Vypnutí pc po cca 30min

Zpráva

skenerz · #1 Příspěvek od **skenerz** » 20 čer 2011 16:43

Dnes jsem stáhl jednoho smrada z uloz.to (Cod mw installer) a ten mo hned zapnul nejaky stranky a takovy. A kazdejch 30min se mi pc vypne, mám Microsoft security esential, ale ten nic nenašel, pustil jsem RSIT a tady to je :
http://kfci.ic.cz/Upload/log.txt
Prosím help, mám windows vista.
A tohle je z reglooks.exe
http://kfci.ic.cz/Upload/result.txt

#2 Příspěvek od **vyosek** » 20 čer 2011 16:54

Zdravim a pekny den preji

Vzhledem k tomu, ze pouzivate nelegalni SW Obrázek

se nedivim, ze jste navstevnikem naseho fora

Dle pravidel fora (viz zde a a zde bod c.3 ) se vsak nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava Obrázek

, pachate trestny cin a ten jako takovy nebude nasim forem podporovan. Uvedomte si, ze jste na bezpecnostnim foru - podpora warezu by byla zcela proti logice fora

#3 Příspěvek od **vyosek** » 20 čer 2011 16:59

Stahnete na plochu CKScanner

Spustte a kliknete na Search for files
Po dokonceni skenu kliknete na Save List to File a nasledne OK
Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

skenerz · #4 Příspěvek od **skenerz** » 20 čer 2011 17:19

Stahoval jsem to z důvodu že my blbne cd/dvd rom, jinak mám legální kopii i cd klíč hry.
Jinak tady je ck files http://kfci.ic.cz/Upload/ckfiles.txt

#5 Příspěvek od **vyosek** » 20 čer 2011 17:22

Logy vkladejte prosim do threadu...

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

skenerz · #6 Příspěvek od **skenerz** » 20 čer 2011 17:40

Hotovo, vypadá to dobře, už upršel čas a nic se nestalo, tady je log.
http://kfci.ic.cz/Upload/ComboFix.txt
Jinak co je thread ?

#7 Příspěvek od **vyosek** » 20 čer 2011 17:43

Opakovane prosim abyste daval logy sem, takze jej sem dejte...

