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-11 12:32 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-11 12:32 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-11 12:32 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-11 12:32 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-11 12:32 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-07 14:36 . 2010-08-07 14:36 -------- d-----w- c:\programdata\ATI
2010-07-29 11:31 . 2010-07-29 11:31 96920 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-07-29 11:31 . 2010-07-29 11:31 136632 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-07-29 11:31 . 2010-07-29 11:31 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 18:03 . 2010-04-25 22:13 -------- d-----w- c:\program files\Steam
2010-08-27 15:04 . 2007-01-08 21:09 607232 ----a-w- c:\windows\system32\perfh005.dat
2010-08-27 15:04 . 2007-01-08 21:09 117912 ----a-w- c:\windows\system32\perfc005.dat
2010-08-27 09:38 . 2010-04-18 16:03 -------- d-----w- c:\program files\trend micro
2010-08-26 18:27 . 2010-07-07 12:59 -------- d-----w- c:\program files\Pando Networks
2010-08-26 12:41 . 2010-04-28 19:34 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-26 12:35 . 2010-04-18 17:05 -------- d-----w- c:\users\shelapc\AppData\Roaming\Media Player Classic
2010-08-26 10:31 . 2010-04-25 22:13 -------- d-----w- c:\program files\Common Files\Steam
2010-08-24 22:55 . 2010-08-24 22:55 7383104 ----a-w- c:\users\shelapc\AppData\Roaming\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build10.exe
2010-08-24 22:55 . 2010-04-18 13:08 -------- d-----w- c:\program files\Opera
2010-08-24 21:49 . 2010-08-24 21:49 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-24 18:49 . 2010-05-29 01:56 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-15 20:04 . 2010-04-23 11:37 -------- d-----w- c:\programdata\BioWare
2010-08-15 19:18 . 2010-04-23 11:35 -------- d-----w- c:\programdata\Media Center Programs
2010-08-15 19:18 . 2010-04-23 11:21 -------- d-----w- c:\program files\Common Files\BioWare
2010-08-13 21:05 . 2010-04-26 16:06 -------- d-----w- c:\program files\JDownloader
2010-08-13 01:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-07 14:34 . 2010-04-18 15:11 -------- d-----w- c:\program files\ATI
2010-08-07 14:33 . 2010-05-15 13:06 -------- d-----w- c:\program files\ATI Technologies
2010-07-18 11:17 . 2010-07-18 11:17 -------- d-----w- c:\users\shelapc\AppData\Roaming\Zoner
2010-07-18 11:17 . 2010-07-18 11:17 -------- d-----w- c:\program files\Zoner
2010-07-13 18:15 . 2010-06-11 16:17 -------- d-----w- c:\program files\SpeedFan
2010-07-07 02:29 . 2010-07-07 02:29 5882368 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-07-07 01:55 . 2010-07-07 01:55 15461888 ----a-w- c:\windows\system32\atioglxx.dll
2010-07-07 01:54 . 2010-07-07 01:54 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:54 . 2010-07-07 01:54 513024 ----a-w- c:\windows\system32\aticfx32.dll
2010-07-07 01:51 . 2010-07-07 01:51 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51 . 2010-07-07 01:51 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-07-07 01:50 . 2010-07-07 01:50 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-07-07 01:49 . 2010-07-07 01:49 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:49 . 2010-07-07 01:49 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-07-07 01:49 . 2010-07-07 01:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:46 . 2010-07-07 01:46 3826688 ----a-w- c:\windows\system32\atidxx32.dll
2010-07-07 01:29 . 2010-07-07 01:29 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-07-07 01:29 . 2010-07-07 01:29 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-07-07 01:28 . 2010-04-07 01:40 3975680 ----a-w- c:\windows\system32\atiumdag.dll
2010-07-07 01:27 . 2010-07-07 01:27 4323840 ----a-w- c:\windows\system32\aticaldd.dll
2010-07-07 01:24 . 2010-04-07 01:46 50176 ----a-w- c:\windows\system32\coinst.dll
2010-07-07 01:23 . 2010-07-07 01:23 3058688 ----a-w- c:\windows\system32\atiumdva.dll
2010-07-07 01:16 . 2010-07-07 01:16 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 16896 ----a-w- c:\windows\system32\atigktxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 210944 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:14 . 2010-07-07 01:14 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-07-07 01:14 . 2010-04-07 01:22 22528 ----a-w- c:\windows\system32\atiu9pag.dll
2010-07-07 01:14 . 2010-04-07 01:22 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-07-07 01:14 . 2010-07-07 01:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-06-29 16:42 . 2010-06-29 16:42 -------- d-----w- c:\program files\CPUID
2010-06-26 06:05 . 2010-08-12 20:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 20:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 20:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 20:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-25 12:13 . 2010-06-25 12:13 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-21 13:37 . 2010-08-12 20:32 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 20:32 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-15 22:28 . 2010-06-15 22:28 2857 ----a-w- c:\windows\system32\atipblag.dat
2010-06-11 16:16 . 2010-08-12 20:32 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 17:35 . 2010-08-12 20:32 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 20:32 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-19 8452640]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]

