prosim o kontrolu

Zpráva

killer. · #1 Příspěvek od **killer.** » 29 zář 2010 17:56

Prosim o kontrolu pc,system byl zavirovan.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Thor at 2010-09-29 18:53:45
Microsoft Windows 7 Ultimate
System drive C: has 53 GB (69%) free of 76 GB
Total RAM: 1024 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:13, on 29.9.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Thor\Desktop\RSIT.exe
C:\Program Files\trend micro\Thor.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2481ECB0-272D-4DA0-8BA8-9A27E640F200}: NameServer = 80.82.152.2,81.92.155.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2481ECB0-272D-4DA0-8BA8-9A27E640F200}: NameServer = 80.82.152.2,81.92.155.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2481ECB0-272D-4DA0-8BA8-9A27E640F200}: NameServer = 80.82.152.2,81.92.155.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4807 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2010-05-19 1117976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-08-07 2176512]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-08-07 3037696]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-05-19 462104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanSetup]
cmd /C rmdir /S /Q C:\Users\Thor\AppData\Local\Temp\nro.tmp\ []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrpConv]
grpconv.exe -o []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\Windows\SOUNDMAN.EXE [2009-04-14 604704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-29 18:53:48 ----D---- C:\Program Files\trend micro
2010-09-29 18:53:45 ----D---- C:\rsit
2010-09-29 11:52:26 ----D---- C:\Users\Thor\AppData\Roaming\Ahead
2010-09-29 11:51:11 ----D---- C:\ProgramData\Ahead
2010-09-29 11:48:42 ----D---- C:\ProgramData\Nero
2010-09-29 11:48:42 ----D---- C:\Program Files\Nero
2010-09-29 11:48:41 ----D---- C:\Program Files\Common Files\Ahead
2010-09-29 10:07:53 ----D---- C:\ProgramData\NVIDIA Corporation
2010-09-26 16:06:48 ----A---- C:\Windows\system32\iertutil.dll
2010-09-26 15:51:07 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-09-26 15:51:07 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-09-26 15:51:06 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-09-26 15:51:06 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-09-26 15:51:06 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-09-26 15:51:06 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-09-26 15:51:06 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-09-26 15:51:05 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-09-26 15:51:05 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-09-26 15:51:05 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-09-26 15:51:04 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-09-26 15:51:04 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-09-26 15:39:21 ----D---- C:\Program Files\NVIDIA Corporation
2010-09-26 14:58:11 ----A---- C:\Windows\system32\spoolsv.exe

======List of files/folders modified in the last 1 months======

2010-09-29 18:54:02 ----D---- C:\Windows\Prefetch
2010-09-29 18:53:53 ----D---- C:\Windows\Temp
2010-09-29 18:53:48 ----RD---- C:\Program Files
2010-09-29 17:08:16 ----D---- C:\Windows\System32
2010-09-29 17:08:15 ----D---- C:\Windows\inf
2010-09-29 17:08:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-29 16:49:32 ----D---- C:\Windows\system32\config
2010-09-29 16:26:13 ----D---- C:\ProgramData\Spyware Terminator
2010-09-29 16:26:07 ----SHD---- C:\System Volume Information
2010-09-29 16:25:55 ----D---- C:\Program Files\Spyware Terminator
2010-09-29 15:20:26 ----D---- C:\Windows\rescache
2010-09-29 13:35:27 ----D---- C:\Users\Thor\AppData\Roaming\Spyware Terminator
2010-09-29 13:33:02 ----D---- C:\Windows
2010-09-29 12:27:05 ----D---- C:\Windows\debug
2010-09-29 11:53:56 ----SHD---- C:\Windows\Installer
2010-09-29 11:53:52 ----D---- C:\Windows\winsxs
2010-09-29 11:51:11 ----HD---- C:\ProgramData
2010-09-29 11:50:25 ----D---- C:\Windows\ehome
2010-09-29 11:48:41 ----D---- C:\Program Files\Common Files
2010-09-29 11:35:05 ----D---- C:\Program Files\CCleaner
2010-09-29 11:33:22 ----D---- C:\Program Files\Mozilla Firefox
2010-09-29 10:13:44 ----D---- C:\ProgramData\NVIDIA
2010-09-29 10:07:37 ----D---- C:\Windows\system32\drivers
2010-09-29 10:07:23 ----D---- C:\Windows\system32\catroot
2010-09-29 10:07:20 ----D---- C:\Windows\system32\DriverStore
2010-09-26 16:07:05 ----A---- C:\Windows\system32\MRT.exe
2010-09-26 15:50:37 ----RSD---- C:\Windows\assembly
2010-09-26 15:49:36 ----D---- C:\Windows\Logs
2010-09-26 14:55:53 ----D---- C:\Windows\system32\catroot2
2010-09-26 14:53:39 ----D---- C:\Program Files\WinClamAVShield
2010-09-08 09:47:45 ----D---- C:\Windows\system32\wdi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-08 691696]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-08-07 142592]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-08-08 281760]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-11-16 135048]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-11-16 38240]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-08-08 25888]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2009-06-18 4172832]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver; C:\Windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1812512]
S3 a0f8d4bw;a0f8d4bw; C:\Windows\system32\drivers\a0f8d4bw.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 GVCplDrv;GVCplDrv; C:\Windows\system32\drivers\GVCplDrv.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-08-07 488960]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1343400]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 30 zář 2010 05:30