skenerz · #8 Příspěvek od **skenerz** » 20 čer 2011 17:44

ComboFix 11-06-19.0r1 - Opice 20.06.2011 17:49:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3000.1759 [GMT 2:00]
Spuštěný z: c:\users\Opice\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Opice\AppData\Roaming\.#
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-20 do 2011-06-20 )))))))))))))))))))))))))))))))
.
.
2011-06-20 15:55 . 2011-06-20 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-20 15:34 . 2011-06-20 15:37 -------- d-----w- c:\program files\trend micro
2011-06-20 15:34 . 2011-06-20 15:36 -------- d-----w- C:\rsit
2011-06-20 15:31 . 2011-06-20 15:31 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DCD592C-1211-4210-A968-7C5DEB17B50D}\MpKsl072fa887.sys
2011-06-20 14:46 . 2011-06-20 14:46 -------- d-----w- c:\program files\CCleaner
2011-06-20 11:35 . 2011-05-09 11:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DCD592C-1211-4210-A968-7C5DEB17B50D}\mpengine.dll
2011-06-20 06:01 . 2011-06-20 06:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-19 08:39 . 2011-06-19 08:39 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-06-19 07:17 . 2011-06-19 07:18 -------- d-----w- C:\Fraps
2011-06-18 18:40 . 2011-06-18 18:41 -------- d-----w- c:\program files\Paint.NET
2011-06-17 17:58 . 2011-06-17 17:59 -------- d-----w- c:\windows\USB 2.0 IrDA
2011-06-17 17:58 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-06-17 17:58 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-06-17 17:58 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-06-17 17:58 . 2011-06-17 17:58 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-06-17 17:58 . 2011-06-17 17:58 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-06-17 17:58 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-06-17 17:58 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-06-16 14:26 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2011-06-15 17:01 . 2011-06-15 17:02 -------- d-----w- c:\programdata\PACE Anti-Piracy
2011-06-15 06:08 . 2011-06-15 06:08 -------- d-sh--we c:\windows\system32\config\systemprofile\Soubory cookie
2011-06-15 06:08 . 2011-06-15 06:08 -------- d-sh--we c:\windows\system32\config\systemprofile\Data aplikací
2011-06-14 05:44 . 2009-07-13 13:46 37280 ----a-w- c:\windows\system32\drivers\RTL2832U_IRHID.sys
2011-06-14 05:44 . 2009-07-06 15:37 32800 ----a-w- c:\windows\system32\drivers\RTL2832UUSB.sys
2011-06-14 05:44 . 2009-07-06 15:36 91168 ----a-w- c:\windows\system32\drivers\RTL2832UBDA.sys
2011-06-14 05:44 . 2011-06-14 05:44 -------- d-----w- c:\program files\NewSoft
2011-06-14 05:44 . 2009-04-02 12:22 127085 ----a-w- c:\windows\system32\RTKFMSOURCE.dll
2011-06-14 05:43 . 2011-06-16 06:09 -------- d-----w- c:\programdata\ArcSoft
2011-06-14 05:42 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-06-14 05:41 . 2011-06-14 05:44 -------- d-----w- c:\program files\MSI
2011-06-14 05:41 . 2011-06-14 05:42 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-06-12 13:09 . 2011-06-12 13:09 2206720 ----a-w- c:\windows\system32\python27.dll
2011-06-11 17:26 . 2011-06-11 17:26 -------- d-----w- c:\program files\Common Files\Java
2011-06-11 17:26 . 2011-06-11 17:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-11 17:25 . 2011-06-11 17:25 -------- d-----w- c:\program files\Java
2011-06-05 08:06 . 2011-06-05 08:06 -------- d-----w- c:\program files\Alcohol Soft
2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-05-27 01:48 . 2011-05-27 01:48 -------- d-----w- c:\program files\OpenOffice.org 3
2011-05-24 16:38 . 2011-05-09 11:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-24 06:20 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-23 21:35 . 2011-05-23 21:35 -------- d-----w- c:\program files\Windows Portable Devices
2011-05-23 20:58 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-05-23 20:58 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-05-23 20:58 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-05-23 20:58 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-05-23 20:55 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-05-23 20:55 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-05-23 20:55 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-05-23 20:27 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-05-23 20:27 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-05-23 20:27 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-23 20:24 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-05-23 15:57 . 2008-07-17 20:27 380928 ----a-w- c:\windows\AcerStore.exe
2011-05-23 15:57 . 2008-05-09 13:58 49152 ----a-w- c:\windows\Interop.IWshRuntimeLibrary.dll
2011-05-23 15:57 . 2008-01-10 19:44 199176 ----a-w- c:\windows\GVUni.exe
2011-05-23 15:52 . 2011-05-23 15:52 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-05-23 15:44 . 2011-05-23 15:44 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-05-23 15:43 . 2011-05-23 15:43 -------- d-----w- c:\windows\Users
2011-05-23 15:36 . 2011-05-23 15:36 -------- d-----w- c:\windows\system32\ca-ES
2011-05-23 15:36 . 2011-05-23 15:36 -------- d-----w- c:\windows\system32\eu-ES
2011-05-23 15:36 . 2011-05-23 15:36 -------- d-----w- c:\windows\system32\vi-VN
2011-05-23 15:04 . 2011-05-23 15:04 -------- d-----w- c:\windows\system32\EventProviders
2011-05-23 14:53 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-05-23 14:52 . 2009-04-11 06:28 532992 ----a-w- c:\windows\system32\wpcao.dll
2011-05-23 14:51 . 2009-04-11 06:28 876032 ----a-w- c:\windows\system32\wer.dll
2011-05-23 13:59 . 2011-05-23 13:59 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-05-23 13:24 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-23 13:23 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-05-23 13:23 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-05-23 13:21 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-05-23 13:07 . 2011-05-23 13:07 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-05-23 13:07 . 2011-05-24 06:22 -------- d-----w- c:\program files\Windows Live
2011-05-23 13:07 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-05-23 13:07 . 2011-05-23 13:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-05-23 13:01 . 2011-05-23 13:01 -------- d-----w- c:\program files\Common Files\Windows Live
2011-05-23 12:58 . 2011-06-17 11:55 -------- d-----w- c:\program files\Microsoft Silverlight
2011-05-23 12:58 . 2011-05-23 12:58 -------- d-----w- c:\windows\system32\x64
2011-05-23 12:55 . 2011-05-23 12:55 -------- d-----w- c:\windows\system32\custom matrices
2011-05-23 12:55 . 2011-05-23 12:55 -------- d-----w- c:\windows\system32\C2MP
2011-05-23 12:55 . 2011-05-23 12:55 -------- d-----w- c:\windows\system32\QuickTime
2011-05-23 12:51 . 2011-05-23 12:51 -------- d-----w- c:\program files\VideoLAN
2011-05-23 12:36 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-23 12:36 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-23 12:36 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-05-23 12:36 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-23 12:36 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-05-23 12:14 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-23 12:14 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-23 10:13 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-05-23 09:59 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-05-23 09:32 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-05-23 09:32 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-05-23 09:32 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-05-23 09:30 . 2011-05-23 09:30 -------- d-----w- c:\program files\MSXML 4.0
2011-05-23 09:28 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-05-23 09:25 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-05-23 09:25 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-23 09:25 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-05-23 09:25 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-05-23 09:25 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-05-23 09:25 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-05-23 09:25 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-05-23 09:25 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2011-05-23 09:24 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-05-23 09:24 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-05-23 09:24 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-05-23 09:24 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-05-23 09:24 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-05-23 09:21 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-23 09:21 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-23 09:21 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-05-23 09:21 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-05-23 09:21 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-05-23 09:21 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-05-23 09:21 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2011-05-23 09:20 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-23 09:19 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2011-05-23 09:19 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-05-23 09:19 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-05-23 09:19 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-05-23 09:19 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-05-23 09:19 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-05-23 09:19 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-05-23 09:17 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-05-23 09:16 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 05:55 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-23 20:52 . 2011-05-23 20:52 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\dxgkrnl.sys.mui
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-05-24 30192]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
.
c:\users\Opice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
TMMonitor.lnk - c:\program files\MSI\TotalMedia 3.5\TMMonitor.exe [2011-6-14 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-05-25 15:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-04-18 13:18 167936 ----a-w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-05-23 06:16 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl9d65548d;MpKsl9d65548d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCBE67EC-1DF0-4E29-A22B-564293CCDA3C}\MpKsl9d65548d.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 135664]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-05-24 30192]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 37280]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-07-06 91168]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-07-06 32800]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsl072fa887;MpKsl072fa887;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DCD592C-1211-4210-A968-7C5DEB17B50D}\MpKsl072fa887.sys [2011-06-20 28752]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL072FA887
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 07:32]
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 07:32]
.
2011-06-20 c:\windows\Tasks\User_Feed_Synchronization-{78E9F8AA-A08C-4C6B-B177-E4D99D1ACC62}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0511&m=aspire_5735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0511&m=aspire_5735
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-IR_SERVER - c:\program files\MSI\REALTEK DTV USB DEVICE\IR_SERVER.exe
AddRemove-4Media DPG Converter - c:\users\Opice\Desktop\DPG Converter\Uninstall.exe
AddRemove-Autodesk FBX Converter 2012.1 - g:\program files\Autodesk\FBX\FBXConverter\2012.1\Uninstall.exe
AddRemove-Dev-C++ - f:\dev-cpp\uninstall.exe
AddRemove-Unity - g:\program files\Unity\Editor\Uninstall.exe
AddRemove-WmeDevKit_is1 - f:\program files\WME DevKit\unins000.exe
AddRemove-{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1 - f:\mingw\unins000.exe
AddRemove-{FB86EDAA-B17D-447E-972B-5580A4C6AE3C}_is1 - g:\program files\Legie\unins000.exe
AddRemove-CodeBlocks - f:\program files\CodeBlocks\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-20 17:55
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4208)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
.
Celkový čas: 2011-06-20 17:56:46
ComboFix-quarantined-files.txt 2011-06-20 15:56
.
Před spuštěním: Volných bajtů: 78 012 465 152
Po spuštění: Volných bajtů: 77 959 839 744
.
- - End Of File - - 6BA5DE7A61B710A6E60F9DA48135310A

#9 Příspěvek od **vyosek** » 20 čer 2011 17:49

Doporucuji odinstalovat Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

Nahrady za Spybota:
- Spyware Terminator - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=44730
- SuperAntiSpyare - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=51359
Samozrejme pouzivejte jen jeden z nich
Osobne doporucuji SuperAntiSpyware

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

AtJob::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]¨

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\User_Feed_Synchronization-{78E9F8AA-A08C-4C6B-B177-E4D99D1ACC62}.job

DDS::
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

skenerz · #10 Příspěvek od **skenerz** » 20 čer 2011 18:36

ComboFix 11-06-19.0r1 - Opice 20.06.2011 19:01:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3000.1738 [GMT 2:00]
Spuštěný z: c:\users\Opice\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Opice\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\User_Feed_Synchronization-{78E9F8AA-A08C-4C6B-B177-E4D99D1ACC62}.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\User_Feed_Synchronization-{78E9F8AA-A08C-4C6B-B177-E4D99D1ACC62}.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-20 do 2011-06-20 )))))))))))))))))))))))))))))))
.
.
2011-06-20 17:07 . 2011-06-20 17:07 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DCD592C-1211-4210-A968-7C5DEB17B50D}\MpKsl819af965.sys
2011-06-20 15:34 . 2011-06-20 15:37 -------- d-----w- c:\program files\trend micro
2011-06-20 15:34 . 2011-06-20 15:36 -------- d-----w- C:\rsit
2011-06-20 14:46 . 2011-06-20 14:46 -------- d-----w- c:\program files\CCleaner
2011-06-20 11:35 . 2011-05-09 11:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DCD592C-1211-4210-A968-7C5DEB17B50D}\mpengine.dll
2011-06-20 06:01 . 2011-06-20 06:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-19 08:39 . 2011-06-19 08:39 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-06-19 07:17 . 2011-06-19 07:18 -------- d-----w- C:\Fraps
2011-06-18 18:40 . 2011-06-18 18:41 -------- d-----w- c:\program files\Paint.NET
2011-06-17 17:58 . 2011-06-17 17:59 -------- d-----w- c:\windows\USB 2.0 IrDA
2011-06-17 17:58 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-06-17 17:58 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-06-17 17:58 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-06-17 17:58 . 2011-06-17 17:58 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-06-17 17:58 . 2011-06-17 17:58 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-06-17 17:58 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-06-17 17:58 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-06-16 14:26 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2011-06-15 17:01 . 2011-06-15 17:02 -------- d-----w- c:\programdata\PACE Anti-Piracy
2011-06-15 06:08 . 2011-06-15 06:08 -------- d-sh--we c:\windows\system32\config\systemprofile\Soubory cookie
2011-06-15 06:08 . 2011-06-15 06:08 -------- d-sh--we c:\windows\system32\config\systemprofile\Data aplikací
2011-06-14 05:44 . 2009-07-13 13:46 37280 ----a-w- c:\windows\system32\drivers\RTL2832U_IRHID.sys
2011-06-14 05:44 . 2009-07-06 15:37 32800 ----a-w- c:\windows\system32\drivers\RTL2832UUSB.sys
2011-06-14 05:44 . 2009-07-06 15:36 91168 ----a-w- c:\windows\system32\drivers\RTL2832UBDA.sys
2011-06-14 05:44 . 2011-06-14 05:44 -------- d-----w- c:\program files\NewSoft
2011-06-14 05:44 . 2009-04-02 12:22 127085 ----a-w- c:\windows\system32\RTKFMSOURCE.dll
2011-06-14 05:43 . 2011-06-16 06:09 -------- d-----w- c:\programdata\ArcSoft
2011-06-14 05:42 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-06-14 05:41 . 2011-06-14 05:44 -------- d-----w- c:\program files\MSI
2011-06-14 05:41 . 2011-06-14 05:42 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-06-12 13:09 . 2011-06-12 13:09 2206720 ----a-w- c:\windows\system32\python27.dll
2011-06-11 17:26 . 2011-06-11 17:26 -------- d-----w- c:\program files\Common Files\Java
2011-06-11 17:26 . 2011-06-11 17:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-11 17:25 . 2011-06-11 17:25 -------- d-----w- c:\program files\Java
2011-06-05 08:06 . 2011-06-05 08:06 -------- d-----w- c:\program files\Alcohol Soft
2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-05-27 01:48 . 2011-05-27 01:48 -------- d-----w- c:\program files\OpenOffice.org 3
2011-05-24 16:38 . 2011-05-09 11:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-24 06:20 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-23 21:35 . 2011-05-23 21:35 -------- d-----w- c:\program files\Windows Portable Devices
2011-05-23 20:58 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-05-23 20:58 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-05-23 20:58 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-05-23 20:58 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-05-23 20:55 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-05-23 20:55 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-05-23 20:55 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-05-23 20:27 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-05-23 20:27 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-05-23 20:27 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-23 20:24 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-05-23 15:57 . 2008-07-17 20:27 380928 ----a-w- c:\windows\AcerStore.exe
2011-05-23 15:57 . 2008-05-09 13:58 49152 ----a-w- c:\windows\Interop.IWshRuntimeLibrary.dll
2011-05-23 15:57 . 2008-01-10 19:44 199176 ----a-w- c:\windows\GVUni.exe
2011-05-23 15:52 . 2011-05-23 15:52 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-05-23 15:44 . 2011-05-23 15:44 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-05-23 15:43 . 2011-05-23 15:43 -------- d-----w- c:\windows\Users
2011-05-23 15:36 . 2011-05-23 15:36 -------- d-----w- c:\windows\system32\ca-ES
2011-05-23 15:36 . 2011-05-23 15:36 -------- d-----w- c:\windows\system32\eu-ES
2011-05-23 15:36 . 2011-05-23 15:36 -------- d-----w- c:\windows\system32\vi-VN
2011-05-23 15:04 . 2011-05-23 15:04 -------- d-----w- c:\windows\system32\EventProviders
2011-05-23 14:53 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-05-23 14:52 . 2009-04-11 06:28 532992 ----a-w- c:\windows\system32\wpcao.dll
2011-05-23 14:51 . 2009-04-11 06:28 876032 ----a-w- c:\windows\system32\wer.dll
2011-05-23 13:59 . 2011-05-23 13:59 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-05-23 13:24 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-23 13:23 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-05-23 13:23 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-05-23 13:21 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-05-23 13:07 . 2011-05-23 13:07 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-05-23 13:07 . 2011-05-24 06:22 -------- d-----w- c:\program files\Windows Live
2011-05-23 13:07 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-05-23 13:07 . 2011-05-23 13:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-05-23 13:01 . 2011-05-23 13:01 -------- d-----w- c:\program files\Common Files\Windows Live
2011-05-23 12:58 . 2011-06-17 11:55 -------- d-----w- c:\program files\Microsoft Silverlight
2011-05-23 12:58 . 2011-05-23 12:58 -------- d-----w- c:\windows\system32\x64
2011-05-23 12:55 . 2011-05-23 12:55 -------- d-----w- c:\windows\system32\custom matrices
2011-05-23 12:55 . 2011-05-23 12:55 -------- d-----w- c:\windows\system32\C2MP
2011-05-23 12:55 . 2011-05-23 12:55 -------- d-----w- c:\windows\system32\QuickTime
2011-05-23 12:51 . 2011-05-23 12:51 -------- d-----w- c:\program files\VideoLAN
2011-05-23 12:36 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-23 12:36 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-23 12:36 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-05-23 12:36 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-23 12:36 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-05-23 12:14 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-23 12:14 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-23 10:13 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-05-23 09:59 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-05-23 09:32 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-05-23 09:32 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-05-23 09:32 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-05-23 09:30 . 2011-05-23 09:30 -------- d-----w- c:\program files\MSXML 4.0
2011-05-23 09:28 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-05-23 09:25 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-05-23 09:25 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-23 09:25 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-05-23 09:25 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-05-23 09:25 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-05-23 09:25 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-05-23 09:25 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-05-23 09:25 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2011-05-23 09:24 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-05-23 09:24 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-05-23 09:24 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-05-23 09:24 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-05-23 09:24 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-05-23 09:21 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-23 09:21 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-23 09:21 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-05-23 09:21 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-05-23 09:21 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-05-23 09:21 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-05-23 09:21 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2011-05-23 09:20 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-23 09:19 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2011-05-23 09:19 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-05-23 09:19 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-05-23 09:19 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-05-23 09:19 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-05-23 09:19 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-05-23 09:19 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-05-23 09:17 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-05-23 09:16 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-05-23 09:15 . 2010-06-16 16:39 912776 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 05:55 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-23 20:52 . 2011-05-23 20:52 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\dxgkrnl.sys.mui
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-05-24 30192]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
c:\users\Opice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
TMMonitor.lnk - c:\program files\MSI\TotalMedia 3.5\TMMonitor.exe [2011-6-14 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-04-18 13:18 167936 ----a-w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl9d65548d;MpKsl9d65548d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCBE67EC-1DF0-4E29-A22B-564293CCDA3C}\MpKsl9d65548d.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-05-24 30192]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 37280]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-07-06 91168]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-07-06 32800]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsl819af965;MpKsl819af965;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DCD592C-1211-4210-A968-7C5DEB17B50D}\MpKsl819af965.sys [2011-06-20 28752]
S1 MpKslc65c7751;MpKslc65c7751;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DCD592C-1211-4210-A968-7C5DEB17B50D}\MpKslc65c7751.sys [2011-06-20 28752]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL819AF965
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1948)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2011-06-20 19:13:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-20 17:12
ComboFix2.txt 2011-06-20 15:56
.
Před spuštěním: Volných bajtů: 78 004 940 800
Po spuštění: Volných bajtů: 77 873 369 088
.
- - End Of File - - C12775C6252F9045248DF0FAEE682EB4

#11 Příspěvek od **vyosek** » 20 čer 2011 18:43

Jak se chova PC

skenerz · #12 Příspěvek od **skenerz** » 20 čer 2011 19:05

Vše už je v pořadku... Děkuji...

#13 Příspěvek od **vyosek** » 20 čer 2011 19:07

Tak jeste uklidime

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

¨

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Vypnutí pc po cca 30min

Vypnutí pc po cca 30min

Re: Vypnutí pc po cca 30min

Re: Vypnutí pc po cca 30min

Re: Vypnutí pc po cca 30min

Re: Vypnutí pc po cca 30min

Re: Vypnutí pc po cca 30min

Re: Vypnutí pc po cca 30min

Re: Vypnutí pc po cca 30min

Re: Vypnutí pc po cca 30min

Re: Vypnutí pc po cca 30min

Re: Vypnutí pc po cca 30min

Re: Vypnutí pc po cca 30min

Re: Vypnutí pc po cca 30min