c:\users\shelapc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2010-4-13 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6e,95,8f,9a,05,df,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-30 20968]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 20:03
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-158432053-33250685-416099384-1002\Software\SecuROM\License information*]
"datasecu"=hex:ab,4b,23,ba,88,59,ee,76,f3,6f,dc,21,81,65,1a,6a,e1,00,23,81,fe,
c0,e0,79,d5,8a,4d,f7,56,ba,55,57,d2,47,ba,63,31,88,aa,ee,30,a2,6d,04,7a,a8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2640)
c:\program files\Altap Salamander 2.5\plugins\salamext.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2010-08-27 20:08:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-27 18:08
ComboFix2.txt 2010-08-27 15:48
ComboFix3.txt 2010-08-27 15:19

Před spuštěním: Volných bajtů: 118 794 637 312
Po spuštění: Volných bajtů: 118 433 615 872

- - End Of File - - 51A910D54A64B854EFC919BD2233BDE5

#6 Příspěvek od **vyosek** » 27 srp 2010 19:18

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

shela · #7 Příspěvek od **shela** » 27 srp 2010 20:48

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4490

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

27.8.2010 21:44:51
mbam-log-2010-08-27 (21-44-51).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|H:\|L:\|)
Skenované objekty: 362321
Uplynulý čas: 58 minuta(y), 8 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

#8 Příspěvek od **vyosek** » 27 srp 2010 21:20

Jak se chova PC

shela · #9 Příspěvek od **shela** » 27 srp 2010 22:12

Připadá mi v pořádku, nic na mě nevyskakuje, programy reagují rychle a pc nabíhá rychle. Jste mocný guru

.

shela · #10 Příspěvek od **shela** » 27 srp 2010 23:01

#11 Příspěvek od **vyosek** » 28 srp 2010 07:40

Na druhy PC zalozte nove tema a dejte do predmetu "pro vyosek" - tady by se to motalo. Vas prispevek s RSITem tady editujte a RSIT smazte - dejte tam treba smajlika..
.
Co se tyce leceneho PC-tento topic- udelejte jeste toto:

MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Vlozte novy log ze RSITu

Nemate zac, rad jsem pomohl

shela · #12 Příspěvek od **shela** » 28 srp 2010 08:59

dobrý den zde je tedy ten log z RIST

Logfile of random's system information tool 1.08 (written by random/random)
Run by shelapc at 2010-08-28 09:54:05
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 111 GB (36%) free of 305 GB
Total RAM: 3070 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:54:16, on 28.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Users\shelapc\Downloads\RSIT.exe
C:\Program Files\trend micro\shelapc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Startup: Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 3704 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-26 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-01-19 8452640]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-03 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2010-08-24 1242448]

