Dobrý den,
poslední dobou se mi počítač seká kdykoliv se připojí něco nového (internet, USB flash disk) nebo když je zapnut delé,
zde je log:
Logfile of random's system information tool 1.07 (written by random/random)
Run by Karel at 2010-07-19 11:28:47
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 170 GB (56%) free of 305 GB
Total RAM: 2814 MB (66% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe []
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2008-12-19 83336]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2010-01-13 13605408]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2010-01-13 92704]
"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2008-04-29 49928]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]
"LosAlamos"=C:\Windows\system32\sshnas21.dll,AttachConsoleA []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2008-04-29 96008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1eae346f-10b8-11df-bfd6-002185dcd158}]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73505946-028a-11df-87f5-002185dcd158}]
shell\AutoRun\command - F:\EmDesk.exe
shell\EmDesk\command - F:\EmDesk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7614ac16-029a-11df-b706-002185dcd158}]
shell\AutoRun\command - E:\AUTOSTARTER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a865cf00-028e-11df-99aa-002185dcd158}]
shell\AutoRun\command - F:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2010-07-19 11:25:22 ----D---- C:\Program Files\trend micro
2010-07-19 11:25:21 ----D---- C:\rsit
2010-07-19 11:15:21 ----A---- C:\Windows\ntbtlog.txt
2010-07-10 16:07:17 ----D---- C:\Windows\system32\appmgmt
2010-06-26 18:57:42 ----D---- C:\Users\Karel\AppData\Roaming\InstallShield Installation Information
2010-06-26 18:57:27 ----D---- C:\Program Files\Rockstar Games
2010-06-24 23:11:44 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-24 23:11:44 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-24 23:11:44 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-24 23:11:44 ----A---- C:\Windows\system32\mscoree.dll
2010-06-24 23:11:44 ----A---- C:\Windows\system32\dfshim.dll
2010-06-24 16:50:03 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-06-24 16:50:02 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
======List of files/folders modified in the last 1 months======
2010-07-19 11:28:41 ----D---- C:\Windows\Temp
2010-07-19 11:28:29 ----D---- C:\Windows\System32
2010-07-19 11:28:28 ----D---- C:\Windows\inf
2010-07-19 11:28:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-19 11:25:23 ----D---- C:\Windows\Prefetch
2010-07-19 11:25:22 ----RD---- C:\Program Files
2010-07-19 11:18:50 ----D---- C:\Program Files\The KMPlayer
2010-07-19 11:15:21 ----D---- C:\Windows
2010-07-18 22:04:26 ----D---- C:\Users\Karel\AppData\Roaming\Skype
2010-07-18 16:05:00 ----D---- C:\Users\Karel\AppData\Roaming\skypePM
2010-07-18 11:54:54 ----D---- C:\Users\Karel\AppData\Roaming\Vso
2010-07-16 22:08:43 ----D---- C:\Windows\Minidump
2010-07-16 21:28:37 ----SHD---- C:\System Volume Information
2010-07-15 21:27:06 ----D---- C:\Windows\system32\catroot2
2010-07-14 18:45:20 ----D---- C:\Windows\winsxs
2010-07-14 13:38:57 ----D---- C:\Windows\system32\catroot
2010-07-14 13:38:51 ----D---- C:\Program Files\Windows Mail
2010-07-10 16:07:17 ----SHD---- C:\Windows\Installer
2010-07-10 16:07:15 ----RD---- C:\Program Files\Skype
2010-07-10 16:05:50 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-02 21:39:05 ----A---- C:\Windows\system32\mrt.exe
2010-07-02 14:28:17 ----D---- C:\Users\Karel\AppData\Roaming\Protector Suite
2010-06-27 14:18:08 ----D---- C:\Program Files\Mozilla Firefox
2010-06-26 10:11:02 ----D---- C:\Users\Karel\AppData\Roaming\uTorrent
2010-06-24 23:12:31 ----D---- C:\Windows\AppPatch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-21 350720]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-02-19 63872]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-01-16 281760]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-01-16 25888]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-21 50704]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2010-01-13 54784]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2010-01-13 97536]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2009-09-09 576000]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-01-13 45600]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-01-13 7541856]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-04-01 14848]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-01-16 47360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-01-13 142848]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2010-01-13 1097856]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-06-02 50576]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 a0hcpn1g;a0hcpn1g; C:\Windows\system32\drivers\a0hcpn1g.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-10-06 137984]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2009-03-03 36864]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2009-03-05 74368]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-03-12 16128]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2009-03-23 54272]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2009-03-19 43264]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-09-29 65024]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-10-31 124960]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-01-13 203296]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-03-17 144752]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-21 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-21 917504]
-----------------EOF-----------------
P.S. při zapnutí divně hučí větráky dřív takle hlasitě nehučely, možná za to můžou větráky.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Podezření na vir
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Podezření na vir
ahoj,
mas tam pliagu
stiahni a uloz na plochu ComboFix
potom spust pod uctom s administratorskym opravnenim
akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie
Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.
po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)
mas tam pliagu
stiahni a uloz na plochu ComboFix
potom spust pod uctom s administratorskym opravnenim
akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie
Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.
po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Podezření na vir
zde je:
ComboFix 10-07-19.02 - Karel 20.07.2010 10:00:02.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.2814.1825 [GMT 2:00]
Spuštěný z: G:\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Karel\AppData\Roaming\inst.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-20 do 2010-07-20 )))))))))))))))))))))))))))))))
.
2010-07-19 09:25 . 2010-07-19 09:25 -------- d-----w- c:\program files\trend micro
2010-07-19 09:25 . 2010-07-19 09:30 -------- d-----w- C:\rsit
2010-06-26 16:57 . 2010-06-26 16:57 -------- d-----w- c:\users\Karel\AppData\Roaming\InstallShield Installation Information
2010-06-26 16:57 . 2010-07-19 14:38 -------- d-----w- c:\program files\Rockstar Games
2010-06-24 21:11 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 21:11 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 21:11 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 21:11 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 21:11 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 14:50 . 2010-04-16 16:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-24 14:50 . 2010-04-16 14:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 08:08 . 2010-01-13 15:29 31871 ----a-w- c:\programdata\nvModes.dat
2010-07-20 07:59 . 2010-01-13 18:43 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-07-20 07:59 . 2010-01-13 18:43 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-07-19 14:38 . 2010-01-13 16:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-19 09:18 . 2010-01-15 08:35 -------- d-----w- c:\program files\The KMPlayer
2010-07-19 09:18 . 2010-01-13 10:00 1356 ----a-w- c:\users\Karel\AppData\Local\d3d9caps.dat
2010-07-18 20:04 . 2010-01-16 12:02 -------- d-----w- c:\users\Karel\AppData\Roaming\Skype
2010-07-18 14:05 . 2010-01-16 12:04 -------- d-----w- c:\users\Karel\AppData\Roaming\skypePM
2010-07-18 09:54 . 2010-01-16 11:29 -------- d-----w- c:\users\Karel\AppData\Roaming\Vso
2010-07-14 11:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-10 14:07 . 2010-01-16 12:00 -------- d-----r- c:\program files\Skype
2010-07-02 12:28 . 2010-01-13 16:42 -------- d-----w- c:\users\Karel\AppData\Roaming\Protector Suite
2010-06-26 16:56 . 2010-06-26 17:02 344064 ----a-w- c:\users\Karel\AppData\Roaming\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\_setup.dll
2010-06-26 08:11 . 2010-01-25 20:55 -------- d-----w- c:\users\Karel\AppData\Roaming\uTorrent
2010-06-16 12:07 . 2010-06-16 12:07 -------- d-----w- c:\program files\Common Files\Skype
2010-06-11 08:34 . 2010-06-11 08:34 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-11 08:33 . 2010-06-11 08:33 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-11 08:33 . 2010-06-11 08:33 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-11 08:33 . 2010-06-11 08:29 -------- d-----w- c:\program files\DivX
2010-06-11 08:33 . 2010-06-11 08:28 -------- d-----w- c:\programdata\DivX
2010-06-11 08:33 . 2010-06-11 08:33 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-06-11 08:33 . 2010-06-11 08:33 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-11 08:33 . 2010-06-11 08:33 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-11 08:33 . 2010-06-11 08:33 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-06-11 08:33 . 2010-06-11 08:33 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-11 08:28 . 2010-06-11 08:33 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-06-11 08:27 . 2010-06-11 08:33 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-30 20:08 . 2010-05-30 20:02 -------- d-----w- c:\users\Karel\AppData\Roaming\Orbit
2010-05-30 20:03 . 2010-05-30 20:03 -------- d-----w- c:\users\Karel\AppData\Roaming\GrabPro
2010-05-28 15:40 . 2010-05-28 15:40 -------- d-----w- c:\users\Karel\AppData\Roaming\Apowersoft
2010-05-28 15:39 . 2010-05-28 15:39 -------- d-----w- c:\program files\Apowersoft
2010-05-26 16:16 . 2010-06-10 19:05 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 19:05 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:06 . 2010-05-21 18:03 -------- d-----w- c:\program files\Google
2010-05-21 12:14 . 2010-01-20 20:24 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 18:42 . 2010-06-10 20:20 833024 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-10 20:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 16:53 . 2010-06-10 20:20 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-10 18:45 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 13:55 . 2010-05-25 19:37 2048 ----a-w- c:\windows\system32\tzres.dll
2008-04-23 12:41 . 2008-04-23 12:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-04-29 17:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-04-29 17:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-13 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-13 92704]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-04-29 49928]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-04-29 17:43 96008 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 136176]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-30 691696]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2010-01-13 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-01-13 97536]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-09-09 576000]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-13 45600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Obsah adresáře 'Naplánované úlohy'
2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 18:03]
2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 18:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\n33bb9sl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-LosAlamos - c:\windows\system32\sshnas21.dll
HKLM-Run-SMSERIAL - c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 10:08
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
- - - - - - - > 'Explorer.exe'(3756)
c:\windows\system32\NVSVC.DLL
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\qlbase.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2010-07-20 10:14:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-20 08:14
Před spuštěním: Volných bajtů: 173 519 245 312
Po spuštění: Volných bajtů: 177 303 212 032
- - End Of File - - D16419022096AB6CE4542499BC0AFC05
p.s. co je ta pliaga ?
ComboFix 10-07-19.02 - Karel 20.07.2010 10:00:02.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.2814.1825 [GMT 2:00]
Spuštěný z: G:\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Karel\AppData\Roaming\inst.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-20 do 2010-07-20 )))))))))))))))))))))))))))))))
.
2010-07-19 09:25 . 2010-07-19 09:25 -------- d-----w- c:\program files\trend micro
2010-07-19 09:25 . 2010-07-19 09:30 -------- d-----w- C:\rsit
2010-06-26 16:57 . 2010-06-26 16:57 -------- d-----w- c:\users\Karel\AppData\Roaming\InstallShield Installation Information
2010-06-26 16:57 . 2010-07-19 14:38 -------- d-----w- c:\program files\Rockstar Games
2010-06-24 21:11 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 21:11 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 21:11 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 21:11 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 21:11 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 14:50 . 2010-04-16 16:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-24 14:50 . 2010-04-16 14:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 08:08 . 2010-01-13 15:29 31871 ----a-w- c:\programdata\nvModes.dat
2010-07-20 07:59 . 2010-01-13 18:43 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-07-20 07:59 . 2010-01-13 18:43 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-07-19 14:38 . 2010-01-13 16:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-19 09:18 . 2010-01-15 08:35 -------- d-----w- c:\program files\The KMPlayer
2010-07-19 09:18 . 2010-01-13 10:00 1356 ----a-w- c:\users\Karel\AppData\Local\d3d9caps.dat
2010-07-18 20:04 . 2010-01-16 12:02 -------- d-----w- c:\users\Karel\AppData\Roaming\Skype
2010-07-18 14:05 . 2010-01-16 12:04 -------- d-----w- c:\users\Karel\AppData\Roaming\skypePM
2010-07-18 09:54 . 2010-01-16 11:29 -------- d-----w- c:\users\Karel\AppData\Roaming\Vso
2010-07-14 11:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-10 14:07 . 2010-01-16 12:00 -------- d-----r- c:\program files\Skype
2010-07-02 12:28 . 2010-01-13 16:42 -------- d-----w- c:\users\Karel\AppData\Roaming\Protector Suite
2010-06-26 16:56 . 2010-06-26 17:02 344064 ----a-w- c:\users\Karel\AppData\Roaming\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\_setup.dll
2010-06-26 08:11 . 2010-01-25 20:55 -------- d-----w- c:\users\Karel\AppData\Roaming\uTorrent
2010-06-16 12:07 . 2010-06-16 12:07 -------- d-----w- c:\program files\Common Files\Skype
2010-06-11 08:34 . 2010-06-11 08:34 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-11 08:33 . 2010-06-11 08:33 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-11 08:33 . 2010-06-11 08:33 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-11 08:33 . 2010-06-11 08:29 -------- d-----w- c:\program files\DivX
2010-06-11 08:33 . 2010-06-11 08:28 -------- d-----w- c:\programdata\DivX
2010-06-11 08:33 . 2010-06-11 08:33 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-06-11 08:33 . 2010-06-11 08:33 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-11 08:33 . 2010-06-11 08:33 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-11 08:33 . 2010-06-11 08:33 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-06-11 08:33 . 2010-06-11 08:33 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-11 08:28 . 2010-06-11 08:33 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-06-11 08:27 . 2010-06-11 08:33 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-30 20:08 . 2010-05-30 20:02 -------- d-----w- c:\users\Karel\AppData\Roaming\Orbit
2010-05-30 20:03 . 2010-05-30 20:03 -------- d-----w- c:\users\Karel\AppData\Roaming\GrabPro
2010-05-28 15:40 . 2010-05-28 15:40 -------- d-----w- c:\users\Karel\AppData\Roaming\Apowersoft
2010-05-28 15:39 . 2010-05-28 15:39 -------- d-----w- c:\program files\Apowersoft
2010-05-26 16:16 . 2010-06-10 19:05 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 19:05 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:06 . 2010-05-21 18:03 -------- d-----w- c:\program files\Google
2010-05-21 12:14 . 2010-01-20 20:24 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 18:42 . 2010-06-10 20:20 833024 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-10 20:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 16:53 . 2010-06-10 20:20 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-10 18:45 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 13:55 . 2010-05-25 19:37 2048 ----a-w- c:\windows\system32\tzres.dll
2008-04-23 12:41 . 2008-04-23 12:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-04-29 17:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-04-29 17:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-13 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-13 92704]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-04-29 49928]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-04-29 17:43 96008 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 136176]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-30 691696]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2010-01-13 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-01-13 97536]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-09-09 576000]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-13 45600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Obsah adresáře 'Naplánované úlohy'
2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 18:03]
2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 18:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\n33bb9sl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-LosAlamos - c:\windows\system32\sshnas21.dll
HKLM-Run-SMSERIAL - c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 10:08
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
- - - - - - - > 'Explorer.exe'(3756)
c:\windows\system32\NVSVC.DLL
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\qlbase.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2010-07-20 10:14:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-20 08:14
Před spuštěním: Volných bajtů: 173 519 245 312
Po spuštění: Volných bajtů: 177 303 212 032
- - End Of File - - D16419022096AB6CE4542499BC0AFC05
p.s. co je ta pliaga ?
Re: Podezření na vir
fajn, je to omnoho lepsie - preventivne prescanuj PC s MBAM
pliaga ->> to si najdes vo volnom case
akcia za krasami slovenciny
pliaga ->> to si najdes vo volnom case
akcia za krasami slovenciny FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Podezření na vir
Moc děkuji 
Re: Podezření na vir
za malo
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?