Zdravim a pekny den preji

Poprosim i o druhy log ze RSITu s nazvem info.txt - je ulozen v c:\rsit

Predpokladam ze ten balicek ESETu mate legalni = zakoupena licence

Byl zavirovan, cim jste ho odvirovaval

killer. · #3 Příspěvek od **killer.** » 30 zář 2010 18:49

Vám také přeju krásný zbytek dne

log txt:

info.txt logfile of random's system information tool 1.08 2010-09-29 18:54:19

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Reader 9 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A90000000001}
ANNO 1404-->"C:\Program Files\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\setup.exe" -runfromtemp -l0x0005 -removeonly
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition-->MsiExec.exe /X{91C0B95B-B83A-4828-A775-BBE2DD421029}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Revo Uninstaller 1.89-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Seznam Pošťák 2 (Všichni uživatelé tohoto počítače.)-->"C:\Program Files\Seznam.cz\postak-uninstall.exe" /AllUsers
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
TP-LINK Wireless Adapter Driver and Utility-->C:\Program Files\\InstallShield Installation Information\{5CAC0A4E-F179-4229-92DB-FCA9F5BEAB7A}\setup.exe -uninst -l0x9 -removeonly
WinRAR-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Distributed Link Tracking Client byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Security Center byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Desktop Window Manager Session Manager byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Diagnostic Policy Service byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Stav služby Microsoft Software Shadow Copy Provider byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247D28-05
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPDriverNotFound
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x86
P2: PCI\VEN_10DE&DEV_0059&SUBSYS_AE011458&REV_A2
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Připojené soubory:
C:\Windows\Temp\DMI4685.tmp.log.xml

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_ff32e1e941b4747ce42a02f9acbc45513947c3a_cab_02d2482a

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: 952ea658-a066-11df-af0f-ff63810a1380
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20100805075350.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100805075251.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100805075245.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100805075241.234375-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247D28-05
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100805075241.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: 37L4247D28-05
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247D28-05$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100805075210.843750-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247D28-05$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100805075210.843750-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x21f92
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100805075210.421875-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100805075207.953125-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247D28-05
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100805075207.859375-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=1
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 10, AuthenticAMD
"PROCESSOR_REVISION"=040a

-----------------EOF-----------------

odviroval jsem ho spyware terminatorem a esetem

#4 Příspěvek od **vyosek** » 30 zář 2010 22:21

Dejte mi prosim screen karanteny Spyware Terminatora (navod na screen http://www.viry.cz/forum/viewtopic.php?f=15&t=14114)

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

killer. · #5 Příspěvek od **killer.** » 01 říj 2010 07:32

prvni log z terminatora

Kód: Vybrat vše

http://img97.imageshack.us/img97/8956/beznzvuqa.png

druhy lo z terminatora

Kód: Vybrat vše

http://img34.imageshack.us/img34/2406/beznzvu2q.png

log MBAM:

Internet Explorer 8.0.7600.16385

1.10.2010 9:59:36
mbam-log-2010-10-01 (09-59-36).txt

Typ skenu: Úplný sken (C:\|F:\|G:\|I:\|)
Skenované objekty: 304324
Uplynulý čas: 1 hodina(y), 8 minuta(y), 46 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 12