C:\Users\shelapc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Impulse Now.lnk - C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-08-28 09:54:05 ----D---- C:\rsit
2010-08-28 09:41:13 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-08-28 09:33:29 ----D---- C:\Program Files\CCleaner
2010-08-27 22:59:01 ----D---- C:\ProgramData\ATI
2010-08-27 22:58:46 ----ASH---- C:\hiberfil.sys
2010-08-27 22:49:17 ----D---- C:\Program Files\ATI
2010-08-27 22:48:45 ----D---- C:\Program Files\ATI Technologies
2010-08-27 22:48:04 ----D---- C:\ATI
2010-08-27 22:18:06 ----D---- C:\driver
2010-08-27 20:21:19 ----D---- C:\Users\shelapc\AppData\Roaming\Malwarebytes
2010-08-27 20:21:07 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-27 20:21:06 ----D---- C:\ProgramData\Malwarebytes
2010-08-27 20:21:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-27 20:21:05 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-27 20:08:50 ----D---- C:\Windows\temp
2010-08-27 20:03:04 ----D---- C:\$RECYCLE.BIN
2010-08-26 16:27:15 ----D---- C:\Program Files\Microsoft.NET
2010-08-26 15:09:41 ----D---- C:\ProgramData\ESET
2010-08-26 15:09:41 ----D---- C:\Program Files\ESET
2010-08-26 14:53:38 ----D---- C:\ProgramData\Sun
2010-08-26 14:53:36 ----D---- C:\Program Files\Common Files\Java
2010-08-26 14:52:57 ----A---- C:\Windows\system32\deployJava1.dll
2010-08-26 14:52:56 ----A---- C:\Windows\system32\javaws.exe
2010-08-26 14:52:56 ----A---- C:\Windows\system32\javaw.exe
2010-08-26 14:52:56 ----A---- C:\Windows\system32\java.exe
2010-08-26 14:52:17 ----D---- C:\Program Files\Java
2010-08-26 14:32:49 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-08-26 14:32:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-24 20:30:41 ----D---- C:\ProgramData\Blizzard Entertainment
2010-08-24 20:30:41 ----D---- C:\Program Files\StarCraft II
2010-08-15 21:01:42 ----D---- C:\Program Files\Dragon Age
2010-08-12 22:32:28 ----A---- C:\Windows\system32\iertutil.dll
2010-08-12 22:32:27 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 22:32:26 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 22:32:26 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\occache.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\mstime.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-12 22:32:25 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-12 22:32:25 ----A---- C:\Windows\system32\ieui.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\iesetup.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\iernonce.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-12 22:32:25 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-12 22:32:23 ----A---- C:\Windows\system32\iccvid.dll
2010-08-12 22:32:22 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 22:32:17 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 22:32:12 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 22:32:02 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-12 22:32:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 22:31:57 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 22:31:55 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 22:31:55 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 22:31:54 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-11 20:29:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-08-11 20:09:46 ----D---- C:\Program Files\Mass Effect 2
2010-08-11 14:33:05 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-11 14:32:40 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-08-11 14:32:40 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-08-11 14:32:40 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-08-11 14:32:40 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-08-11 14:32:40 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-08-11 14:32:40 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-08-11 14:32:40 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-08-11 14:32:40 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-08-06 18:10:20 ----A---- C:\Windows\system32\shell32.dll
2010-08-04 04:21:42 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2010-08-04 03:55:00 ----A---- C:\Windows\system32\atiapfxx.exe
2010-08-04 03:54:50 ----A---- C:\Windows\system32\aticfx32.dll
2010-08-04 03:52:04 ----A---- C:\Windows\system32\ATIDEMGX.dll
2010-08-04 03:51:36 ----A---- C:\Windows\system32\atieclxx.exe
2010-08-04 03:51:10 ----A---- C:\Windows\system32\atiesrxx.exe
2010-08-04 03:50:06 ----A---- C:\Windows\system32\atitmmxx.dll
2010-08-04 03:49:50 ----A---- C:\Windows\system32\atipdlxx.dll
2010-08-04 03:49:48 ----A---- C:\Windows\system32\atioglxx.dll
2010-08-04 03:49:40 ----A---- C:\Windows\system32\Oemdspif.dll
2010-08-04 03:49:34 ----A---- C:\Windows\system32\atimuixx.dll
2010-08-04 03:49:26 ----A---- C:\Windows\system32\ati2edxx.dll
2010-08-04 03:46:32 ----A---- C:\Windows\system32\atidxx32.dll
2010-08-04 03:28:26 ----A---- C:\Windows\system32\atiumdag.dll
2010-08-04 03:26:00 ----A---- C:\Windows\system32\aticalrt.dll
2010-08-04 03:25:50 ----A---- C:\Windows\system32\aticalcl.dll
2010-08-04 03:24:34 ----A---- C:\Windows\system32\aticaldd.dll
2010-08-04 03:21:38 ----A---- C:\Windows\system32\atiumdva.dll
2010-08-04 03:16:06 ----A---- C:\Windows\system32\atiadlxx.dll
2010-08-04 03:15:54 ----A---- C:\Windows\system32\atiglpxx.dll
2010-08-04 03:15:48 ----A---- C:\Windows\system32\atigktxx.dll
2010-08-04 03:15:28 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2010-08-04 03:15:02 ----A---- C:\Windows\system32\atiuxpag.dll
2010-08-04 03:14:48 ----A---- C:\Windows\system32\atiu9pag.dll
2010-08-04 03:14:26 ----A---- C:\Windows\system32\atitmpxx.dll
2010-08-04 03:14:12 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2010-08-04 03:09:22 ----A---- C:\Windows\system32\atimpc32.dll
2010-08-04 03:09:22 ----A---- C:\Windows\system32\amdpcom32.dll
2010-07-29 13:31:26 ----A---- C:\Windows\system32\drivers\epfwwfpr.sys
2010-07-29 13:31:26 ----A---- C:\Windows\system32\drivers\ehdrv.sys
2010-07-29 13:31:26 ----A---- C:\Windows\system32\drivers\eamonm.sys

