samovolne spusteny prehliadac (na pozadi?)

[pecko77]

som zufalý..

v taskmng mi ukazuje aktivny prehliadac pricom ho vobec nemam spusteny.. ked mu dam ukoncit proces tak zacne nabehovat google.exe asi 5x a potom sa znovu spusti prehliadac (to je jedno aky,robil to aj firefox aj explorer aj chrome)...

a neda sa mi vymazat wi-fi siet z managera bezdrotovych sieti...myslim ze to bude spolu suvisiet..

mohol by to spopsobovat nejaky virus? alebo nebola ukoncena nejaka aktualizacia prostrednictvom toho wi-fi pripojenia a tak sa to snazi tvrdohlavo dokoncit?

neviem...som v koncoch...

prosiim

[motji]

Hezké odpoledne

Můžu poprosit o log ze Rsitu, viz můj podpis?

[pecko77]

mas na mysli komplet cely log?
Logfile of random's system information tool 1.06 (written by random/random)
Run by evka at 2010-04-06 17:33:35
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 42 GB (61%) free of 69 GB
Total RAM: 892 MB (32% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{787AC205-0A23-473A-AD5A-F23279D01D7F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2009-05-24 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2009-05-24 503808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4702208]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"OSD"=C:\Program Files\C&E\OSD\osd.exe [2007-08-28 671801]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"Wireless Manager"=C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe [2008-05-26 585728]
"google"=C:\Users\evka\AppData\Roaming\google\google.exe [2005-05-30 627712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"OEXPRESS"= []
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-04-18 321344]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"google"=C:\Users\evka\AppData\Roaming\google\google.exe [2005-05-30 627712]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{348646a8-f558-11dd-84e8-00030d88030b}]
shell\AutoRun\command - WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59f13086-3025-11de-86d7-00030d88030b}]
shell\AutoRun\command - D:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-04-06 17:33:37 ----D---- C:\Program Files\trend micro
2010-04-06 17:33:35 ----D---- C:\rsit
2010-04-05 09:15:38 ----D---- C:\Windows\system32\eu-ES
2010-04-05 09:15:38 ----D---- C:\Windows\system32\ca-ES
2010-04-05 09:15:36 ----D---- C:\Windows\system32\vi-VN
2010-04-04 23:17:20 ----D---- C:\Program Files\Lavalys
2010-04-04 20:25:06 ----D---- C:\Windows\system32\EventProviders
2010-03-31 13:05:17 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 13:05:15 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 13:05:05 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 13:05:02 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 13:04:56 ----A---- C:\Windows\system32\ieapfltr.dll
2010-03-31 13:04:54 ----A---- C:\Windows\system32\mshtmled.dll
2010-03-31 13:04:48 ----A---- C:\Windows\system32\ieui.dll
2010-03-31 13:04:46 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 13:04:41 ----A---- C:\Windows\system32\ieencode.dll
2010-03-30 15:31:21 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-30 15:31:10 ----A---- C:\Windows\system32\httpapi.dll
2010-03-09 13:22:05 ----A---- C:\Windows\system32\winhttp.dll
2010-03-08 19:04:50 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-08 09:57:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-03-08 09:57:14 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-03-08 09:57:07 ----A---- C:\Windows\system32\kerberos.dll
2010-03-08 09:57:02 ----A---- C:\Windows\system32\schannel.dll
2010-03-07 20:03:10 ----A---- C:\Windows\system32\tzres.dll
2010-03-07 20:00:47 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-03-07 20:00:47 ----A---- C:\Windows\system32\RMActivate.exe
2010-03-07 20:00:45 ----A---- C:\Windows\system32\secproc_isv.dll
2010-03-07 20:00:45 ----A---- C:\Windows\system32\secproc.dll
2010-03-07 20:00:44 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-03-07 20:00:42 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-03-07 20:00:40 ----A---- C:\Windows\system32\msdrm.dll
2010-03-07 20:00:39 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-03-07 20:00:39 ----A---- C:\Windows\system32\secproc_ssp.dll

======List of files/folders modified in the last 1 months======

2010-04-06 17:33:37 ----RD---- C:\Program Files
2010-04-06 17:32:49 ----D---- C:\Windows\Temp
2010-04-06 17:26:23 ----D---- C:\Users\evka\AppData\Roaming\DNA
2010-04-06 17:11:03 ----D---- C:\Windows\System32
2010-04-06 17:11:03 ----D---- C:\Windows\inf
2010-04-06 17:11:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-06 17:07:08 ----SHD---- C:\Windows\Installer
2010-04-06 17:07:07 ----D---- C:\Windows\winsxs
2010-04-06 16:45:52 ----D---- C:\Program Files\DNA
2010-04-06 16:10:20 ----D---- C:\Windows\system32\catroot
2010-04-06 15:07:09 ----D---- C:\Windows\Prefetch
2010-04-06 14:39:32 ----D---- C:\Windows
2010-04-06 14:35:30 ----D---- C:\Program Files\Google
2010-04-06 14:33:29 ----HD---- C:\ProgramData
2010-04-06 14:33:28 ----D---- C:\Windows\Tasks
2010-04-05 23:33:11 ----D---- C:\Windows\Minidump
2010-04-05 23:33:11 ----D---- C:\Windows\Debug
2010-04-05 20:42:37 ----D---- C:\Program Files\Mozilla Firefox
2010-04-05 20:38:02 ----RD---- C:\Users
2010-04-05 20:34:19 ----D---- C:\Program Files\CCleaner
2010-04-05 18:52:57 ----D---- C:\Windows\rescache
2010-04-05 09:34:35 ----D---- C:\Windows\Microsoft.NET
2010-04-05 09:28:47 ----RSD---- C:\Windows\assembly
2010-04-05 09:24:23 ----D---- C:\Windows\system32\catroot2
2010-04-05 09:16:32 ----D---- C:\Program Files\Windows Sidebar
2010-04-05 09:16:32 ----D---- C:\Program Files\Windows Mail
2010-04-05 09:16:32 ----D---- C:\Program Files\Windows Calendar
2010-04-05 09:16:32 ----D---- C:\Program Files\Movie Maker
2010-04-05 09:16:32 ----D---- C:\Program Files\Internet Explorer
2010-04-05 09:16:31 ----D---- C:\Program Files\Windows Media Player
2010-04-05 09:16:31 ----D---- C:\Program Files\Windows Collaboration
2010-04-05 09:16:30 ----D---- C:\Program Files\Windows Journal
2010-04-05 09:16:29 ----D---- C:\Program Files\Windows Photo Gallery
2010-04-05 09:16:29 ----D---- C:\Program Files\Common Files\System
2010-04-05 09:16:28 ----D---- C:\Windows\servicing
2010-04-05 09:16:28 ----D---- C:\Program Files\Windows Defender
2010-04-05 09:16:27 ----D---- C:\Windows\ehome
2010-04-05 09:16:23 ----D---- C:\Windows\IME
2010-04-05 09:16:22 ----D---- C:\Windows\system32\XPSViewer
2010-04-05 09:16:22 ----D---- C:\Windows\system32\sk-SK
2010-04-05 09:16:22 ----D---- C:\Windows\system32\lv-LV
2010-04-05 09:16:22 ----D---- C:\Windows\system32\ko-KR
2010-04-05 09:16:22 ----D---- C:\Windows\system32\hr-HR
2010-04-05 09:16:22 ----D---- C:\Windows\system32\et-EE
2010-04-05 09:16:22 ----D---- C:\Windows\system32\da-DK
2010-04-05 09:16:21 ----D---- C:\Windows\system32\en-US
2010-04-05 09:16:19 ----D---- C:\Windows\system32\oobe
2010-04-05 09:16:19 ----D---- C:\Windows\system32\migration
2010-04-05 09:16:19 ----D---- C:\Windows\system32\it-IT
2010-04-05 09:16:19 ----D---- C:\Windows\system32\el-GR
2010-04-05 09:16:19 ----D---- C:\Windows\system32\de-DE
2010-04-05 09:16:18 ----D---- C:\Windows\system32\sv-SE
2010-04-05 09:16:18 ----D---- C:\Windows\system32\SLUI
2010-04-05 09:16:18 ----D---- C:\Windows\system32\setup
2010-04-05 09:16:18 ----D---- C:\Windows\system32\ru-RU
2010-04-05 09:16:18 ----D---- C:\Windows\system32\pt-PT
2010-04-05 09:16:18 ----D---- C:\Windows\system32\hu-HU
2010-04-05 09:16:18 ----D---- C:\Windows\system32\he-IL
2010-04-05 09:16:18 ----D---- C:\Windows\system32\fr-FR
2010-04-05 09:16:18 ----D---- C:\Windows\system32\fi-FI
2010-04-05 09:16:18 ----D---- C:\Windows\system32\cs-CZ
2010-04-05 09:16:18 ----D---- C:\Windows\system32\AdvancedInstallers
2010-04-05 09:16:17 ----D---- C:\Windows\system32\zh-TW
2010-04-05 09:16:17 ----D---- C:\Windows\system32\zh-CN
2010-04-05 09:16:17 ----D---- C:\Windows\system32\sr-Latn-CS
2010-04-05 09:16:17 ----D---- C:\Windows\system32\sl-SI
2010-04-05 09:16:17 ----D---- C:\Windows\system32\manifeststore
2010-04-05 09:16:17 ----D---- C:\Windows\system32\es-ES
2010-04-05 09:16:17 ----D---- C:\Windows\system32\en
2010-04-05 09:16:16 ----D---- C:\Windows\system32\uk-UA
2010-04-05 09:16:16 ----D---- C:\Windows\system32\tr-TR
2010-04-05 09:16:16 ----D---- C:\Windows\system32\th-TH
2010-04-05 09:16:16 ----D---- C:\Windows\system32\ro-RO
2010-04-05 09:16:16 ----D---- C:\Windows\system32\pl-PL
2010-04-05 09:16:16 ----D---- C:\Windows\system32\ja-JP
2010-04-05 09:16:16 ----D---- C:\Windows\system32\drivers
2010-04-05 09:16:16 ----D---- C:\Windows\system32\bg-BG
2010-04-05 09:16:15 ----D---- C:\Windows\system32\wbem
2010-04-05 09:16:14 ----D---- C:\Windows\system32\pt-BR
2010-04-05 09:16:14 ----D---- C:\Windows\system32\nl-NL
2010-04-05 09:16:14 ----D---- C:\Windows\system32\nb-NO
2010-04-05 09:16:14 ----D---- C:\Windows\system32\migwiz
2010-04-05 09:16:14 ----D---- C:\Windows\system32\lt-LT
2010-04-05 09:16:14 ----D---- C:\Windows\system32\ar-SA
2010-04-05 09:15:45 ----RSD---- C:\Windows\Fonts
2010-04-05 09:15:45 ----D---- C:\Windows\AppPatch
2010-04-05 09:15:36 ----D---- C:\Windows\system32\Boot
2010-04-05 09:13:51 ----D---- C:\Windows\system32\RTCOM
2010-04-05 08:35:48 ----SHD---- C:\System Volume Information
2010-04-04 22:34:08 ----D---- C:\PerfLogs
2010-03-30 15:36:05 ----D---- C:\ProgramData\Microsoft Help
2010-03-08 13:50:52 ----D---- C:\Windows\Logs
2010-03-08 10:00:13 ----D---- C:\Windows\PolicyDefinitions
2010-03-08 03:29:31 ----D---- C:\Windows\system32\config
2010-03-08 03:29:10 ----D---- C:\Windows\system32\Msdtc
2010-03-08 03:29:02 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R3 AFGSp50;AFGSp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGSp50.sys [2008-05-26 27072]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Users\evka\AppData\Local\Temp\EverestDriver.sys [2009-10-02 27248]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-08-07 51712]
R3 SiS6350;SiS6350; C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-08-24 452096]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 AFGMp50;AFGMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGMp50.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-07-27 351232]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 46592]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2007-11-15 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 AffinegyService;AffinegyService; C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe [2008-05-26 143360]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate1c98e15fd715f68;Google Update Service (gupdate1c98e15fd715f68); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-13 133104]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


no ak toto niekomu pomoze...

[motji]

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[pecko77]

no idem skusit

vypisalo mi ze mam spusteny avast antivirus a avast antispyware..ze su stale aktivne...ale ja som ten avast vypinal...

antivirus: avast! antivirus 4.8.1368.[VPS 100224-1]
antispyware:avast! antivirus 4.8.1368 [VPS 100224-1]

nemam ani v task manageri nic o avaste...
no teda,je tam nieco, ale avast mam vypnuty


mam skusit pokracovat alebo to este resetnem? mozem zresetovat cely ntb? uz ked sa rozbehol ten program?

radkine... pomoooc

[motji]

Omlouvám se, ale když editujete, tak nevidím, že jste něco připsal .
Hlášku ignorujte a pokračujte dál

[pecko77]

v pohodicke hnevat ani nadavat nemozem,naopak som vdacny za kazdu radu.. nevedel som ci mozem pokracovat alebo nie..ked ono to tak neprijemne kvicalo

[motji]

to je celý combofix. Pak sem vložte log

[pecko77]

asi to nebude take jednoduche...
vyhodilo okno: Find String (QGREP) Utilôity has stoped working... a ked som klikol zatvorit program tak to po chvilke vyskocilo znovu...

co to moze byt a co s tym mam robit

sme na Completed 7 stage


tak som to zatvoril znovu a bezi to dalej..ten ComboFix
Stage 50

[motji]

po 50. se má combofix restartovat a vyhodit log.

[pecko77]

ahoj
no skoncilo ale kym urobil ten log tak mu to trvalo vecnost...

nakoniec sa mu to podarilo,takze tu to je

ComboFix 10-04-05.06 - evka . 04. 2010 22:54:53.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.892.215 [GMT 2:00]
Running from: c:\users\evka\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100224-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1368 [VPS 100224-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1730723268-729224220-3052934918-1001
c:\$recycle.bin\S-1-5-21-1730723268-729224220-3052934918-1002
c:\$recycle.bin\S-1-5-21-2139252429-1018222934-1169608220-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-989277652-2162823783-38786344-500

.
((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-06 21:45 . 2010-04-06 21:47 -------- d-----w- c:\users\evka\AppData\Local\temp
2010-04-06 21:45 . 2010-04-06 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-06 15:55 . 2008-05-02 14:07 48128 ----a-w- c:\windows\system32\drivers\SiSGB6.sys
2010-04-06 15:33 . 2010-04-06 15:33 -------- d-----w- c:\program files\trend micro
2010-04-06 15:33 . 2010-04-06 15:34 -------- d-----w- C:\rsit
2010-04-05 07:15 . 2010-04-05 07:16 -------- d-----w- c:\windows\system32\ca-ES
2010-04-05 07:15 . 2010-04-05 07:16 -------- d-----w- c:\windows\system32\eu-ES
2010-04-05 07:15 . 2010-04-05 07:16 -------- d-----w- c:\windows\system32\vi-VN
2010-04-04 21:17 . 2010-04-04 21:17 -------- d-----w- c:\program files\Lavalys
2010-04-04 18:25 . 2010-04-04 18:25 -------- d-----w- c:\windows\system32\EventProviders
2010-03-31 11:05 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-31 11:04 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-30 13:31 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-30 13:31 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-30 13:31 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-09 11:22 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-03-08 17:04 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-08 07:57 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-08 07:57 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-08 07:57 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-03-08 07:57 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-03-08 07:54 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 21:48 . 2009-04-18 19:21 -------- d-----w- c:\users\evka\AppData\Roaming\DNA
2010-04-06 19:37 . 2009-04-18 19:21 -------- d-----w- c:\program files\DNA
2010-04-06 15:55 . 2007-12-11 07:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 12:39 . 2009-02-13 20:01 -------- d-----w- c:\program files\Google
2010-04-05 18:34 . 2009-05-22 13:03 -------- d-----w- c:\program files\CCleaner
2010-04-05 17:13 . 2009-02-07 20:10 86960 ----a-w- c:\users\evka\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-05 07:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-05 07:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-05 07:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-05 07:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-05 07:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-05 07:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-05 07:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-05 07:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-02 14:54 . 2010-04-02 14:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-31 10:38 . 2010-03-31 10:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-03-30 13:36 . 2007-12-12 16:17 -------- d-----w- c:\programdata\Microsoft Help
2010-02-25 13:47 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-02-25 13:46 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-02-24 08:16 . 2009-10-24 19:43 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 15:19 . 2010-02-23 15:17 -------- d-----w- c:\program files\DivX
2010-02-23 15:18 . 2010-02-23 15:18 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-23 15:18 . 2010-02-23 15:17 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-25 12:00 . 2010-03-07 18:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-03-07 18:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-03-07 18:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-03-07 18:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-03-07 18:00 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-03-07 18:00 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-03-07 18:00 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-03-07 18:00 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-03-07 18:00 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-03-07 18:03 2048 ----a-w- c:\windows\system32\tzres.dll
2007-11-15 15:50 . 2007-03-07 12:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-04-06 323392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"google"="c:\users\evka\AppData\Roaming\google\google.exe" [2005-05-30 627712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"OSD"="c:\program files\C&E\OSD\osd.exe" [2007-08-28 671801]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"google"="c:\users\evka\AppData\Roaming\google\google.exe" [2005-05-30 627712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\d:\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):bb,51,39,f6,90,d4,ca,01

R2 gupdate1c98e15fd715f68;Google Update Service (gupdate1c98e15fd715f68);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 133104]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-07-27 351232]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-08-07 283136]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-08-24 452096]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-05-02 48128]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{SNIFW2PN-XQJW-0RWX-DTP3-TUQ0EV3710VY}]
2005-05-30 11:09 627712 --sh--r- c:\users\evka\AppData\Roaming\google\google.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 20:02]

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 20:02]

2010-04-06 c:\windows\Tasks\User_Feed_Synchronization-{787AC205-0A23-473A-AD5A-F23279D01D7F}.job
- c:\windows\system32\msfeedssync.exe [2009-02-16 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 164.38.33.5:8080
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-OEXPRESS - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 23:46
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-07 00:13:00
ComboFix-quarantined-files.txt 2010-04-06 22:00

Pre-Run: 42 012 393 472 bytes free
Post-Run: 42 026 110 976 bytes free

- - End Of File - - F0D10705970081AE7835E736FD86CA64

[motji]

Znáte tuto složku?
C:\Windows\system32\EventProviders

Používáte pamětové karty, USBklíče, externí disky?

jak to vypadá s počítačem ted?

[pecko77]

ahoj , ntb je mojej mamy,tu zlozku tam ma,neviem co to je ,je v nej asi 5 adresarov s asi jazykovou lokaciou (de,en,es,fr,ja) a kniznica spcmsg s podpisom od microsoftu a vsetky tie externe ulozista pouzivala urcite (aj ja teraz usbklic,na prenos tych logov)..

novinky mam.. teploty sa mi podarilo odstranit (mala na total upchaty chladic ) a podarilo sa mi odstranit aj tu wi-fi siet..ona tam mala nainstalovany este nejaky wireless manager od Virgin a tam malu tu svoju wi-fi siet ulozenu a ten mal preavdepodobne vyssiu prioritu ako ten windowsacky..lebo ked som ten virgin odstranil tak uz mi tam ta jej stara siet nenaskakuje..

problem uz len je to automaticke spustenie prohlizece a procesor 100%,konstantnych - pozrel som aj konfigsys a tam je v STARTUPe vypisany aj nejaky google,2 krat, location: c:\User\evka\AppData\Roaming\google\google.exe....ale ked som pozrel tu cestu tak tam ziadny adresar google nie je..mam zobrazene aj skryte subory..neviem...


je nejaky problem s tou zlozkou EventProviders? a tie ext. media?

[motji]

Se složkou problémy nejsou.
V počítači byl vir, který se přenáší přes USBklíče a pod, proto bych to ráda prověřila .

Zapojte do pc všechny usb klíče, flashky...co používáte

Stáhněte na plochu UsbFix
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt

[pecko77]

hm..parada takze je moznost ze sa mi to nasackovalo aj do tohto mojho PC
idem to skusit...

hm..teda, to je potom riadny AIDS-ak..ona tie svoje ext. ulozista ma v anglicku..

tak ja tam teda pichnem svoj usbklic a extHDD, do toho jej ntb,tak? idem sa presunut na ten ntb nech to nemusim prenasat stale..

som z toho vylakany
a tento usbfix by si mala urobit aj ona na svojomnovom ntb so svojimi flashkami a hdd,ze?
chcem sa este spytat, uz to dokoncilo, mam im odoslat ten zazipovany subor?