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
F:\Instalacni programy\profi_vypalovani_8\nero8x.exe (RiskWare.Tool.CK) -> No action taken.
F:\Instalacni programy\Meni hlas.ICQ-SKYPE\Voice_Changer_Software_Diamond_4\keygen.exe (RiskWare.Tool.CK) -> No action taken.
F:\System Volume Information\_restore{621002DE-16C4-4C12-A467-81A99CD0A7F1}\RP107\A0026695.exe (Trojan.Downloader) -> No action taken.
F:\System Volume Information\_restore{621002DE-16C4-4C12-A467-81A99CD0A7F1}\RP107\A0026697.exe (Trojan.Downloader) -> No action taken.
I:\Ostatni\Hry zaloha\Battlefield.2\Battlefield.2.Keygen-ViTALiTY\vtl-bf2k\vtl-bf2k.exe (Trojan.Agent) -> No action taken.
I:\Ostatni\Hry zaloha\Call of Duty(R) 4 - Modern Warfare\Crack_-_nocd_keygen\rzr-cod4.exe (Trojan.Agent.CK) -> No action taken.
I:\Ostatni\Telefon\Aplikace,Hry na Samsung\handy taskman\keygen.exe (Trojan.Downloader) -> No action taken.
I:\Programy zaloha\Microsoft\Office.2007.Enterprise.By.Mr_Tommy.Of.sMs\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
I:\Programy zaloha\Microsoft\Office.2007.Enterprise.By.Mr_Tommy.Of.sMs\Office_2007_SP2_CZ_enterpriseEdition\Bonus\keygen.exe (RiskWare.Tool.CK) -> No action taken.
I:\Programy zaloha\NERO71010\Ahead.Nero.7.xx.All.Editions.and.Some.Plug-Ins.WORKING.KEYGEN-FFF\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
I:\Programy zaloha\EarthTime.v2.2.2\earthtime.v2.2.2-patch.exe (Malware.Packer.Gen) -> No action taken.
I:\Programy zaloha\VSO ConvertXtoDVD 2.1.14.223 CZ\Crack\convertxtodvd. generic.141206 -patch.exe (Trojan.Downloader) -> No action taken.

#6 Příspěvek od **vyosek** » 01 říj 2010 11:23

Vse SMAZAT

Keygeny, cracky a podobna "dobrota" nema v PC co delat - nejen ze splni ucel ale i natahnout dalsi kamarady, otevrou zadni vratka atd...Nehlede na porusovani autorskeho zakona a pachani trestneho cinu

Jsou s PC nejake problemy

killer. · #7 Příspěvek od **killer.** » 01 říj 2010 19:16

Netusim kde se to tam vzalo,syn ma nejake hry od kamaradu tak to bylo asi z tech dvd.No pc se po 2 minutach tak na 2 sekundy sekne,pak zas chvilku jde a zas se sekne.Vubec netusim co by to mohlo delat.

#8 Příspěvek od **vyosek** » 02 říj 2010 00:22

Kouknem na to poradnym nastrojem

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

killer. · #9 Příspěvek od **killer.** » 02 říj 2010 07:51

ComboFix 10-10-01.01 - Thor 02.10.2010 8:24.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.1024.490 [GMT 2:00]
Spuštěný z: c:\users\Thor\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SIntf16.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntfNT.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-02 do 2010-10-02 )))))))))))))))))))))))))))))))
.