======List of files/folders modified in the last 1 months======

2010-08-28 09:54:16 ----D---- C:\Program Files\trend micro
2010-08-28 09:51:49 ----D---- C:\Windows\Prefetch
2010-08-28 09:51:46 ----RD---- C:\Program Files
2010-08-28 09:41:13 ----D---- C:\ProgramData
2010-08-28 09:38:59 ----SHD---- C:\Windows\Installer
2010-08-28 09:38:59 ----D---- C:\Windows
2010-08-28 09:38:58 ----D---- C:\ProgramData\WinZip
2010-08-28 09:38:19 ----SHD---- C:\System Volume Information
2010-08-28 09:35:26 ----D---- C:\Windows\System32
2010-08-28 09:35:26 ----D---- C:\Windows\inf
2010-08-28 09:35:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-28 09:29:00 ----D---- C:\Program Files\Steam
2010-08-28 09:19:38 ----D---- C:\Program Files\Common Files
2010-08-28 00:10:04 ----D---- C:\Users\shelapc\AppData\Roaming\Media Player Classic
2010-08-27 22:59:01 ----D---- C:\Users\shelapc\AppData\Roaming\ATI
2010-08-27 22:50:39 ----D---- C:\Windows\system32\drivers
2010-08-27 22:50:36 ----D---- C:\Windows\system32\catroot
2010-08-27 22:41:46 ----D---- C:\Windows\system32\catroot2
2010-08-27 20:03:07 ----A---- C:\Windows\system.ini
2010-08-27 20:03:01 ----D---- C:\Windows\system32\drivers\etc
2010-08-27 20:01:28 ----D---- C:\Windows\system32\config
2010-08-27 20:00:52 ----D---- C:\Windows\Tasks
2010-08-27 19:59:13 ----D---- C:\Windows\AppPatch
2010-08-26 20:27:35 ----D---- C:\Program Files\Pando Networks
2010-08-26 17:50:50 ----RSD---- C:\Windows\assembly
2010-08-26 17:50:50 ----D---- C:\Windows\Microsoft.NET
2010-08-26 16:30:38 ----D---- C:\Windows\system32\cs-CZ
2010-08-26 16:27:16 ----D---- C:\Windows\system32\en-US
2010-08-26 14:41:24 ----A---- C:\Windows\system32\pbsvc.exe
2010-08-26 14:35:33 ----D---- C:\Windows\Debug
2010-08-26 12:31:43 ----D---- C:\Program Files\Common Files\Steam
2010-08-25 00:55:29 ----D---- C:\Program Files\Opera
2010-08-24 20:49:53 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-08-15 22:04:36 ----D---- C:\ProgramData\BioWare
2010-08-15 21:18:07 ----D---- C:\ProgramData\Media Center Programs
2010-08-15 21:18:06 ----D---- C:\Program Files\Common Files\BioWare
2010-08-13 23:05:10 ----D---- C:\Program Files\JDownloader
2010-08-13 15:24:27 ----D---- C:\Windows\winsxs
2010-08-13 15:11:33 ----D---- C:\Windows\system32\migration
2010-08-13 15:11:33 ----D---- C:\Program Files\Internet Explorer
2010-08-13 15:11:31 ----D---- C:\Program Files\Movie Maker
2010-08-13 03:00:07 ----D---- C:\Program Files\Windows Mail
2010-08-07 16:11:19 ----D---- C:\Windows\system32\Tasks
2010-08-04 03:23:44 ----A---- C:\Windows\system32\coinst.dll
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R2 cpuz133;cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x32.sys [2010-03-30 20968]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-08-04 214016]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH3.sys [2010-07-15 99344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-01-19 2991328]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 195072]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-03-09 104464]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-08-04 176128]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-08-25 407336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

#13 Příspěvek od **vyosek** » 28 srp 2010 09:10

Otevrete si poznamkovy blok

Start->spustit->notepad
Vlozte text nize

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-

Soubor ulozte jako oprava.reg
Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
Zavrit notepad a spustit dvojklikem oprava.reg
Pripadny dotaz na zmenu registru potvrdte
Okno jen problikne a opravi regsitry - soubor muzete smazat

Jinak je log OK

Pokud chcete zkontrolovcat i ten druhy PC, tak zalozte nove tema a do predmetu dejte "pro vyosek" a kolegove mi to prenechaji

shela · #14 Příspěvek od **shela** » 28 srp 2010 09:19

Mnohokrát děkuji za pomoc, teď už si budu dávat pozor kam lezu. To druhé PC bylo vlastně to první, jen ten log byl dán asi předčasně. Díky ó mocný

.

#15 Příspěvek od **vyosek** » 28 srp 2010 09:28

Nechte te chvaly

Nejdulezitejsi a nejjednodussi ochrana PC je pouzivat rozum pri prohlizeni netu - zadny antivir/firewall Vas neochrani pokud klikate na kdejakou kravinu a navstevujete "temna" zakouti netu - porno, cracky apod...

Pokud jej chcete zkontrolovat, tak do noveho tematu a kouknem na nej, neco jsem tam totiz videl

VIRY.CZ

prosim o kontrolu

prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu