VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=106041

Stránka 2 z 3

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 13:47
od Kn1gu4
Keď tam napišem ComboFix /Uninstall a dam enter vyhodí mi toto
Obrázek

Family Keylogger v3.02 (remove only)-->"D:\FIFA08\FK som tam mal umyselne ale teraz ho už nepoužívam ...

A ten T-Cleaner mi z tej stránky nejde stiahnuť , aj ked vypnem antivír ...

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 13:58
od vyosek
:arrow: Odinstalaci CF preskocte

:arrow: Zkuste T-Cleaner stahnout odsud http://leteckaposta.cz/117149677

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 14:04
od Kn1gu4
Nechce mi to ísť ani odtial , v mozille mi to zastaví na 80 % a v iExploreri sa to zastaví na 99% a dalej to nechce isť ...
Napíše mi spojenie so serverom sa vynulovalo ..

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 14:06
od vyosek
:arrow: Dobra, tedy, krok preskocte :wink:

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 14:08
od Kn1gu4
ale ďalši krok už nie je :roll:

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 14:13
od vyosek
:arrow: Omlouvam se :oops:

:arrow: Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)
  • Provedte aktualizaci - treti zalozka
  • Provedte uplny sken - nic nemazte :!:
  • MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 17:42
od Kn1gu4
www.malwarebytes.org

Verzia databázy: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

31. 10. 2010 17:33:43
mbam-log-2010-10-31 (17-33-43).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 472770
Uplynulý čas: 2 hod, 4 min, 16 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 1

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
D:\_Instal\_Programy\WinRAR 3.1\KeyGen.exe (Malware.Packer.Gen) -> No action taken.

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 18:03
od vyosek
:arrow: Cracky a keygeny jsou nejlepsi cesta k zavirovani PC, smazat :!:

:arrow: Snad se nam nasledne mazani pomoci CF povede, jinak Vas ceka asi preinstalace tech programu - jsou poskozeny virem Virtumonde

:arrow: Stahnete si CF odsud http://download.bleepingcomputer.com/sUBs/ComboFix.exe a prejmenujte jej pri stahovani na cokoliv.com - zatim nespoustejte

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    RenV::
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio .exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader .exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC .exe
C:\Program Files\Acer\WR_PopUp\WarReg_PopUp .exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent .exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc .exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService .exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\Apoint2K\Apoint .exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\Launch Manager\LManager .exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Windows Media Player\wmupdater .exe
C:\Windows\PLFSetI .exe
C:\Windows\hffext\hffsrv .exe
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 18:40
od Kn1gu4
neboli žiadne problémy , log :

ComboFix 10-10-30.09 - Acer . 10. 2010 18:13:50.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.2525.1286 [GMT 1:00]
Running from: C:\Users\Acer\Desktop\cokoliv.com
Command switches used :: C:\Users\Acer\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gfbiv.sys
.
---- Previous Run -------
.
C:\Program Files\Windows Media Player\wmupdater.exe
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-535194301-2542288228-1683754161-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-535194301-2542288228-1683754161-1000UA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-535194301-2542288228-1683754161-1001Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-535194301-2542288228-1683754161-1001UA.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PCTSDINJDRIVER32
-------\Service_nxrdytxf


((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-31 17:24:07 . 2010-10-31 17:27:30 -------- d-----w- C:\Users\Acer\AppData\Local\temp
2010-10-31 17:24:07 . 2010-10-31 17:24:07 -------- d-----w- C:\Users\Zuzka\AppData\Local\temp
2010-10-31 17:24:07 . 2010-10-31 17:24:07 -------- d-----w- C:\Users\TEMP\AppData\Local\temp
2010-10-31 17:24:07 . 2010-10-31 17:24:07 -------- d-----w- C:\Users\Public\AppData\Local\temp
2010-10-31 17:24:07 . 2010-10-31 17:24:07 -------- d-----w- C:\Users\Guest\AppData\Local\temp
2010-10-31 17:24:07 . 2010-10-31 17:24:07 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-10-31 17:24:07 . 2010-10-31 17:24:07 -------- d-----w- C:\Users\BaYa\AppData\Local\temp
2010-10-31 11:42:03 . 2010-10-31 11:42:03 -------- d-----w- C:\_OTM
2010-10-31 09:35:07 . 2010-10-31 09:35:43 -------- d-----w- C:\Beruska.com
2010-10-30 21:36:36 . 2010-10-30 21:36:36 -------- d-----w- C:\Users\Acer\AppData\Roaming\CometNetwork
2010-10-30 21:36:06 . 2010-10-30 21:36:20 -------- d-----w- C:\Program Files\CometBird
2010-10-29 09:36:12 . 2010-10-07 23:21:31 6146896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AE9BA2E7-F2B7-4182-B8E7-A3E5C53CD6F2}\mpengine.dll
2010-10-28 17:09:32 . 2010-10-28 17:09:32 -------- d-----w- C:\Users\Acer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-10-28 17:02:26 . 2010-10-28 17:23:49 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2010-10-28 16:58:09 . 2010-10-28 16:58:09 -------- d-----w- C:\Program Files\Adobe Media Player
2010-10-28 16:56:58 . 2010-10-28 16:56:58 -------- d-----w- C:\Program Files\Common Files\Adobe AIR
2010-10-28 16:43:50 . 2010-10-28 16:44:32 -------- d-----w- C:\rsit
2010-10-28 07:01:25 . 2010-10-28 07:02:19 -------- d-----w- C:\Users\Administrator
2010-10-27 12:51:39 . 2010-08-26 16:34:50 1696256 ----a-w- C:\Windows\system32\gameux.dll
2010-10-27 12:51:37 . 2010-08-26 16:33:12 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
2010-10-27 12:51:37 . 2010-08-26 14:23:58 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-24 18:50:27 . 2010-10-24 18:50:36 -------- d-----w- C:\Users\Acer\AppData\Roaming\GameRanger
2010-10-22 19:03:26 . 2010-10-22 19:04:04 -------- d-----w- C:\Program Files\Lauyan
2010-10-22 19:03:26 . 2010-10-22 19:03:26 -------- d-----w- C:\ProgramData\Lauyan
2010-10-21 19:19:51 . 2010-10-21 19:19:51 -------- d-----w- C:\ProgramData\McAfee Security Scan
2010-10-21 19:19:42 . 2010-10-22 11:30:58 -------- d-----w- C:\Program Files\McAfee Security Scan
2010-10-21 19:17:34 . 2010-10-29 15:30:14 25048 ----a-w- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
2010-10-21 19:17:34 . 2010-10-29 15:30:14 140248 ----a-w- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
2010-10-20 18:53:59 . 2010-10-20 18:54:00 -------- d-----w- C:\Program Files\myRuler
2010-10-20 15:02:39 . 2010-10-20 15:02:39 -------- d-----w- C:\Users\Default\AppData\Roaming\DivX
2010-10-20 14:46:41 . 2010-10-20 15:09:40 -------- d-----w- C:\Program Files\PhotoFiltre
2010-10-16 18:26:17 . 2010-10-16 18:36:58 -------- d-----w- C:\Users\Acer\AppData\Roaming\PSpad
2010-10-16 18:25:39 . 2010-10-16 18:26:13 -------- d-----w- C:\Program Files\PSPad editor
2010-10-15 20:13:11 . 2010-10-15 20:13:11 -------- d-----w- C:\Users\Acer\AppData\Local\Electronic Arts
2010-10-15 17:38:46 . 2010-10-20 12:45:59 -------- d-----w- C:\Users\Acer\AppData\Roaming\CashGopher
2010-10-13 17:04:45 . 2010-09-13 13:56:02 168960 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-13 17:04:44 . 2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
2010-10-13 17:04:25 . 2010-06-28 17:00:21 1316864 ----a-w- C:\Windows\system32\ole32.dll
2010-10-13 17:04:24 . 2010-06-28 14:54:38 339968 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-13 17:04:20 . 2010-08-31 13:27:38 2038272 ----a-w- C:\Windows\system32\win32k.sys
2010-10-13 17:04:10 . 2010-09-06 16:20:29 125952 ----a-w- C:\Windows\system32\srvsvc.dll
2010-10-13 17:04:10 . 2010-09-06 13:45:19 102400 ----a-w- C:\Windows\system32\drivers\srvnet.sys
2010-10-13 17:04:09 . 2010-09-06 13:45:38 304128 ----a-w- C:\Windows\system32\drivers\srv.sys
2010-10-13 17:04:09 . 2010-09-06 13:45:22 145408 ----a-w- C:\Windows\system32\drivers\srv2.sys
2010-10-13 17:04:08 . 2010-09-06 16:19:06 17920 ----a-w- C:\Windows\system32\netevent.dll
2010-10-13 17:03:55 . 2010-08-26 16:37:45 157184 ----a-w- C:\Windows\system32\t2embed.dll
2010-10-13 17:03:51 . 2010-05-04 19:13:07 231424 ----a-w- C:\Windows\system32\msshsq.dll
2010-10-13 17:02:48 . 2010-08-20 16:05:07 867328 ----a-w- C:\Windows\system32\wmpmde.dll
2010-10-13 17:01:35 . 2010-08-10 15:53:15 274944 ----a-w- C:\Windows\system32\schannel.dll
2010-10-13 17:00:36 . 2010-08-31 15:44:31 531968 ----a-w- C:\Windows\system32\comctl32.dll
2010-10-13 16:59:57 . 2010-08-31 15:46:37 954752 ----a-w- C:\Windows\system32\mfc40.dll
2010-10-13 16:59:56 . 2010-08-31 15:46:37 954288 ----a-w- C:\Windows\system32\mfc40u.dll
2010-10-10 17:21:49 . 2010-10-10 17:21:50 -------- d-----w- C:\Program Files\Surfbar
2010-10-09 16:32:32 . 2004-08-05 11:00:00 59904 ----a-w- C:\Windows\system32\wbemdisp.tlb
2010-10-09 16:32:31 . 2010-10-09 16:32:33 -------- d-----w- C:\Program Files\20Dollars2Surf
2010-10-09 15:38:52 . 2010-10-23 10:29:54 -------- d-----w- C:\Users\Acer\AppData\Local\PokerStars.NET
2010-10-09 15:37:58 . 2010-10-15 17:55:27 -------- d-----w- C:\Program Files\PokerStars.NET
2010-10-08 17:30:50 . 2010-10-08 17:30:50 -------- d-----w- C:\Users\Acer\AppData\Local\Unity
2010-10-08 17:13:35 . 2010-10-08 17:13:35 -------- d-----w- C:\Users\Acer\AppData\Roaming\Electronic Arts
2010-10-05 13:50:51 . 2004-04-12 15:27:08 152848 ----a-w- C:\Windows\system32\comdlg32.ocx
2010-10-05 13:50:50 . 2010-10-05 13:51:08 -------- d-----w- C:\Program Files\Mp3 Knife

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41:44 . 2009-10-03 09:51:25 222080 ------w- C:\Windows\system32\MpSigStub.exe
2010-10-15 20:04:31 . 2010-01-03 18:38:36 4630 ----a-w- C:\Windows\system32\ealregsnapshot1.reg
2010-09-01 13:51:47 . 2010-06-09 10:13:43 215128 ----a-w- C:\Windows\system32\PnkBstrB.xtr
2010-09-01 13:49:24 . 2009-07-02 07:56:07 138384 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys
2010-09-01 13:46:30 . 2009-07-02 07:55:48 215128 ----a-w- C:\Windows\system32\PnkBstrB.exe
2010-08-26 16:33:06 . 2010-10-27 12:51:37 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 . 2010-10-27 12:51:38 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 . 2010-10-27 12:51:38 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2010-08-26 16:33:04 . 2010-10-27 12:51:37 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2010-08-17 14:11:37 . 2010-09-15 08:40:32 128000 ----a-w- C:\Windows\system32\spoolsv.exe
2010-08-07 10:03:33 . 2010-08-07 10:03:33 25280 ----a-w- C:\Windows\system32\drivers\hamachi.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AAE80CE-5D5E-4AD2-B722-E9E0A506CE52}]
2010-10-04 13:58:42 36352 ----a-w- C:\Users\Acer\AppData\Roaming\CashGopher\CashGopherBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58:56 185856 ----a-w- C:\Program Files\Get Styles\enlbrdr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38:12 121392 ----a-w- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:23:32 1008184]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2009-09-11 06:23:46 2054360]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 07:35:36 6111232]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 14:39:32 1090952]
"Surfbar"="C:\Program Files\Surfbar\Surfbar.exe" [2010-10-07 18:55:58 1105408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
20Dollars2Surf.lnk - C:\Program Files\20Dollars2Surf\20dollars2surf.exe [2010-10-9 89088]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCENT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HideFilesAndFolders_S]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Voobys.lnk]
path=C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voobys.lnk
backup=C:\Windows\pss\Voobys.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM\SA1916]
2008-05-11 08:41:06 47616 ------r- C:\Program Files\Philips\SA19xx\Philips Device Manager\bin\LaunchDM.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384]
R2 gupdate1c9906be3877692;Služba Google Update (gupdate1c9906be3877692);C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-16 19:22:02 133104]
R3 GarenaPEngine;GarenaPEngine;C:\Users\Acer\AppData\Local\Temp\VWIDAAA.tmp [x]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [2008-05-30 11:17:54 93968]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 12:49:20 227232]
R3 PSPRSERV;PSPR Control Service;C:\Program Files\ElcomSoft\Proactive System Password Recovery\psprserv.exe [2009-05-19 12:51:34 69632]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 09:33:12 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 09:33:14 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 09:33:12 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 09:33:12 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 09:33:14 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 09:33:12 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 09:33:14 115752]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);C:\Windows\system32\DRIVERS\s1029bus.sys [2009-05-25 11:34:56 90280]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 11:34:56 15016]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 11:34:56 122280]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 11:34:54 115880]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);C:\Windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 11:34:54 26024]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s1029obex.sys [2009-05-25 11:34:54 111912]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);C:\Windows\system32\DRIVERS\s1029unic.sys [2009-05-25 11:35:00 116904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 11:16:28 753504]
R4 sptd;sptd;C:\Windows\system32\Drivers\sptd.sys [2010-07-21 10:22:51 697328]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [2009-09-11 06:23:50 108792]
S1 FDCENT;FDCENT;C:\Windows\system32\drivers\FDCENT.SYS [2007-01-27 18:28:04 47854]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 11:03:58 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 11:11:14 16384]
S2 CLHNService;CLHNService;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-16 15:56:36 75048]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-09-11 06:24:32 735960]
S2 EmmaDevMgmtSvc;Emma Device Management;C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-04-27 12:51:00 306296]
S2 EmmaUpdMgmtSvc;Emma Update Management;C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-04-27 12:51:00 162936]
S2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-09-11 06:26:26 38240]
S2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 11:22:52 24576]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 09:16:12 1107336]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 19:36:20 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 19:36:02 131072]
S2 OMSI download service;Sony Ericsson OMSI download service;C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 09:23:26 90112]
S2 TeamViewer5;TeamViewer 5;C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2010-06-21 08:23:34 173352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-27 20:44:56 210432]
S3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2008-04-28 17:54:58 54784]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 10:06:32 21632]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [2008-05-28 16:54:20 22072]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-31 C:\Windows\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36:18 . 2008-12-11 19:36:18]

2010-10-29 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-535194301-2542288228-1683754161-1002Core.job
- C:\Users\Zuzka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-21 14:23:40 . 2009-07-21 14:23:34]

2010-10-31 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-535194301-2542288228-1683754161-1002UA.job
- C:\Users\Zuzka\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-21 14:23:40 . 2009-07-21 14:23:34]

2010-10-31 C:\Windows\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2010-05-19 23:20:44 . 2010-05-19 23:20:44]

2010-07-26 C:\Windows\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2010-05-19 23:20:44 . 2010-05-19 23:20:44]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local
uInternet Settings,ProxyServer = socks=
IE: Free YouTube Download - C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\9y8ivsrd.default\
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\9y8ivsrd.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\9y8ivsrd.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\Program Files\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Users\Acer\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Acer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Acer\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-EA Core - C:\Program Files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-ISTray - C:\Program Files\Spyware Doctor\pctsTray.exe

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 18:45
od vyosek
:arrow: Log neni cely, ale to hlavni tam (ne)vidim - poskozene soubory haveti...takze CF provedlo co melo, potesil jste :D

:arrow: Jak se chova PC :???:

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 18:55
od Kn1gu4
PC je v pohode , a akoto že nie je celý ? ved všetko išlo v pohode ...

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 19:06
od vyosek
:arrow: Chybi tam jedna cast,ale v pohode...

:arrow: Odinstalujte Combofix
  • Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
  • Napiste Cokoliv /Uninstall
  • Stisknete Enter
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

:arrow: MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho

:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za 14 dni

:arrow: Dejte novy log z RSIT

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 19:14
od Kn1gu4
ako som už písal ten ComboFix mi nejde tak odinštalovať , poslal som aj screen čo mi vyhodí , a ten T-Cleaner mi tiež nejde stiahnuť vždy sa to zastaví pri 90 % a potom napíše že sa nepodarilo uložiť , pretože zdrojový subor sa neda načitať ..

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 19:16
od vyosek
Davate ten T-Cleaner ulozit nebo primo spustit :???: Je treba jej ulozit - treba na plochu...

Re: Prosím o kontrolu logu

Napsal: 31 říj 2010 19:19
od Kn1gu4
Áno dávam uložiť
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz