Ahojte,
Mám tady notebook, kde byl útok pishing. Neustále se hlásila špatná hesla na prohlížeč apod.
prosím o kontrolu logu.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Maminka at 2010-10-24 15:07:12
Microsoft Windows 7 Ultimate
System drive C: has 20 GB (51%) free of 40 GB
Total RAM: 3039 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:07:45, on 24.10.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Users\Maminka\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\QIP\qip.exe
C:\Users\Maminka\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\Maminka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Google Update] "C:\Users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
--
End of file - 5867 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3017920699-1425965248-3966724092-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3017920699-1425965248-3966724092-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-10-09 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-10-09 798771]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-11-11 1468256]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-03-06 13605408]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-03-06 92704]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 136176]
"Nektra OEAPI"= []
"OEXPRESS"= []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]
C:\Program Files\Zrychleni Pocitace\PCSpeedUp.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-10-24 15:07:12 ----D---- C:\rsit
2010-10-24 15:07:12 ----D---- C:\Program Files\trend micro
2010-10-24 00:21:39 ----D---- C:\Windows\nvtmpinst
2010-10-24 00:07:08 ----D---- C:\Windows\system32\AGEIA
2010-10-24 00:07:07 ----D---- C:\Program Files\AGEIA Technologies
2010-10-23 23:59:37 ----D---- C:\NVIDIA
2010-10-20 06:59:11 ----D---- C:\Windows\cs
2010-10-20 06:55:19 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-10-20 06:55:18 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-10-20 06:55:18 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-10-20 06:52:42 ----A---- C:\Windows\system32\mfreadwrite.dll
2010-10-20 06:52:42 ----A---- C:\Windows\system32\mf.dll
2010-10-20 06:52:40 ----A---- C:\Windows\system32\WMVDECOD.DLL
2010-10-16 19:40:01 ----D---- C:\Users\Maminka\AppData\Roaming\Opera
2010-10-16 19:39:47 ----D---- C:\Program Files\Opera
2010-10-16 19:28:26 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2010-10-16 19:28:26 ----A---- C:\Windows\system32\drivers\sdbus.sys
2010-10-16 19:27:45 ----D---- C:\Program Files\Motorola
2010-10-13 20:00:49 ----A---- C:\Windows\system32\ole32.dll
2010-10-13 20:00:48 ----A---- C:\Windows\system32\iertutil.dll
2010-10-13 20:00:47 ----A---- C:\Windows\system32\mshtml.dll
2010-10-13 20:00:46 ----A---- C:\Windows\system32\ieframe.dll
2010-10-13 20:00:45 ----A---- C:\Windows\system32\urlmon.dll
2010-10-13 20:00:45 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-13 20:00:44 ----A---- C:\Windows\system32\wininet.dll
2010-10-13 20:00:44 ----A---- C:\Windows\system32\mstime.dll
2010-10-13 20:00:44 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-13 20:00:44 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-13 20:00:43 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-13 20:00:43 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-13 20:00:43 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-13 20:00:43 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-13 20:00:43 ----A---- C:\Windows\system32\ieui.dll
2010-10-13 20:00:43 ----A---- C:\Windows\system32\iepeers.dll
2010-10-13 20:00:33 ----A---- C:\Windows\system32\t2embed.dll
2010-10-13 20:00:31 ----A---- C:\Windows\system32\schannel.dll
2010-10-13 20:00:28 ----A---- C:\Windows\system32\comctl32.dll
2010-10-13 20:00:26 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-13 20:00:26 ----A---- C:\Windows\system32\mfc40.dll
2010-10-13 20:00:19 ----A---- C:\Windows\system32\wmp.dll
2010-10-13 20:00:17 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-13 20:00:14 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-13 20:00:14 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-13 20:00:14 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-13 20:00:14 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-13 20:00:12 ----A---- C:\Windows\system32\win32k.sys
2010-10-13 20:00:11 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-13 20:00:11 ----A---- C:\Windows\system32\StructuredQuery.dll
2010-10-09 19:31:23 ----D---- C:\Windows\system32\Adobe
2010-10-09 10:56:46 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-10-09 10:44:35 ----D---- C:\Program Files\Microsoft Silverlight
2010-10-09 10:43:27 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-10-09 10:43:02 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-10-09 10:41:15 ----D---- C:\Program Files\Windows Live
2010-10-09 10:38:26 ----D---- C:\Program Files\Common Files\Windows Live
2010-10-09 10:38:06 ----D---- C:\Users\Maminka\AppData\Roaming\Ventrilo
2010-10-09 10:37:50 ----D---- C:\Program Files\Ventrilo
2010-10-09 10:37:37 ----D---- C:\ProgramData\Skype
2010-10-09 10:37:22 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-10-09 10:25:52 ----A---- C:\Windows\system32\mdimon.dll
2010-10-09 10:25:29 ----A---- C:\Windows\system32\msonpmon.dll
2010-10-09 10:23:27 ----D---- C:\Program Files\Microsoft Works
2010-10-09 10:22:55 ----D---- C:\Program Files\Microsoft Visual Studio
2010-10-09 10:22:54 ----D---- C:\Program Files\Common Files\DESIGNER
2010-10-09 10:20:17 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-10-09 10:19:15 ----D---- C:\ProgramData\Microsoft Help
2010-10-09 10:19:15 ----D---- C:\Program Files\Microsoft Office
2010-10-09 10:17:39 ----RHD---- C:\MSOCache
2010-10-09 10:03:14 ----D---- C:\Program Files\Common Files\Adobe
2010-10-09 10:03:14 ----D---- C:\Program Files\Adobe
2010-10-09 10:02:16 ----D---- C:\Program Files\Wireless Console 2
2010-10-09 10:02:15 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-09 10:01:58 ----D---- C:\Users\Maminka\AppData\Roaming\InstallShield
2010-10-09 09:57:15 ----D---- C:\Program Files\Microsoft.NET
2010-10-09 09:50:19 ----D---- C:\Program Files\Common Files\InstallShield
2010-10-09 09:49:52 ----A---- C:\Windows\system32\SET9C40.tmp
2010-10-09 09:49:52 ----A---- C:\Windows\system32\nvexpbar.dll
2010-10-09 09:49:52 ----A---- C:\Windows\system32\nvd3dum.dll
2010-10-09 09:49:52 ----A---- C:\Windows\system32\nvcpluir.dll
2010-10-09 09:49:52 ----A---- C:\Windows\system32\nvcplui.exe
2010-10-09 09:49:51 ----A---- C:\Windows\system32\nvuninst.exe
2010-10-09 09:49:29 ----D---- C:\Users\Maminka\AppData\Roaming\WinRAR
2010-10-09 09:35:48 ----A---- C:\Windows\WTRDCTM.INI
2010-10-09 09:31:17 ----D---- C:\Program Files\PC Translator
2010-10-09 09:30:58 ----D---- C:\ProgramData\LangSoft
2010-10-09 09:29:42 ----D---- C:\Users\Maminka\AppData\Roaming\LangSoft
2010-10-09 09:29:18 ----D---- C:\Program Files\PC Translator 2010 CZ
2010-10-09 09:27:52 ----D---- C:\Program Files\Microsoft IntelliPoint
2010-10-09 09:27:36 ----D---- C:\Users\Maminka\AppData\Roaming\Mumble
2010-10-09 09:27:10 ----D---- C:\Program Files\WinRAR
2010-10-09 09:26:50 ----D---- C:\Users\Maminka\AppData\Roaming\vlc
2010-10-09 09:26:07 ----D---- C:\Program Files\VideoLAN
2010-10-09 09:26:00 ----D---- C:\Windows\Panther
2010-10-09 09:25:25 ----D---- C:\Program Files\rajce
2010-10-09 09:24:42 ----D---- C:\Program Files\QIP
2010-10-09 09:24:22 ----D---- C:\Program Files\PowerISO
2010-10-09 09:23:56 ----D---- C:\Program Files\Mumble
2010-10-09 09:23:41 ----D---- C:\Windows\PCHEALTH
2010-10-09 09:22:37 ----A---- C:\Windows\system32\pthreadGC2.dll
2010-10-09 09:22:37 ----A---- C:\Windows\system32\ff_vfw.dll
2010-10-09 09:22:35 ----D---- C:\Program Files\ffdshow
2010-10-09 09:22:21 ----D---- C:\Program Files\CCleaner
2010-10-09 09:22:14 ----D---- C:\ProgramData\Adobe
2010-10-09 09:21:57 ----D---- C:\Program Files\AC3Filter
2010-10-09 09:21:12 ----D---- C:\Program Files\Microsoft Security Essentials
2010-10-09 09:21:06 ----SHD---- C:\Windows\Installer
2010-10-09 09:20:50 ----D---- C:\Windows\system32\Macromed
2010-10-09 09:20:32 ----D---- C:\Windows\system32\Wat
2010-10-09 09:16:00 ----D---- C:\Users\Maminka\AppData\Roaming\Macromedia
2010-10-09 09:16:00 ----D---- C:\Users\Maminka\AppData\Roaming\Adobe
2010-10-09 09:13:06 ----D---- C:\ProgramData\NVIDIA
2010-10-09 09:08:59 ----A---- C:\Windows\system32\snymsico.dll
2010-10-09 09:08:59 ----A---- C:\Windows\system32\drivers\rimsptsk.sys
2010-10-09 09:08:59 ----A---- C:\Windows\system32\drivers\rimmptsk.sys
2010-10-09 09:02:45 ----A---- C:\Windows\system32\msv1_0.dll
2010-10-09 09:02:13 ----D---- C:\Users\Maminka\AppData\Roaming\GHISLER
2010-10-09 09:02:13 ----D---- C:\Program Files\totalcmd
2010-10-09 09:02:13 ----A---- C:\Windows\UC.PIF
2010-10-09 09:02:13 ----A---- C:\Windows\RAR.PIF
2010-10-09 09:02:13 ----A---- C:\Windows\PKZIP.PIF
2010-10-09 09:02:13 ----A---- C:\Windows\PKUNZIP.PIF
2010-10-09 09:02:13 ----A---- C:\Windows\NOCLOSE.PIF
2010-10-09 09:02:13 ----A---- C:\Windows\LHA.PIF
2010-10-09 09:02:13 ----A---- C:\Windows\ARJ.PIF
2010-10-09 09:00:03 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-10-09 09:00:03 ----A---- C:\Windows\system32\PresentationHost.exe
2010-10-09 09:00:03 ----A---- C:\Windows\system32\netfxperf.dll
2010-10-09 09:00:03 ----A---- C:\Windows\system32\mscoree.dll
2010-10-09 09:00:03 ----A---- C:\Windows\system32\dfshim.dll
2010-10-09 08:57:41 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-09 08:54:42 ----A---- C:\Windows\system32\browserchoice.exe
2010-10-09 08:53:37 ----A---- C:\Windows\system32\MRT.exe
2010-10-09 08:53:21 ----A---- C:\Windows\system32\drivers\ks.sys
2010-10-09 08:52:28 ----A---- C:\Windows\system32\shell32.dll
2010-10-09 08:52:26 ----A---- C:\Windows\system32\tzres.dll
2010-10-09 08:52:24 ----A---- C:\Windows\system32\kernel32.dll
2010-10-09 08:52:24 ----A---- C:\Windows\system32\apphelp.dll
2010-10-09 08:52:15 ----A---- C:\Windows\system32\lsasrv.dll
2010-10-09 08:52:15 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2010-10-09 08:52:13 ----A---- C:\Windows\system32\inetcomm.dll
2010-10-09 08:52:10 ----A---- C:\Windows\system32\drivers\usbhub.sys
2010-10-09 08:52:10 ----A---- C:\Windows\system32\drivers\usbehci.sys
2010-10-09 08:52:08 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-10-09 08:52:05 ----A---- C:\Windows\system32\CPFilters.dll
2010-10-09 08:52:04 ----A---- C:\Windows\system32\psisdecd.dll
2010-10-09 08:52:04 ----A---- C:\Windows\system32\msdri.dll
2010-10-09 08:52:01 ----A---- C:\Windows\system32\winresume.exe
2010-10-09 08:52:01 ----A---- C:\Windows\system32\winload.exe
2010-10-09 08:52:01 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2010-10-09 08:52:01 ----A---- C:\Windows\system32\CertEnroll.dll
2010-10-09 08:51:54 ----A---- C:\Windows\system32\winlogon.exe
2010-10-09 08:51:54 ----A---- C:\Windows\system32\spoolsv.exe
2010-10-09 08:51:54 ----A---- C:\Windows\explorer.exe
2010-10-09 08:51:52 ----A---- C:\Windows\system32\drivers\fvevol.sys
2010-10-09 08:51:51 ----A---- C:\Windows\system32\asycfilt.dll
2010-10-09 08:51:50 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-10-09 08:51:50 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-10-09 08:51:49 ----A---- C:\Windows\system32\tsbyuv.dll
2010-10-09 08:51:49 ----A---- C:\Windows\system32\rtutils.dll
2010-10-09 08:51:49 ----A---- C:\Windows\system32\quartz.dll
2010-10-09 08:51:49 ----A---- C:\Windows\system32\msyuv.dll
2010-10-09 08:51:49 ----A---- C:\Windows\system32\msvidc32.dll
2010-10-09 08:51:49 ----A---- C:\Windows\system32\msrle32.dll
2010-10-09 08:51:49 ----A---- C:\Windows\system32\mciavi32.dll
2010-10-09 08:51:49 ----A---- C:\Windows\system32\iyuv_32.dll
2010-10-09 08:51:49 ----A---- C:\Windows\system32\avifil32.dll
2010-10-09 08:51:48 ----A---- C:\Windows\system32\ntdll.dll
2010-10-09 08:51:48 ----A---- C:\Windows\system32\msxml3.dll
2010-10-09 08:51:47 ----A---- C:\Windows\system32\jscript.dll
2010-10-09 08:51:46 ----A---- C:\Windows\system32\msasn1.dll
2010-10-09 08:51:46 ----A---- C:\Windows\system32\ir32_32.dll
2010-10-09 08:51:46 ----A---- C:\Windows\system32\iccvid.dll
2010-10-09 08:51:45 ----A---- C:\Windows\system32\vbscript.dll
2010-10-09 08:51:43 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-10-09 08:51:43 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-10-09 08:51:43 ----A---- C:\Windows\system32\secproc_isv.dll
2010-10-09 08:51:43 ----A---- C:\Windows\system32\secproc.dll
2010-10-09 08:51:43 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-10-09 08:51:43 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-10-09 08:51:43 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-10-09 08:51:43 ----A---- C:\Windows\system32\RMActivate.exe
2010-10-09 08:50:48 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2010-10-09 08:50:48 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2010-10-09 08:50:48 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2010-10-09 08:49:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-09 08:48:02 ----A---- C:\Windows\system32\fontsub.dll
2010-10-09 08:48:02 ----A---- C:\Windows\system32\atmlib.dll
2010-10-09 08:48:02 ----A---- C:\Windows\system32\atmfd.dll
2010-10-09 08:39:56 ----A---- C:\Windows\system32\wintrust.dll
2010-10-09 08:39:49 ----A---- C:\Windows\system32\cabview.dll
2010-10-09 08:38:50 ----D---- C:\Users\Maminka\AppData\Roaming\Identities
2010-10-09 08:38:39 ----SD---- C:\Users\Maminka\AppData\Roaming\Microsoft
2010-10-09 08:38:39 ----D---- C:\Users\Maminka\AppData\Roaming\Media Center Programs
2010-10-09 08:38:21 ----SHD---- C:\Recovery
2010-10-09 08:38:21 ----SHD---- C:\ProgramData\Šablony
2010-10-09 08:38:20 ----SHD---- C:\ProgramData\Plocha
2010-10-09 08:38:20 ----SHD---- C:\ProgramData\Oblíbené položky
2010-10-09 08:38:20 ----SHD---- C:\ProgramData\Nabídka Start
2010-10-09 08:38:20 ----SHD---- C:\ProgramData\Dokumenty
2010-10-09 08:38:20 ----SHD---- C:\ProgramData\Data aplikací
2010-10-09 08:30:14 ----D---- C:\Windows\SoftwareDistribution
2010-10-09 08:27:29 ----D---- C:\Windows\Prefetch
2010-10-09 08:27:09 ----ASH---- C:\pagefile.sys
2010-10-09 08:27:04 ----SHD---- C:\System Volume Information
2010-10-09 08:27:04 ----ASH---- C:\hiberfil.sys
======List of files/folders modified in the last 1 months======
2010-10-24 15:07:22 ----D---- C:\Windows\Temp
2010-10-24 15:07:12 ----RD---- C:\Program Files
2010-10-24 14:52:04 ----D---- C:\Windows\debug
2010-10-24 14:52:04 ----D---- C:\Windows
2010-10-24 13:28:41 ----D---- C:\Windows\System32
2010-10-24 13:28:41 ----D---- C:\Windows\inf
2010-10-24 13:20:33 ----D---- C:\Windows\system32\config
2010-10-24 00:37:52 ----D---- C:\Windows\system32\wbem
2010-10-24 00:35:55 ----D---- C:\Windows\system32\DriverStore
2010-10-24 00:35:55 ----D---- C:\Windows\system32\catroot2
2010-10-24 00:35:51 ----D---- C:\Windows\system32\drivers
2010-10-24 00:35:51 ----D---- C:\Windows\system32\CodeIntegrity
2010-10-24 00:35:40 ----D---- C:\Windows\registration
2010-10-24 00:01:17 ----D---- C:\Windows\system32\catroot
2010-10-23 10:33:58 ----D---- C:\Windows\system32\NDF
2010-10-20 07:10:15 ----D---- C:\Windows\winsxs
2010-10-20 06:56:56 ----SD---- C:\ProgramData\Microsoft
2010-10-20 06:56:14 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-20 06:54:46 ----D---- C:\Windows\Logs
2010-10-13 20:07:51 ----D---- C:\Windows\system32\migration
2010-10-13 20:07:51 ----D---- C:\Program Files\Internet Explorer
2010-10-13 20:07:50 ----D---- C:\Program Files\Windows Media Player
2010-10-13 10:20:58 ----D---- C:\Windows\system32\wdi
2010-10-12 20:22:56 ----D---- C:\Windows\system32\drivers\UMDF
2010-10-11 07:49:05 ----HD---- C:\ProgramData
2010-10-11 07:49:03 ----D---- C:\Windows\Downloaded Program Files
2010-10-09 22:43:15 ----D---- C:\Windows\rescache
2010-10-09 12:34:28 ----RSD---- C:\Windows\assembly
2010-10-09 11:14:49 ----D---- C:\Windows\Microsoft.NET
2010-10-09 10:53:48 ----RSD---- C:\Windows\Fonts
2010-10-09 10:38:26 ----D---- C:\Program Files\Common Files
2010-10-09 10:38:22 ----D---- C:\Windows\system32\Tasks
2010-10-09 10:28:20 ----A---- C:\Windows\win.ini
2010-10-09 10:23:07 ----D---- C:\Program Files\MSBuild
2010-10-09 10:19:59 ----D---- C:\Windows\ShellNew
2010-10-09 10:19:41 ----D---- C:\Program Files\Common Files\System
2010-10-09 10:00:05 ----D---- C:\Windows\system32\cs-CZ
2010-10-09 09:57:16 ----D---- C:\Windows\system32\en-US
2010-10-09 09:15:19 ----D---- C:\Windows\Tasks
2010-10-09 09:13:46 ----D---- C:\Windows\system32\LogFiles
2010-10-09 09:10:45 ----D---- C:\Windows\AppPatch
2010-10-09 09:10:45 ----D---- C:\Program Files\Windows Mail
2010-10-09 09:10:44 ----D---- C:\Windows\system32\Boot
2010-10-09 09:10:44 ----D---- C:\Windows\ehome
2010-10-09 09:02:00 ----D---- C:\Windows\Help
2010-10-09 08:40:42 ----D---- C:\Windows\twain_32
2010-10-09 08:39:59 ----D---- C:\Windows\system32\restore
2010-10-09 08:38:47 ----SHD---- C:\$Recycle.Bin
2010-10-09 08:38:36 ----RD---- C:\Users
2010-10-09 08:38:21 ----D---- C:\Program Files\Windows NT
2010-10-09 08:31:21 ----D---- C:\Windows\system32\sysprep
2010-10-09 08:28:00 ----D---- C:\Windows\CSC
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 dc3d;MS Hardware Device Detection Driver (HID); C:\Windows\system32\DRIVERS\dc3d.sys [2009-11-10 22384]
R3 KMWDFILTERx86;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2009-07-14 18432]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-11-11 14736]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2009-11-11 30576]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-05 1095808]
R3 SynMini;USB2.0 1.3M Web Cam; C:\Windows\System32\Drivers\SynMini.sys [2006-04-19 899712]
R3 SynScan;USB2.0 1.3M Web Cam Still Image; C:\Windows\System32\Drivers\SynScan.sys [2006-04-19 9216]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-03-06 203296]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-09 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
PC po útoku pishingu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
CZDaywalker
- Návštěvník
- Příspěvky: 191
- Registrován: 25 úno 2008 07:58
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC po útoku pishingu
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
CZDaywalker
- Návštěvník
- Příspěvky: 191
- Registrován: 25 úno 2008 07:58
Re: PC po útoku pishingu
Tady je log z combofixu
ComboFix 10-10-23.02 - Maminka 24.10.2010 18:53:56.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3039.2038 [GMT 2:00]
Spuštěný z: c:\users\Maminka\Downloads\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-24 do 2010-10-24 )))))))))))))))))))))))))))))))
.
2010-10-24 16:59 . 2010-10-24 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-24 13:13 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B97D2C54-D267-452E-A81F-803A8585AA2E}\mpengine.dll
2010-10-24 13:07 . 2010-10-24 13:07 -------- d-----w- C:\rsit
2010-10-24 13:07 . 2010-10-24 13:07 -------- d-----w- c:\program files\trend micro
2010-10-23 22:21 . 2010-10-23 22:35 -------- d-----w- c:\windows\nvtmpinst
2010-10-23 22:07 . 2010-10-23 22:07 -------- d-----w- c:\windows\system32\AGEIA
2010-10-23 22:07 . 2010-10-23 22:07 -------- d-----w- c:\program files\AGEIA Technologies
2010-10-23 21:59 . 2010-10-23 22:35 -------- d-----w- C:\NVIDIA
2010-10-20 04:59 . 2010-10-20 04:59 -------- d-----w- c:\windows\cs
2010-10-20 04:55 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-20 04:55 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-20 04:55 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-20 04:52 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-20 04:52 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-20 04:52 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-16 17:39 . 2010-10-16 17:39 -------- d-----w- c:\program files\Opera
2010-10-16 17:28 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-10-16 17:28 . 2009-10-10 02:31 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-10-16 17:27 . 2010-10-16 17:27 -------- d-----w- c:\program files\Motorola
2010-10-10 17:23 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-09 17:31 . 2010-10-09 17:31 -------- d-----w- c:\windows\system32\Adobe
2010-10-09 08:56 . 2010-10-09 08:56 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-10-09 08:44 . 2010-10-09 16:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-09 08:43 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-09 08:43 . 2010-10-09 08:43 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-09 08:41 . 2010-10-20 04:59 -------- d-----w- c:\program files\Windows Live
2010-10-09 08:38 . 2010-10-09 08:38 -------- d-----w- c:\program files\Common Files\Windows Live
2010-10-09 08:37 . 2010-10-09 08:37 -------- d-----w- c:\program files\Ventrilo
2010-10-09 08:37 . 2010-10-09 08:37 -------- d-----w- c:\programdata\Skype
2010-10-09 08:37 . 2010-10-23 22:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-09 08:25 . 2006-10-26 17:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-10-09 08:25 . 2008-11-04 01:30 30568 ----a-w- c:\windows\system32\mdimon.dll
2010-10-09 08:25 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-10-09 08:25 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-10-09 08:23 . 2010-10-09 08:53 -------- d-----w- c:\program files\Microsoft Works
2010-10-09 08:20 . 2010-10-09 08:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-09 08:19 . 2010-10-15 18:57 -------- d-----w- c:\programdata\Microsoft Help
2010-10-09 08:17 . 2010-10-09 08:17 -------- d-----r- C:\MSOCache
2010-10-09 08:03 . 2010-10-09 08:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-09 08:02 . 2010-10-09 08:02 -------- d-----w- c:\program files\Wireless Console 2
2010-10-09 08:02 . 2010-10-09 08:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-10-09 07:57 . 2010-10-09 08:22 -------- d-----w- c:\program files\Microsoft.NET
2010-10-09 07:50 . 2010-10-09 07:50 -------- d-----w- c:\program files\Common Files\InstallShield
2010-10-09 07:49 . 2009-03-06 09:52 5976064 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-09 07:49 . 2009-01-30 07:12 797216 ----a-w- c:\windows\system32\nvcplui.exe
2010-10-09 07:49 . 2009-01-30 07:12 5976064 ----a-w- c:\windows\system32\SET9C40.tmp
2010-10-09 07:49 . 2009-01-30 07:12 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2010-10-09 07:49 . 2009-01-30 07:12 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-10-09 07:49 . 2007-01-19 12:19 307200 ----a-w- c:\windows\system32\nvexpbar.dll
2010-10-09 07:49 . 2009-03-06 09:52 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-10-09 07:38 . 2010-10-09 07:23 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2010-10-09 07:31 . 2010-10-09 07:35 -------- d-----w- c:\program files\PC Translator
2010-10-09 07:30 . 2010-10-09 07:34 -------- d-----w- c:\programdata\LangSoft
2010-10-09 07:29 . 2010-10-09 07:29 -------- d-----w- c:\program files\PC Translator 2010 CZ
2010-10-09 07:27 . 2010-10-09 07:28 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-10-09 07:26 . 2010-10-09 07:26 -------- d-----w- c:\program files\VideoLAN
2010-10-09 07:26 . 2010-10-09 06:38 -------- d-----w- c:\windows\Panther
2010-10-09 07:25 . 2010-10-21 11:32 -------- d-----w- c:\program files\rajce
2010-10-09 07:24 . 2010-10-09 08:04 -------- d-----w- c:\program files\QIP
2010-10-09 07:24 . 2010-10-09 07:24 -------- d-----w- c:\program files\PowerISO
2010-10-09 07:23 . 2010-10-09 07:24 -------- d-----w- c:\program files\Mumble
2010-10-09 07:23 . 2010-10-09 07:23 -------- d-----w- c:\windows\PCHEALTH
2010-10-09 07:22 . 2009-03-30 18:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-09 07:22 . 2009-03-30 18:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-10-09 07:22 . 2010-10-09 07:22 -------- d-----w- c:\program files\ffdshow
2010-10-09 07:22 . 2010-10-24 12:50 -------- d-----w- c:\program files\CCleaner
2010-10-09 07:21 . 2009-06-01 00:23 538624 ----a-w- c:\windows\system32\ac3filter.acm
2010-10-09 07:21 . 2010-10-09 07:22 -------- d-----w- c:\program files\AC3Filter
2010-10-09 07:21 . 2010-10-12 18:17 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-10-09 07:21 . 2010-10-23 22:07 -------- d-sh--w- c:\windows\Installer
2010-10-09 07:20 . 2010-10-09 07:20 -------- d-----w- c:\windows\system32\Macromed
2010-10-09 07:20 . 2010-10-09 07:20 -------- d-----w- c:\windows\system32\Wat
2010-10-09 07:13 . 2010-10-23 22:18 -------- d-----w- c:\programdata\NVIDIA
2010-10-09 07:08 . 2006-11-14 22:16 32256 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2010-10-09 07:08 . 2006-11-14 17:42 43520 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2010-10-09 07:08 . 2004-09-03 08:00 90112 ----a-w- c:\windows\system32\snymsico.dll
2010-10-09 07:02 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-10-09 07:02 . 2010-10-09 07:20 -------- d-----w- c:\program files\totalcmd
2010-10-09 07:02 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2010-10-09 07:02 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-10-09 07:02 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-10-09 07:02 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-10-09 07:02 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-10-09 07:02 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-10-09 07:02 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-10-09 07:00 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-09 07:00 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-09 07:00 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-09 07:00 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-09 07:00 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-09 06:57 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-09 06:57 . 2010-09-16 08:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E29B924A-8102-4A35-8D97-29B5B69A8551}\mpengine.dll
2010-10-09 06:54 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-09 06:53 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-09 06:51 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-09 06:50 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-09 06:50 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-09 06:50 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-10-09 06:48 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-09 06:48 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-10-09 06:48 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-10-09 06:47 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-10-09 06:46 . 2010-10-24 11:28 -------- d-----w- c:\windows\system32\wbem\Performance
2010-10-09 06:39 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-10-09 06:39 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 12:03 . 2010-09-21 12:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-20 12:51 . 2010-09-20 12:51 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-20 12:51 . 2010-09-20 12:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-21 05:36 . 2010-10-13 18:00 224256 ----a-w- c:\windows\system32\schannel.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-09 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-09 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-10 22384]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\Drivers\SynMini.sys [2006-04-18 899712]
S3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\Drivers\SynScan.sys [2006-04-18 9216]
.
Obsah adresáře 'Naplánované úlohy'
2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3017920699-1425965248-3966724092-1000Core.job
- c:\users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 07:15]
2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3017920699-1425965248-3966724092-1000UA.job
- c:\users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 07:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Nektra OEAPI - (no file)
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-PCSpeedUp - c:\program files\Zrychleni Pocitace\PCSpeedUp.exe
AddRemove-PC Translator - c:\users\Maminka\AppData\Local\Temp\UN32.EXE
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-10-24 19:01:31
ComboFix-quarantined-files.txt 2010-10-24 17:01
Před spuštěním: Volných bajtů: 21 859 282 944
Po spuštění: Volných bajtů: 21 775 310 848
- - End Of File - - 01D11B35CDC1FBE9058402E64FB4FEB0
ComboFix 10-10-23.02 - Maminka 24.10.2010 18:53:56.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3039.2038 [GMT 2:00]
Spuštěný z: c:\users\Maminka\Downloads\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-24 do 2010-10-24 )))))))))))))))))))))))))))))))
.
2010-10-24 16:59 . 2010-10-24 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-24 13:13 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B97D2C54-D267-452E-A81F-803A8585AA2E}\mpengine.dll
2010-10-24 13:07 . 2010-10-24 13:07 -------- d-----w- C:\rsit
2010-10-24 13:07 . 2010-10-24 13:07 -------- d-----w- c:\program files\trend micro
2010-10-23 22:21 . 2010-10-23 22:35 -------- d-----w- c:\windows\nvtmpinst
2010-10-23 22:07 . 2010-10-23 22:07 -------- d-----w- c:\windows\system32\AGEIA
2010-10-23 22:07 . 2010-10-23 22:07 -------- d-----w- c:\program files\AGEIA Technologies
2010-10-23 21:59 . 2010-10-23 22:35 -------- d-----w- C:\NVIDIA
2010-10-20 04:59 . 2010-10-20 04:59 -------- d-----w- c:\windows\cs
2010-10-20 04:55 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-20 04:55 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-20 04:55 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-20 04:52 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-20 04:52 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-20 04:52 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-16 17:39 . 2010-10-16 17:39 -------- d-----w- c:\program files\Opera
2010-10-16 17:28 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-10-16 17:28 . 2009-10-10 02:31 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-10-16 17:27 . 2010-10-16 17:27 -------- d-----w- c:\program files\Motorola
2010-10-10 17:23 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-09 17:31 . 2010-10-09 17:31 -------- d-----w- c:\windows\system32\Adobe
2010-10-09 08:56 . 2010-10-09 08:56 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-10-09 08:44 . 2010-10-09 16:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-09 08:43 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-09 08:43 . 2010-10-09 08:43 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-09 08:41 . 2010-10-20 04:59 -------- d-----w- c:\program files\Windows Live
2010-10-09 08:38 . 2010-10-09 08:38 -------- d-----w- c:\program files\Common Files\Windows Live
2010-10-09 08:37 . 2010-10-09 08:37 -------- d-----w- c:\program files\Ventrilo
2010-10-09 08:37 . 2010-10-09 08:37 -------- d-----w- c:\programdata\Skype
2010-10-09 08:37 . 2010-10-23 22:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-09 08:25 . 2006-10-26 17:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-10-09 08:25 . 2008-11-04 01:30 30568 ----a-w- c:\windows\system32\mdimon.dll
2010-10-09 08:25 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-10-09 08:25 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-10-09 08:23 . 2010-10-09 08:53 -------- d-----w- c:\program files\Microsoft Works
2010-10-09 08:20 . 2010-10-09 08:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-09 08:19 . 2010-10-15 18:57 -------- d-----w- c:\programdata\Microsoft Help
2010-10-09 08:17 . 2010-10-09 08:17 -------- d-----r- C:\MSOCache
2010-10-09 08:03 . 2010-10-09 08:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-09 08:02 . 2010-10-09 08:02 -------- d-----w- c:\program files\Wireless Console 2
2010-10-09 08:02 . 2010-10-09 08:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-10-09 07:57 . 2010-10-09 08:22 -------- d-----w- c:\program files\Microsoft.NET
2010-10-09 07:50 . 2010-10-09 07:50 -------- d-----w- c:\program files\Common Files\InstallShield
2010-10-09 07:49 . 2009-03-06 09:52 5976064 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-09 07:49 . 2009-01-30 07:12 797216 ----a-w- c:\windows\system32\nvcplui.exe
2010-10-09 07:49 . 2009-01-30 07:12 5976064 ----a-w- c:\windows\system32\SET9C40.tmp
2010-10-09 07:49 . 2009-01-30 07:12 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2010-10-09 07:49 . 2009-01-30 07:12 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-10-09 07:49 . 2007-01-19 12:19 307200 ----a-w- c:\windows\system32\nvexpbar.dll
2010-10-09 07:49 . 2009-03-06 09:52 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-10-09 07:38 . 2010-10-09 07:23 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2010-10-09 07:31 . 2010-10-09 07:35 -------- d-----w- c:\program files\PC Translator
2010-10-09 07:30 . 2010-10-09 07:34 -------- d-----w- c:\programdata\LangSoft
2010-10-09 07:29 . 2010-10-09 07:29 -------- d-----w- c:\program files\PC Translator 2010 CZ
2010-10-09 07:27 . 2010-10-09 07:28 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-10-09 07:26 . 2010-10-09 07:26 -------- d-----w- c:\program files\VideoLAN
2010-10-09 07:26 . 2010-10-09 06:38 -------- d-----w- c:\windows\Panther
2010-10-09 07:25 . 2010-10-21 11:32 -------- d-----w- c:\program files\rajce
2010-10-09 07:24 . 2010-10-09 08:04 -------- d-----w- c:\program files\QIP
2010-10-09 07:24 . 2010-10-09 07:24 -------- d-----w- c:\program files\PowerISO
2010-10-09 07:23 . 2010-10-09 07:24 -------- d-----w- c:\program files\Mumble
2010-10-09 07:23 . 2010-10-09 07:23 -------- d-----w- c:\windows\PCHEALTH
2010-10-09 07:22 . 2009-03-30 18:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-09 07:22 . 2009-03-30 18:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-10-09 07:22 . 2010-10-09 07:22 -------- d-----w- c:\program files\ffdshow
2010-10-09 07:22 . 2010-10-24 12:50 -------- d-----w- c:\program files\CCleaner
2010-10-09 07:21 . 2009-06-01 00:23 538624 ----a-w- c:\windows\system32\ac3filter.acm
2010-10-09 07:21 . 2010-10-09 07:22 -------- d-----w- c:\program files\AC3Filter
2010-10-09 07:21 . 2010-10-12 18:17 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-10-09 07:21 . 2010-10-23 22:07 -------- d-sh--w- c:\windows\Installer
2010-10-09 07:20 . 2010-10-09 07:20 -------- d-----w- c:\windows\system32\Macromed
2010-10-09 07:20 . 2010-10-09 07:20 -------- d-----w- c:\windows\system32\Wat
2010-10-09 07:13 . 2010-10-23 22:18 -------- d-----w- c:\programdata\NVIDIA
2010-10-09 07:08 . 2006-11-14 22:16 32256 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2010-10-09 07:08 . 2006-11-14 17:42 43520 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2010-10-09 07:08 . 2004-09-03 08:00 90112 ----a-w- c:\windows\system32\snymsico.dll
2010-10-09 07:02 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-10-09 07:02 . 2010-10-09 07:20 -------- d-----w- c:\program files\totalcmd
2010-10-09 07:02 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2010-10-09 07:02 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-10-09 07:02 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-10-09 07:02 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-10-09 07:02 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-10-09 07:02 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-10-09 07:02 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-10-09 07:00 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-09 07:00 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-09 07:00 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-09 07:00 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-09 07:00 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-09 06:57 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-09 06:57 . 2010-09-16 08:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E29B924A-8102-4A35-8D97-29B5B69A8551}\mpengine.dll
2010-10-09 06:54 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-09 06:53 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-09 06:51 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-09 06:50 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-09 06:50 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-09 06:50 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-10-09 06:48 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-09 06:48 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-10-09 06:48 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-10-09 06:47 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-10-09 06:46 . 2010-10-24 11:28 -------- d-----w- c:\windows\system32\wbem\Performance
2010-10-09 06:39 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-10-09 06:39 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 12:03 . 2010-09-21 12:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-20 12:51 . 2010-09-20 12:51 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-20 12:51 . 2010-09-20 12:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-21 05:36 . 2010-10-13 18:00 224256 ----a-w- c:\windows\system32\schannel.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-09 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-09 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-10 22384]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\Drivers\SynMini.sys [2006-04-18 899712]
S3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\Drivers\SynScan.sys [2006-04-18 9216]
.
Obsah adresáře 'Naplánované úlohy'
2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3017920699-1425965248-3966724092-1000Core.job
- c:\users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 07:15]
2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3017920699-1425965248-3966724092-1000UA.job
- c:\users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 07:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Nektra OEAPI - (no file)
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-PCSpeedUp - c:\program files\Zrychleni Pocitace\PCSpeedUp.exe
AddRemove-PC Translator - c:\users\Maminka\AppData\Local\Temp\UN32.EXE
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-10-24 19:01:31
ComboFix-quarantined-files.txt 2010-10-24 17:01
Před spuštěním: Volných bajtů: 21 859 282 944
Po spuštění: Volných bajtů: 21 775 310 848
- - End Of File - - 01D11B35CDC1FBE9058402E64FB4FEB0
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC po útoku pishingu
Log vypadá čistý. Původní hesla vám patrně někdo odcizil a posléze změnil. Váš PC je ale čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
CZDaywalker
- Návštěvník
- Příspěvky: 191
- Registrován: 25 úno 2008 07:58
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC po útoku pishingu
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?