2010-10-01 06:34 . 2010-10-01 06:34 -------- d-----w- c:\users\Thor\AppData\Roaming\Malwarebytes
2010-10-01 06:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 06:34 . 2010-10-01 06:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 06:34 . 2010-10-01 06:34 -------- d-----w- c:\programdata\Malwarebytes
2010-10-01 06:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-30 20:53 . 2010-09-30 20:58 -------- d-----w- C:\586b14dc73a7a80746
2010-09-30 20:53 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-29 19:56 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 16:53 . 2010-09-29 16:54 -------- d-----w- c:\program files\trend micro
2010-09-29 16:53 . 2010-09-29 16:54 -------- d-----w- C:\rsit
2010-09-29 09:52 . 2010-09-29 15:33 -------- d-----w- c:\users\Thor\AppData\Roaming\Ahead
2010-09-29 09:51 . 2010-09-29 09:51 -------- d-----w- c:\programdata\Ahead
2010-09-29 09:48 . 2010-09-29 09:48 -------- d-----w- c:\programdata\Nero
2010-09-29 09:48 . 2010-09-29 09:48 -------- d-----w- c:\program files\Nero
2010-09-29 09:48 . 2010-09-29 09:50 -------- d-----w- c:\program files\Common Files\Ahead
2010-09-29 08:07 . 2010-09-29 08:07 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-09-29 07:38 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-26 13:51 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-26 13:51 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-26 13:51 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-26 13:51 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-26 13:51 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-26 13:51 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-26 13:51 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-26 13:51 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-26 13:51 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-26 13:51 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-26 13:51 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-26 13:51 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-26 13:39 . 2010-09-29 08:08 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-26 13:38 . 2010-09-26 13:38 -------- d-----w- c:\users\Thor\AppData\Local\2K Games
2010-09-26 12:58 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 09:02 . 2010-08-07 16:36 -------- d-----w- c:\program files\VS Revo Group
2010-09-30 20:58 . 2009-07-14 08:44 631054 ----a-w- c:\windows\system32\perfh005.dat
2010-09-30 20:58 . 2009-07-14 08:44 121708 ----a-w- c:\windows\system32\perfc005.dat
2010-09-30 20:54 . 2010-08-08 14:09 -------- d-----w- c:\program files\Microsoft.NET
2010-09-30 19:22 . 2010-08-07 16:13 -------- d-----w- c:\programdata\Spyware Terminator
2010-09-30 17:30 . 2010-08-07 16:13 -------- d-----w- c:\users\Thor\AppData\Roaming\Spyware Terminator
2010-09-29 17:06 . 2010-08-07 16:13 -------- d-----w- c:\program files\Spyware Terminator
2010-09-29 09:35 . 2010-08-07 16:35 -------- d-----w- c:\program files\CCleaner
2010-09-29 08:13 . 2010-08-05 10:41 -------- d-----w- c:\programdata\NVIDIA
2010-09-26 12:53 . 2010-08-07 16:13 -------- d-----w- c:\program files\WinClamAVShield
2010-08-29 13:39 . 2010-08-08 19:51 -------- d-----w- c:\program files\Seznam.cz
2010-08-29 13:36 . 2010-08-07 16:34 -------- d-----w- c:\program files\The KMPlayer
2010-08-29 13:36 . 2010-08-08 17:54 -------- d-----w- c:\program files\ICQ7.1
2010-08-29 13:36 . 2010-08-08 14:58 -------- d-----w- c:\program files\Common Files\Nokia
2010-08-29 13:36 . 2010-08-08 14:58 -------- d-----w- c:\program files\PC Connectivity Solution
2010-08-29 13:36 . 2010-08-05 10:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-08 17:58 . 2010-08-08 17:54 -------- d-----w- c:\users\Thor\AppData\Roaming\ICQ
2010-08-08 17:42 . 2010-08-08 17:42 -------- d-----w- c:\program files\MSXML 4.0
2010-08-08 15:31 . 2010-08-07 15:40 108824 ----a-w- c:\users\Thor\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-08 15:00 . 2010-08-08 14:59 -------- d-----w- c:\users\Thor\AppData\Roaming\Nokia
2010-08-08 15:00 . 2010-08-08 14:59 -------- d-----w- c:\programdata\PC Suite
2010-08-08 14:59 . 2010-08-08 14:58 -------- d-----w- c:\users\Thor\AppData\Roaming\PC Suite
2010-08-08 14:58 . 2010-08-08 14:58 -------- d-----w- c:\program files\Nokia
2010-08-08 14:57 . 2010-08-08 14:57 -------- d-----w- c:\programdata\Installations
2010-08-08 14:39 . 2010-08-08 12:02 -------- d-----w- c:\users\Thor\AppData\Roaming\Prison Break
2010-08-08 14:20 . 2010-08-07 16:54 -------- d-----w- c:\programdata\Microsoft Help
2010-08-08 14:17 . 2010-08-08 14:10 -------- d-----w- c:\program files\Microsoft Works
2010-08-08 14:10 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-08-08 14:07 . 2010-08-08 14:07 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-08 12:46 . 2010-08-08 12:46 -------- d-----w- c:\users\Thor\AppData\Roaming\Ubisoft
2010-08-08 12:05 . 2010-08-08 12:05 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-08-08 12:05 . 2010-08-08 12:05 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-08-08 12:04 . 2010-08-08 12:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-08 11:55 . 2010-08-08 11:03 -------- d-----w- c:\users\Thor\AppData\Roaming\DAEMON Tools Lite
2010-08-08 11:48 . 2010-08-05 10:13 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-08 11:28 . 2010-08-08 11:28 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-08-08 11:28 . 2010-08-08 11:28 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-08-08 11:05 . 2010-08-08 11:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-08-08 11:04 . 2010-08-08 11:04 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-08 11:04 . 2010-08-08 11:03 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-08-07 17:54 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-08-07 16:50 . 2010-08-07 16:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-07 16:13 . 2010-08-07 16:13 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-08-07 16:13 . 2010-08-07 16:13 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-08-07 16:13 . 2010-08-07 16:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-07 15:42 . 2010-08-07 15:42 -------- d-----w- c:\program files\TP-LINK
2010-08-07 15:40 . 2010-08-07 15:40 -------- d-----w- c:\users\Thor\AppData\Roaming\InstallShield
2010-08-05 10:13 . 2010-08-05 10:13 -------- d-----w- c:\program files\Realtek Sound Manager
2010-08-05 10:13 . 2010-08-05 10:13 -------- d-----w- c:\program files\AvRack
2010-08-05 10:01 . 2010-08-05 10:01 -------- d-----w- c:\program files\ESET
2010-08-05 09:58 . 2010-08-05 09:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-08-05 08:00 . 2010-08-05 08:00 -------- d-sh--we c:\programdata\Plocha
2010-08-05 08:00 . 2010-08-05 08:00 -------- d-sh--we c:\programdata\Oblíbené položky
2010-08-05 08:00 . 2010-08-05 08:00 -------- d-sh--we c:\programdata\Šablony
2010-08-05 08:00 . 2010-08-05 08:00 -------- d-sh--we c:\programdata\Nabídka Start
2010-08-05 08:00 . 2010-08-05 08:00 -------- d-sh--we c:\programdata\Dokumenty
2010-08-05 08:00 . 2010-08-05 08:00 -------- d-sh--we c:\programdata\Data aplikací
2010-07-29 06:30 . 2010-08-29 12:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-29 12:49 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-09 14:37 . 2010-07-09 14:37 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:37 . 2010-07-09 14:37 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:37 . 2010-07-09 14:37 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 14:37 . 2010-07-09 14:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-07 3037696]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-05-19 462104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-08-07 2176512]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanSetup]
rmdir [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrpConv]
grpconv.exe -o [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 05:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1812512]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-08-08 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-08-07 142592]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-11-16 38240]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {2481ECB0-272D-4DA0-8BA8-9A27E640F200} = 80.82.152.2,81.92.155.1
TCP: 4586F627 = 80.82.152.2,81.92.155.1
FF - ProfilePath - c:\users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\ve2d7kcb.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.seznam.cz/?sourceid=FFlisticka_1&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Revo Uninstaller - c:\program files\VS Revo Group\Revo Uninstaller\uninst.exe

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-10-02 08:32:39
ComboFix-quarantined-files.txt 2010-10-02 06:32

Před spuštěním: Volných bajtů: 57 439 842 304
Po spuštění: Volných bajtů: 57 354 682 368

- - End Of File - - 764F65E20FC8CB37C2D3D6E27CBE246B

#10 Příspěvek od **vyosek** » 02 říj 2010 08:10

Perou se Vam tam dva rezidentni stity - Spyware Terminatora a ESETu, takze ten ST vypneme - ST tak bude pouze na rucni skenovani

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
services.msc
```
Kliknete na OK
Najdete sluzby nize
Spyware Terminator Realtime Shield Service
NBService
U kazde provedte toto
- Klik na ni pravym mysidlem a zvolit Vlastnosti
- Nyní klik na Zastavit
- Typ spousteni nastavit na Zakazano
- Potvrdte kliknutim na OK

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"=-
"NeroFilterCheck"=-
"Malwarebytes Anti-Malware (reboot)"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanSetup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

killer. · #11 Příspěvek od **killer.** » 03 říj 2010 11:24

log z ComboFixu

ComboFix 10-10-01.07 - Thor 03.10.2010 11:38:14.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.1024.468 [GMT 2:00]
Spuštěný z: c:\users\Thor\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Thor\Desktop\CFScript.txt
SP: Spyware Terminator *disabled* (Outdated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-03 do 2010-10-03 )))))))))))))))))))))))))))))))
.

2010-10-03 09:43 . 2010-10-03 09:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-03 09:43 . 2010-10-03 09:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-02 06:32 . 2010-10-03 09:43 -------- d-----w- c:\users\Thor\AppData\Local\temp
2010-10-01 06:34 . 2010-10-01 06:34 -------- d-----w- c:\users\Thor\AppData\Roaming\Malwarebytes
2010-10-01 06:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 06:34 . 2010-10-01 06:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 06:34 . 2010-10-01 06:34 -------- d-----w- c:\programdata\Malwarebytes
2010-10-01 06:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-30 20:53 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-29 19:56 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 16:53 . 2010-09-29 16:54 -------- d-----w- c:\program files\trend micro
2010-09-29 16:53 . 2010-09-29 16:54 -------- d-----w- C:\rsit
2010-09-29 09:52 . 2010-09-29 15:33 -------- d-----w- c:\users\Thor\AppData\Roaming\Ahead
2010-09-29 09:51 . 2010-09-29 09:51 -------- d-----w- c:\programdata\Ahead
2010-09-29 09:48 . 2010-09-29 09:48 -------- d-----w- c:\programdata\Nero
2010-09-29 09:48 . 2010-09-29 09:48 -------- d-----w- c:\program files\Nero
2010-09-29 09:48 . 2010-09-29 09:50 -------- d-----w- c:\program files\Common Files\Ahead
2010-09-29 08:07 . 2010-09-29 08:07 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-09-29 07:38 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-26 13:51 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-26 13:51 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-26 13:51 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-26 13:51 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-26 13:51 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-26 13:51 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-26 13:51 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-26 13:51 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-26 13:51 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-26 13:51 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-26 13:51 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-26 13:51 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-26 13:39 . 2010-09-29 08:08 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-26 13:38 . 2010-09-26 13:38 -------- d-----w- c:\users\Thor\AppData\Local\2K Games
2010-09-26 12:58 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 09:18 . 2010-08-07 16:13 -------- d-----w- c:\users\Thor\AppData\Roaming\Spyware Terminator
2010-10-01 09:02 . 2010-08-07 16:36 -------- d-----w- c:\program files\VS Revo Group
2010-09-30 20:58 . 2009-07-14 08:44 631054 ----a-w- c:\windows\system32\perfh005.dat
2010-09-30 20:58 . 2009-07-14 08:44 121708 ----a-w- c:\windows\system32\perfc005.dat
2010-09-30 20:54 . 2010-08-08 14:09 -------- d-----w- c:\program files\Microsoft.NET
2010-09-30 19:22 . 2010-08-07 16:13 -------- d-----w- c:\programdata\Spyware Terminator
2010-09-29 17:06 . 2010-08-07 16:13 -------- d-----w- c:\program files\Spyware Terminator
2010-09-29 09:35 . 2010-08-07 16:35 -------- d-----w- c:\program files\CCleaner
2010-09-29 08:13 . 2010-08-05 10:41 -------- d-----w- c:\programdata\NVIDIA
2010-09-26 12:53 . 2010-08-07 16:13 -------- d-----w- c:\program files\WinClamAVShield
2010-08-29 13:39 . 2010-08-08 19:51 -------- d-----w- c:\program files\Seznam.cz
2010-08-29 13:36 . 2010-08-07 16:34 -------- d-----w- c:\program files\The KMPlayer
2010-08-29 13:36 . 2010-08-08 17:54 -------- d-----w- c:\program files\ICQ7.1
2010-08-29 13:36 . 2010-08-08 14:58 -------- d-----w- c:\program files\Common Files\Nokia
2010-08-29 13:36 . 2010-08-08 14:58 -------- d-----w- c:\program files\PC Connectivity Solution
2010-08-29 13:36 . 2010-08-05 10:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-08 17:58 . 2010-08-08 17:54 -------- d-----w- c:\users\Thor\AppData\Roaming\ICQ
2010-08-08 17:42 . 2010-08-08 17:42 -------- d-----w- c:\program files\MSXML 4.0
2010-08-08 15:31 . 2010-08-07 15:40 108824 ----a-w- c:\users\Thor\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-08 15:00 . 2010-08-08 14:59 -------- d-----w- c:\users\Thor\AppData\Roaming\Nokia
2010-08-08 15:00 . 2010-08-08 14:59 -------- d-----w- c:\programdata\PC Suite
2010-08-08 14:59 . 2010-08-08 14:58 -------- d-----w- c:\users\Thor\AppData\Roaming\PC Suite
2010-08-08 14:58 . 2010-08-08 14:58 -------- d-----w- c:\program files\Nokia
2010-08-08 14:57 . 2010-08-08 14:57 -------- d-----w- c:\programdata\Installations
2010-08-08 14:39 . 2010-08-08 12:02 -------- d-----w- c:\users\Thor\AppData\Roaming\Prison Break
2010-08-08 14:20 . 2010-08-07 16:54 -------- d-----w- c:\programdata\Microsoft Help
2010-08-08 14:17 . 2010-08-08 14:10 -------- d-----w- c:\program files\Microsoft Works
2010-08-08 14:10 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-08-08 14:07 . 2010-08-08 14:07 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-08 12:46 . 2010-08-08 12:46 -------- d-----w- c:\users\Thor\AppData\Roaming\Ubisoft
2010-08-08 12:05 . 2010-08-08 12:05 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-08-08 12:05 . 2010-08-08 12:05 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-08-08 12:04 . 2010-08-08 12:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-08 11:55 . 2010-08-08 11:03 -------- d-----w- c:\users\Thor\AppData\Roaming\DAEMON Tools Lite
2010-08-08 11:48 . 2010-08-05 10:13 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-08 11:28 . 2010-08-08 11:28 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-08-08 11:28 . 2010-08-08 11:28 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-08-08 11:05 . 2010-08-08 11:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-08-08 11:04 . 2010-08-08 11:04 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-08 11:04 . 2010-08-08 11:03 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-08-07 17:54 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-08-07 16:50 . 2010-08-07 16:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-07 16:13 . 2010-08-07 16:13 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-08-07 16:13 . 2010-08-07 16:13 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-08-07 16:13 . 2010-08-07 16:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-07 15:42 . 2010-08-07 15:42 -------- d-----w- c:\program files\TP-LINK
2010-08-07 15:40 . 2010-08-07 15:40 -------- d-----w- c:\users\Thor\AppData\Roaming\InstallShield
2010-08-05 10:13 . 2010-08-05 10:13 -------- d-----w- c:\program files\Realtek Sound Manager
2010-08-05 10:13 . 2010-08-05 10:13 -------- d-----w- c:\program files\AvRack
2010-08-05 10:01 . 2010-08-05 10:01 -------- d-----w- c:\program files\ESET
2010-08-05 09:58 . 2010-08-05 09:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-08-05 08:00 . 2010-08-05 08:00 -------- d-sh--we c:\programdata\Plocha
2010-08-05 08:00 . 2010-08-05 08:00 -------- d-sh--we c:\programdata\Oblíbené položky
2010-08-05 08:00 . 2010-08-05 08:00 -------- d-sh--we c:\programdata\Šablony
2010-08-05 08:00 . 2010-08-05 08:00 -------- d-sh--we c:\programdata\Nabídka Start
2010-08-05 08:00 . 2010-08-05 08:00 -------- d-sh--we c:\programdata\Dokumenty
2010-08-05 08:00 . 2010-08-05 08:00 -------- d-sh--we c:\programdata\Data aplikací
2010-07-29 06:30 . 2010-08-29 12:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-29 12:49 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-09 14:37 . 2010-07-09 14:37 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:37 . 2010-07-09 14:37 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:37 . 2010-07-09 14:37 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 14:37 . 2010-07-09 14:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-05-19 462104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrpConv]
grpconv.exe -o [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 05:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-08-08 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-08-07 142592]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-11-16 38240]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1812512]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {2481ECB0-272D-4DA0-8BA8-9A27E640F200} = 80.82.152.2,81.92.155.1
TCP: 4586F627 = 80.82.152.2,81.92.155.1
FF - ProfilePath - c:\users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\ve2d7kcb.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.seznam.cz/?sourceid=FFlisticka_1&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
Celkový čas: 2010-10-03 11:45:59
ComboFix-quarantined-files.txt 2010-10-03 09:45
ComboFix2.txt 2010-10-02 06:32

Před spuštěním: Volných bajtů: 57 266 135 040
Po spuštění: Volných bajtů: 57 222 860 800

- - End Of File - - 7BD8B4B03BA577DF1FF8525AF1E0BE38

#12 Příspěvek od **vyosek** » 03 říj 2010 11:56

Jak se chova PC

killer. · #13 Příspěvek od **killer.** » 03 říj 2010 14:46

no ja myslim ze to ted je lepsi

to budu testovat,kdyz by se neco pokadilo,dam Vam vedet.Diky moc

#14 Příspěvek od **vyosek** » 03 říj 2010 16:07

Jeste jej tedy vycistime od utilit

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Vlozte novy log ze RSIT

killer. · #15 Příspěvek od **killer.** » 03 říj 2010 18:30

log RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by Thor at 2010-10-03 19:28:04
Microsoft Windows 7 Ultimate
System drive C: has 57 GB (74%) free of 76 GB
Total RAM: 1024 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:28:19, on 3.10.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Seznam.cz\postak.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Thor\Desktop\RSIT.exe
C:\Program Files\trend micro\Thor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2481ECB0-272D-4DA0-8BA8-9A27E640F200}: NameServer = 80.82.152.2,81.92.155.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2481ECB0-272D-4DA0-8BA8-9A27E640F200}: NameServer = 80.82.152.2,81.92.155.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2481ECB0-272D-4DA0-8BA8-9A27E640F200}: NameServer = 80.82.152.2,81.92.155.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 3565 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2010-05-19 1117976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-08-07 2176512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-05-19 462104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrpConv]
grpconv.exe -o []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\Windows\SOUNDMAN.EXE [2009-04-14 604704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-10-03 19:28:04 ----D---- C:\rsit
2010-10-03 11:45:17 ----SHD---- C:\$RECYCLE.BIN
2010-10-02 08:30:27 ----D---- C:\Windows\temp
2010-10-02 08:23:18 ----D---- C:\Windows\ERDNT
2010-10-01 08:34:37 ----D---- C:\Users\Thor\AppData\Roaming\Malwarebytes
2010-10-01 08:34:27 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-10-01 08:34:25 ----D---- C:\ProgramData\Malwarebytes
2010-10-01 08:34:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-01 08:34:25 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-09-30 22:53:29 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2010-09-30 21:21:20 ----D---- C:\Windows\Minidump
2010-09-29 21:56:35 ----A---- C:\Windows\system32\drivers\ks.sys
2010-09-29 18:53:48 ----D---- C:\Program Files\trend micro
2010-09-29 11:52:26 ----D---- C:\Users\Thor\AppData\Roaming\Ahead
2010-09-29 11:51:11 ----D---- C:\ProgramData\Ahead
2010-09-29 11:48:42 ----D---- C:\ProgramData\Nero
2010-09-29 11:48:42 ----D---- C:\Program Files\Nero
2010-09-29 11:48:41 ----D---- C:\Program Files\Common Files\Ahead
2010-09-29 10:07:53 ----D---- C:\ProgramData\NVIDIA Corporation
2010-09-29 09:38:01 ----A---- C:\Windows\system32\tzres.dll
2010-09-26 16:06:48 ----A---- C:\Windows\system32\iertutil.dll
2010-09-26 15:51:07 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-09-26 15:51:07 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-09-26 15:51:06 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-09-26 15:51:06 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-09-26 15:51:06 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-09-26 15:51:06 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-09-26 15:51:06 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-09-26 15:51:05 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-09-26 15:51:05 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-09-26 15:51:05 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-09-26 15:51:04 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-09-26 15:51:04 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-09-26 15:39:21 ----D---- C:\Program Files\NVIDIA Corporation
2010-09-26 14:58:11 ----A---- C:\Windows\system32\spoolsv.exe

======List of files/folders modified in the last 1 months======

2010-10-03 19:28:17 ----D---- C:\Windows\Prefetch
2010-10-03 19:27:15 ----D---- C:\Windows
2010-10-03 19:24:05 ----D---- C:\Windows\system32\config
2010-10-03 19:17:04 ----SHD---- C:\System Volume Information
2010-10-03 18:41:39 ----D---- C:\ProgramData\Spyware Terminator
2010-10-03 12:08:56 ----D---- C:\ProgramData\NVIDIA
2010-10-03 12:05:25 ----SHD---- C:\Windows\Installer
2010-10-03 12:04:34 ----D---- C:\Windows\System32
2010-10-03 11:43:45 ----A---- C:\Windows\system.ini
2010-10-03 11:41:14 ----D---- C:\Windows\system32\drivers
2010-10-03 11:41:14 ----D---- C:\Windows\AppPatch
2010-10-03 11:41:12 ----D---- C:\Program Files\Common Files
2010-10-03 11:18:29 ----D---- C:\Users\Thor\AppData\Roaming\Spyware Terminator
2010-10-02 08:30:29 ----D---- C:\Windows\system32\drivers\etc
2010-10-02 08:17:33 ----D---- C:\Windows\system32\NDF
2010-10-02 08:17:22 ----D---- C:\Program Files\Mozilla Firefox
2010-10-01 11:38:05 ----D---- C:\Windows\PLA
2010-10-01 11:03:42 ----D---- C:\Windows\system32\Tasks
2010-10-01 11:02:18 ----D---- C:\Program Files\VS Revo Group
2010-10-01 10:30:54 ----D---- C:\Windows\rescache
2010-10-01 08:54:55 ----D---- C:\Windows\Microsoft.NET
2010-10-01 08:54:47 ----RSD---- C:\Windows\assembly
2010-10-01 08:34:25 ----RD---- C:\Program Files
2010-10-01 08:34:25 ----D---- C:\ProgramData
2010-09-30 23:03:00 ----D---- C:\Windows\winsxs
2010-09-30 23:01:15 ----D---- C:\Windows\system32\DriverStore
2010-09-30 22:58:56 ----D---- C:\Windows\system32\cs-CZ
2010-09-30 22:58:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-30 22:58:15 ----D---- C:\Windows\inf
2010-09-30 22:54:40 ----D---- C:\Windows\system32\en-US
2010-09-30 22:54:33 ----D---- C:\Program Files\Microsoft.NET
2010-09-30 22:53:32 ----D---- C:\Windows\system32\catroot
2010-09-30 19:28:19 ----D---- C:\Windows\system32\catroot2
2010-09-29 21:55:56 ----D---- C:\Program Files\Internet Explorer
2010-09-29 19:06:58 ----D---- C:\Program Files\Spyware Terminator
2010-09-29 12:27:05 ----D---- C:\Windows\debug
2010-09-29 11:50:25 ----D---- C:\Windows\ehome
2010-09-29 11:35:05 ----D---- C:\Program Files\CCleaner
2010-09-26 16:07:05 ----A---- C:\Windows\system32\MRT.exe
2010-09-26 15:49:36 ----D---- C:\Windows\Logs
2010-09-26 14:53:39 ----D---- C:\Program Files\WinClamAVShield
2010-09-08 09:47:45 ----D---- C:\Windows\system32\wdi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-08 691696]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-08-07 142592]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-08-08 281760]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-11-16 135048]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-11-16 38240]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-08-08 25888]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2009-06-18 4172832]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver; C:\Windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1812512]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 axwqe3he;axwqe3he; C:\Windows\system32\drivers\axwqe3he.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 GVCplDrv;GVCplDrv; C:\Windows\system32\drivers\GVCplDrv.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-08-07 488960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1343400]

-----------------EOF-----------------
Diky moc

VIRY.CZ

prosim o kontrolu

prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu