Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

asi nějaká havěť Downolader a ....

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
hlinik
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 08 led 2010 09:40
Bydliště: Plzeň

asi nějaká havěť Downolader a ....

#1 Příspěvek od hlinik »

symantec mi hlásí pokaždé downloader filname umdmgr.exe a neví si s tím rady
špatně funguje internet. při vypnutí počítače hlásí umgdr neodpovídá a gdf neodpovídá
Vkládám log RSIT a doufám že se najde nějaká dobrá duše co pomůže
Už jsem tu měl i nějaký W32.IRCBot ale ten se mi snad podařilo odstranit s pomocí čtení různých
příspěvků ale bude to zavirované asi trochu víc
Jsem začátečník
Logfile of random's system information tool 1.06 (written by random/random)
Run by Windows XP at 2010-01-08 15:18:50
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 17 GB (68%) free of 25 GB
Total RAM: 2047 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:02, on 8.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\01.Stahování\mozila\RSIT.exe
C:\Program Files\trend micro\Windows XP.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [avd32] C:\WINDOWS\system32\avd32.exe
O4 - HKLM\..\Run: [rad59EE5.tmp] C:\WINDOWS\system32\umdmgr.exe
O4 - HKLM\..\Run: [radFD8D7.tmp] C:\WINDOWS\system32\umdmgr.exe
O4 - HKLM\..\Run: [rad121C5.tmp] C:\WINDOWS\system32\umdmgr.exe
O4 - HKLM\..\Run: [rad04B03.tmp] C:\WINDOWS\system32\umdmgr.exe
O4 - HKLM\..\Run: [radEDA15.tmp] C:\WINDOWS\system32\umdmgr.exe
O4 - HKLM\..\Run: [radCA487.tmp] C:\WINDOWS\system32\umdmgr.exe
O4 - HKLM\..\Run: [radEF443.tmp] C:\WINDOWS\system32\umdmgr.exe
O4 - HKLM\..\Run: [rad4D113.tmp] C:\WINDOWS\system32\umdmgr.exe
O4 - HKLM\..\Run: [radF8D99.tmp] C:\WINDOWS\system32\umdmgr.exe
O4 - HKLM\..\Run: [rad85DAA.tmp] C:\WINDOWS\system32\umdmgr.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1066F736-1F21-4324-AD46-01EC65E32647}: NameServer = 192.168.16.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Služba Google Update (gupdate1c9aaf1b7490128) (gupdate1c9aaf1b7490128) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 9715 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Windows XP.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Panel nástrojů - C:\Program Files\Lexmark Toolbar\toolband.dll [2009-05-06 372736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-22 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-17 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [2009-10-16 2101248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Panel nástrojů - C:\Program Files\Lexmark Toolbar\toolband.dll [2009-05-06 372736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-05-29 52840]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2007-10-07 125368]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-27 16844800]
"lxdnamon"=C:\Program Files\Lexmark 2600 Series\lxdnamon.exe [2009-01-29 16040]
"avd32"=C:\WINDOWS\system32\avd32.exe [2010-01-04 95232]
"rad59EE5.tmp"=C:\WINDOWS\system32\umdmgr.exe [2010-01-07 81408]
"radFD8D7.tmp"=C:\WINDOWS\system32\umdmgr.exe [2010-01-07 81408]
"rad121C5.tmp"=C:\WINDOWS\system32\umdmgr.exe [2010-01-07 81408]
"rad04B03.tmp"=C:\WINDOWS\system32\umdmgr.exe [2010-01-07 81408]
"radEDA15.tmp"=C:\WINDOWS\system32\umdmgr.exe [2010-01-07 81408]
"radCA487.tmp"=C:\WINDOWS\system32\umdmgr.exe [2010-01-07 81408]
"radEF443.tmp"=C:\WINDOWS\system32\umdmgr.exe [2010-01-07 81408]
"rad4D113.tmp"=C:\WINDOWS\system32\umdmgr.exe [2010-01-07 81408]
"radF8D99.tmp"=C:\WINDOWS\system32\umdmgr.exe [2010-01-07 81408]
"rad85DAA.tmp"=C:\WINDOWS\system32\umdmgr.exe [2010-01-07 81408]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-10-07 43448]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Call of Duty 4 - Modern Warfare\iw3mp.exe"="D:\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\lxdncoms.exe"="C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"="C:\Program Files\Lexmark 2600 Series\lxdnamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 2600 Series\frun.exe"="C:\Program Files\Lexmark 2600 Series\frun.exe:*:Enabled:Lexmark Productivity Studio"
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"="C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe"="C:\Program Files\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe:*:Enabled: "
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2010-01-08 15:18:51 ----D---- C:\Program Files\trend micro
2010-01-08 15:18:50 ----D---- C:\rsit
2010-01-08 10:52:03 ----SHD---- C:\RECYCLER
2010-01-07 20:23:28 ----A---- C:\WINDOWS\system32\umdmgr.exe
2010-01-07 20:21:13 ----D---- C:\WINDOWS\temp
2010-01-06 17:09:00 ----D---- C:\Program Files\CCleaner
2010-01-06 16:39:58 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-06 16:33:53 ----A---- C:\Boot.bak
2010-01-06 16:33:50 ----RASHD---- C:\cmdcons
2010-01-06 16:32:43 ----D---- C:\WINDOWS\ERDNT
2010-01-04 19:30:19 ----A---- C:\WINDOWS\system32\avd32.exe
2009-12-24 15:29:58 ----D---- C:\Documents and Settings\Windows XP\Data aplikací\Lexmark Productivity Studio
2009-12-24 15:19:32 ----D---- C:\logs
2009-12-24 15:19:22 ----A---- C:\WINDOWS\system32\lxdnvs.dll
2009-12-24 15:19:17 ----A---- C:\WINDOWS\system32\lxdncoin.dll
2009-12-24 15:18:42 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2009-12-24 15:18:33 ----A---- C:\WINDOWS\system32\lxdndrs.dll
2009-12-24 15:18:33 ----A---- C:\WINDOWS\system32\lxdncaps.dll
2009-12-24 15:18:32 ----A---- C:\WINDOWS\system32\lxdncnv4.dll
2009-12-24 15:18:09 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2009-12-24 15:13:44 ----A---- C:\WINDOWS\system32\gdiplus.dll
2009-12-24 15:13:42 ----D---- C:\Program Files\Lexmark Toolbar
2009-12-24 15:12:18 ----RSD---- C:\WINDOWS\assembly
2009-12-24 15:12:00 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-24 15:11:34 ----A---- C:\WINDOWS\system32\lxdnwupd.exe
2009-12-24 15:11:34 ----A---- C:\WINDOWS\system32\lxdnwupd.dll
2009-12-24 15:11:32 ----A---- C:\WINDOWS\system32\lxdnrwrd.ini
2009-12-24 15:11:20 ----A---- C:\WINDOWS\system32\LXDNinst.dll
2009-12-24 15:11:18 ----A---- C:\WINDOWS\system32\LXDNhcp.dll
2009-12-24 15:11:17 ----A---- C:\WINDOWS\system32\lxdninpa.dll
2009-12-24 15:11:17 ----A---- C:\WINDOWS\system32\lxdniesc.dll
2009-12-24 15:11:16 ----A---- C:\WINDOWS\system32\lxdnutil.dll
2009-12-24 15:11:16 ----A---- C:\WINDOWS\system32\lxdnusb1.dll
2009-12-24 15:11:15 ----A---- C:\WINDOWS\system32\lxdnserv.dll
2009-12-24 15:11:15 ----A---- C:\WINDOWS\system32\lxdnprox.dll
2009-12-24 15:11:14 ----A---- C:\WINDOWS\system32\lxdnpmui.dll
2009-12-24 15:11:14 ----A---- C:\WINDOWS\system32\lxdnlmpm.dll
2009-12-24 15:11:13 ----A---- C:\WINDOWS\system32\lxdnjswr.dll
2009-12-24 15:11:13 ----A---- C:\WINDOWS\system32\lxdninsr.dll
2009-12-24 15:11:13 ----A---- C:\WINDOWS\system32\lxdninsb.dll
2009-12-24 15:11:12 ----A---- C:\WINDOWS\system32\lxdnins.dll
2009-12-24 15:11:12 ----A---- C:\WINDOWS\system32\lxdnih.exe
2009-12-24 15:11:12 ----A---- C:\WINDOWS\system32\lxdnhbn3.dll
2009-12-24 15:11:11 ----A---- C:\WINDOWS\system32\lxdngrd.dll
2009-12-24 15:11:11 ----A---- C:\WINDOWS\system32\lxdngf.dll
2009-12-24 15:11:10 ----A---- C:\WINDOWS\system32\lxdncur.dll
2009-12-24 15:11:10 ----A---- C:\WINDOWS\system32\lxdncub.dll
2009-12-24 15:11:09 ----A---- C:\WINDOWS\system32\lxdncu.dll
2009-12-24 15:11:09 ----A---- C:\WINDOWS\system32\lxdncoms.exe
2009-12-24 15:11:09 ----A---- C:\WINDOWS\system32\lxdncomm.dll
2009-12-24 15:11:08 ----A---- C:\WINDOWS\system32\lxdncomc.dll
2009-12-24 15:11:08 ----A---- C:\WINDOWS\system32\lxdncfg.exe
2009-12-24 15:11:07 ----A---- C:\WINDOWS\system32\LXDNcfg.dll
2009-12-24 15:10:51 ----D---- C:\Program Files\Lexmark 2600 Series

======List of files/folders modified in the last 1 months======

2010-01-08 15:18:58 ----D---- C:\WINDOWS\Prefetch
2010-01-08 15:18:51 ----RD---- C:\Program Files
2010-01-08 15:12:40 ----D---- C:\Program Files\Mozilla Firefox
2010-01-08 15:06:26 ----D---- C:\Documents and Settings\Windows XP\Data aplikací\Skype
2010-01-08 14:35:10 ----SD---- C:\WINDOWS\Tasks
2010-01-08 13:03:46 ----D---- C:\Documents and Settings\Windows XP\Data aplikací\skypePM
2010-01-08 12:59:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-08 12:58:06 ----SHD---- C:\System Volume Information
2010-01-08 12:34:43 ----D---- C:\Program Files\Symantec AntiVirus
2010-01-08 11:48:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-08 11:43:49 ----D---- C:\WINDOWS\system32\Restore
2010-01-08 11:12:44 ----D---- C:\WINDOWS
2010-01-08 10:52:03 ----D---- C:\WINDOWS\Debug
2010-01-08 09:23:21 ----D---- C:\WINDOWS\system32
2010-01-07 20:24:51 ----D---- C:\WINDOWS\system32\drivers
2010-01-07 20:22:53 ----A---- C:\WINDOWS\system.ini
2010-01-07 20:20:40 ----D---- C:\WINDOWS\AppPatch
2010-01-07 20:20:38 ----D---- C:\Program Files\Common Files
2010-01-07 19:48:42 ----A---- C:\WINDOWS\WINCMD.INI
2010-01-07 18:54:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-01-07 12:15:57 ----HD---- C:\WINDOWS\inf
2010-01-06 17:15:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-06 16:38:54 ----D---- C:\WINDOWS\Help
2010-01-06 16:35:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-06 16:33:53 ----RASH---- C:\boot.ini
2010-01-01 18:00:00 ----D---- C:\Program Files\Norton Security Scan
2009-12-30 10:19:47 ----D---- C:\Program Files\FastStone Image Viewer
2009-12-29 21:17:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 15:23:16 ----RSD---- C:\WINDOWS\Fonts
2009-12-24 15:18:23 ----SHD---- C:\WINDOWS\Installer
2009-12-24 15:12:19 ----D---- C:\WINDOWS\WinSxS
2009-12-24 15:12:04 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-24 15:12:02 ----D---- C:\WINDOWS\system32\mui
2009-12-24 15:12:02 ----D---- C:\Program Files\Internet Explorer
2009-12-24 15:12:00 ----D---- C:\WINDOWS\pchealth
2009-12-24 14:16:10 ----D---- C:\Program Files\Google
2009-12-21 00:23:56 ----D---- C:\Program Files\AIMP2
2009-12-21 00:07:48 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-15 18:11:13 ----D---- C:\Program Files\Mořské dobrodružství

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-08-27 189320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-02 4613120]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2008-12-16 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-12-17 768024]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-12-17 41752]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100106.002\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100106.002\navex15.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2008-12-17 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-12-17 2686104]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-10-23 103296]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-08-27 23944]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-06-18 223128]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-06-18 642560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-05-29 192104]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-05-29 169576]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-10-07 31160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-17 152984]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 150040]
R2 lxdn_device;lxdn_device; C:\WINDOWS\system32\lxdncoms.exe [2008-02-28 594600]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-01 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-08-01 103736]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-07-26 1181016]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-10-07 1822648]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 gupdate1c9aaf1b7490128;Služba Google Update (gupdate1c9aaf1b7490128); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-22 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 183280]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2008-02-28 98984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-28 2999664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-10-07 116664]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-08-27 214408]
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe [2005-08-10 118272]
Nahoru
pitimir
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 479
Registrován: 18 čer 2008 17:54
Bydliště: Šutrovec
Kontaktovat uživatele:
Kontaktovat uživatele pitimir

Re: asi nějaká havěť Downolader a ....

#2 Příspěvek od pitimir »

Nazdar. Hned mala rada do buducna - ak mas problem, rovno napis a neskusaj nahodne najdene utility -> kontraproduktivne.

Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém: :!:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Nahoru
hlinik
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 08 led 2010 09:40
Bydliště: Plzeň

Re: asi nějaká havěť Downolader a ....

#3 Příspěvek od hlinik »

Tak tady to je

DDS (Ver_09-12-01.01) - NTFSx86
Run by Windows XP at 17:49:48,46 on pá 08.01.2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1146 [GMT 1:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Windows XP\Plocha\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.seznam.cz/
uURLSearchHooks: H - No File
BHO: XTTBPos00 Class: {055fd26d-3a88-4e15-963d-dc8493744b1d} - c:\progra~1\icqtoo~1\toolbaru.dll
BHO: Lexmark Panel nástrojů: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Panel nástrojů: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [avd32] c:\windows\system32\avd32.exe
mRun: [rad59EE5.tmp] c:\windows\system32\umdmgr.exe
mRun: [radFD8D7.tmp] c:\windows\system32\umdmgr.exe
mRun: [rad121C5.tmp] c:\windows\system32\umdmgr.exe
mRun: [rad04B03.tmp] c:\windows\system32\umdmgr.exe
mRun: [radEDA15.tmp] c:\windows\system32\umdmgr.exe
mRun: [radCA487.tmp] c:\windows\system32\umdmgr.exe
mRun: [radEF443.tmp] c:\windows\system32\umdmgr.exe
mRun: [rad4D113.tmp] c:\windows\system32\umdmgr.exe
mRun: [radF8D99.tmp] c:\windows\system32\umdmgr.exe
mRun: [rad85DAA.tmp] c:\windows\system32\umdmgr.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {1066F736-1F21-4324-AD46-01EC65E32647} = 192.168.16.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\window~1\dataap~1\mozilla\firefox\profiles\yv7teyzx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");

============= SERVICES / DRIVERS ===============

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2008-6-18 5248]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-29 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100106.002\naveng.sys [2010-1-6 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100106.002\navex15.sys [2010-1-6 1323568]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-18 69120]
S2 gupdate1c9aaf1b7490128;Služba Google Update (gupdate1c9aaf1b7490128);c:\program files\google\update\GoogleUpdate.exe [2009-3-22 133104]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-12-24 98984]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2008-6-18 160640]

=============== Created Last 30 ================

2010-01-08 14:18:51 0 d-----w- c:\program files\trend micro
2010-01-07 19:23:28 81408 ----a-w- c:\windows\system32\umdmgr.exe
2010-01-06 16:09:00 0 d-----w- c:\program files\CCleaner
2010-01-06 15:39:58 0 d--h--w- c:\windows\$hf_mig$
2010-01-06 15:33:50 0 d-sha-r- C:\cmdcons
2010-01-04 18:30:19 95232 ----a-w- c:\windows\system32\avd32.exe
2009-12-24 14:29:58 0 d-----w- c:\docume~1\window~1\dataap~1\Lexmark Productivity Studio
2009-12-24 14:21:28 0 d-----w- c:\documents and settings\all users\Lx_cats
2009-12-24 14:21:00 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-12-24 14:21:00 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-12-24 14:19:32 0 d-----w- C:\logs
2009-12-24 14:19:22 40960 ----a-w- c:\windows\system32\lxdnvs.dll
2009-12-24 14:19:17 348160 ----a-w- c:\windows\system32\lxdncoin.dll
2009-12-24 14:18:57 80572 ----a-w- c:\windows\system32\lxdnprpr.chm
2009-12-24 14:18:42 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-12-24 14:18:42 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-12-24 14:18:33 81920 ----a-w- c:\windows\system32\lxdncaps.dll
2009-12-24 14:18:33 782336 ----a-w- c:\windows\system32\lxdndrs.dll
2009-12-24 14:18:32 69632 ----a-w- c:\windows\system32\lxdncnv4.dll
2009-12-24 14:18:09 0 d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-12-24 14:13:44 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2009-12-24 14:13:42 0 d-----w- c:\program files\Lexmark Toolbar
2009-12-24 14:10:51 0 d-----w- c:\program files\Lexmark 2600 Series

==================== Find3M ====================

2009-12-29 20:17:49 68736 ----a-w- c:\windows\system32\perfc005.dat
2009-12-29 20:17:49 389664 ----a-w- c:\windows\system32\perfh005.dat
2009-12-25 18:57:33 25616 ----a-w- c:\docume~1\window~1\dataap~1\GDIPFONTCACHEV1.DAT
2009-12-25 13:29:40 45872 ----a-w- c:\windows\fonts\DEARJI__.TTF

============= FINISH: 17:49:56,93 ===============


Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: Plug and Play BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: a347bus

==== System Restore Points ===================

RP1: 8.1.2010 12:58:09 - Kontrolní bod systému

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Ad-Aware SE Personal
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1 - Czech
Adobe Shockwave Player
AIMP2
Alcohol 120%
Alík - Můj první slabikář
Balíček ovladače systému Windows - Nokia Modem (06/01/2009 4.1)
Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.3)
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Call of Duty(R) 4 - Modern Warfare(TM)
CCleaner
CDDRV_Installer
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Suite
Faraónovo tajemství
FastStone Flash Player 2.2
FastStone Image Viewer 3.9
Google Earth
Google Gears
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Java(TM) 6 Update 12
KhalInstallWrapper
Lexmark 2600 Series
Lexmark Panel nástrojů
LiveUpdate 3.2 (Symantec Corporation)
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Mafia
Medvěd Míša - Nová dobrodružství
Microsoft .NET Framework 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mořské dobrodružství
Mozilla Firefox (3.5.7)
MSVC80_x86
Nero Media Player
Nero OEM
NeroVision Express 2
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NVIDIA Drivers
PartitionMagic
PC Connectivity Solution
PowerDVD
PowerProducer
PowerQuest PartitionMagic 8.0
Realtek High Definition Audio Driver
Roboball
Skype web features
Skype™ 4.1
Symantec AntiVirus
Total Commander (Remove or Repair)
TuneUp Utilities 2006
VideoLAN VLC media player 0.8.6
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player Firefox Plugin
xp-AntiSpy 3.94

==== End Of File ===========================
Nahoru
pitimir
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 479
Registrován: 18 čer 2008 17:54
Bydliště: Šutrovec
Kontaktovat uživatele:
Kontaktovat uživatele pitimir

Re: asi nějaká havěť Downolader a ....

#4 Příspěvek od pitimir »

Stiahni ComboFix - NESPUSTAT.

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
DDS::
uURLSearchHooks: H - No File
BHO: XTTBPos00 Class: {055fd26d-3a88-4e15-963d-dc8493744b1d} - c:\progra~1\icqtoo~1\toolbaru.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
mRun: [avd32] c:\windows\system32\avd32.exe
mRun: [rad59EE5.tmp] c:\windows\system32\umdmgr.exe
mRun: [radFD8D7.tmp] c:\windows\system32\umdmgr.exe
mRun: [rad121C5.tmp] c:\windows\system32\umdmgr.exe
mRun: [rad04B03.tmp] c:\windows\system32\umdmgr.exe
mRun: [radEDA15.tmp] c:\windows\system32\umdmgr.exe
mRun: [radCA487.tmp] c:\windows\system32\umdmgr.exe
mRun: [radEF443.tmp] c:\windows\system32\umdmgr.exe
mRun: [rad4D113.tmp] c:\windows\system32\umdmgr.exe
mRun: [radF8D99.tmp] c:\windows\system32\umdmgr.exe
mRun: [rad85DAA.tmp] c:\windows\system32\umdmgr.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... vc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/s ... wflash.cab

FireFox::
FF - ProfilePath - c:\docume~1\window~1\dataap~1\mozilla\firefox\profiles\yv7teyzx.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

Folder::
c:\progra~1\icqtoo~1

Extra::
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém: :!:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Nahoru
hlinik
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 08 led 2010 09:40
Bydliště: Plzeň

Re: asi nějaká havěť Downolader a ....

#5 Příspěvek od hlinik »

Ahoj log z CF umísťuji níže
Neboj už žádné experimenty raději vždy počkám až se někdo ozve a poradí
tak jako ty. Ten W32.IRCBot se tam objevil znovu asi hodinu před tím než jsem spustil ten CF.
Chci se zeptat jak je to stou obnovou systemu někde tady na foru jsem se dočetl že během odstraňování těch
havětí se má vypnout Zatím to mám zaplé tak dej vědět co a jak zatím díky.

ComboFix 10-01-04.01 - Windows XP 08.01.2010 20:52:03.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1492 [GMT 1:00]
Spuštěný z: c:\documents and settings\Windows XP\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Windows XP\Plocha\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\icqtoo~1
c:\progra~1\icqtoo~1\about.html
c:\progra~1\icqtoo~1\basis.xml
c:\progra~1\icqtoo~1\Dlg_Res.xml
c:\progra~1\icqtoo~1\download.html
c:\progra~1\icqtoo~1\Games.xml
c:\progra~1\icqtoo~1\games_button.xml
c:\progra~1\icqtoo~1\icons.bmp
c:\progra~1\icqtoo~1\loading.html
c:\progra~1\icqtoo~1\logo_small.gif
c:\progra~1\icqtoo~1\newversion.txt
c:\progra~1\icqtoo~1\tb_buttons.xml
c:\progra~1\icqtoo~1\tb_games.xml
c:\progra~1\icqtoo~1\tb_options.xml
c:\progra~1\icqtoo~1\toolbaru.crc
c:\progra~1\icqtoo~1\toolbaru.dll
c:\progra~1\icqtoo~1\version.txt
c:\windows\system32\umdmgr.log

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-08 do 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-05 16:13 . 2010-01-05 16:13 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2009-12-24 14:21 . 2010-01-04 16:07 -------- d-----w- c:\documents and settings\All Users\Lx_cats
2009-12-24 14:21 . 2004-08-03 22:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-12-24 14:21 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-12-24 14:19 . 2009-12-24 14:19 -------- d-----w- C:\logs
2009-12-24 14:19 . 2007-11-28 17:51 40960 ----a-w- c:\windows\system32\lxdnvs.dll
2009-12-24 14:19 . 2008-02-15 04:52 348160 ----a-w- c:\windows\system32\lxdncoin.dll
2009-12-24 14:19 . 2008-02-27 11:05 115200 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdndrpp.dll
2009-12-24 14:18 . 2001-10-24 11:25 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-12-24 14:18 . 2001-10-24 11:25 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-12-24 14:18 . 2007-11-21 00:02 782336 ----a-w- c:\windows\system32\lxdndrs.dll
2009-12-24 14:18 . 2007-11-20 23:44 81920 ----a-w- c:\windows\system32\lxdncaps.dll
2009-12-24 14:18 . 2007-10-02 22:51 69632 ----a-w- c:\windows\system32\lxdncnv4.dll
2009-12-24 14:18 . 2009-12-24 14:18 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-12-24 14:13 . 2007-06-28 13:52 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2009-12-24 14:13 . 2010-01-04 18:31 -------- d-----w- c:\program files\Lexmark Toolbar
2009-12-24 14:10 . 2009-12-24 14:28 -------- d-----w- c:\program files\Lexmark 2600 Series

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 19:53 . 2008-07-10 15:10 -------- d-----w- c:\program files\Symantec AntiVirus
2010-01-08 17:00 . 2009-01-20 13:16 -------- d-----w- c:\program files\Norton Security Scan
2010-01-08 14:19 . 2010-01-08 14:18 -------- d-----w- c:\program files\trend micro
2010-01-06 16:09 . 2010-01-06 16:09 -------- d-----w- c:\program files\CCleaner
2009-12-30 09:19 . 2008-07-24 15:13 -------- d-----w- c:\program files\FastStone Image Viewer
2009-12-29 20:17 . 2004-08-18 12:00 68736 ----a-w- c:\windows\system32\perfc005.dat
2009-12-29 20:17 . 2004-08-18 12:00 389664 ----a-w- c:\windows\system32\perfh005.dat
2009-12-24 13:16 . 2009-03-22 13:24 -------- d-----w- c:\program files\Google
2009-12-20 23:23 . 2008-08-01 20:45 -------- d-----w- c:\program files\AIMP2
2009-12-15 17:11 . 2008-06-20 11:31 -------- d-----w- c:\program files\Mořské dobrodružství
2009-11-24 12:27 . 2009-11-13 21:12 -------- d-----w- c:\program files\PokerStars.NET
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-24 66864]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-22 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"WinSys2"=c:\windows\system32\winsys2.exe
"Alcmtr"=ALCMTR.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnamon.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\frun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [18.6.2008 16:36 5248]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.8.2009 6:53 102448]
S2 gupdate1c9aaf1b7490128;Služba Google Update (gupdate1c9aaf1b7490128);c:\program files\Google\Update\GoogleUpdate.exe [22.3.2009 14:25 133104]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [24.12.2009 15:19 98984]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [7.10.2007 19:48 116664]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [18.6.2008 16:36 160640]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.6.2008 16:51 642560]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 22:11]

2010-01-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 13:24]

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 13:25]

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 13:25]

2010-01-08 c:\windows\Tasks\Norton Security Scan for Windows XP.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {1066F736-1F21-4324-AD46-01EC65E32647} = 192.168.16.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Windows XP\Data aplikací\Mozilla\Firefox\Profiles\yv7teyzx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 20:56
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1204)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(5232)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Lexmark 2600 Series\lxdnMsdMon.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\lxdncoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-08 20:57:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-08 19:57

Před spuštěním: Volných bajtů: 17 859 104 768
Po spuštění: Volných bajtů: 17 830 518 784

- - End Of File - - 9BB6494D16BE4091746600015608D047
Nahoru
pitimir
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 479
Registrován: 18 čer 2008 17:54
Bydliště: Šutrovec
Kontaktovat uživatele:
Kontaktovat uživatele pitimir

Re: asi nějaká havěť Downolader a ....

#6 Příspěvek od pitimir »

1) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\winsys2.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinSys2"=-
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.


2) Pojdes >>sem<< a das si spravit scan. Tu je navod (by sundavis):
Obrázek
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém: :!:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Nahoru
hlinik
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 08 led 2010 09:40
Bydliště: Plzeň

Re: asi nějaká havěť Downolader a ....

#7 Příspěvek od hlinik »

Ahoj Tak tady je ten scan
+ mi symantec opět nahlásil toto
symantec.JPG
(59.83 KiB) Staženo 297 x
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, January 9, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, January 09, 2010 08:23:38
Records in database: 3308085
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 41499
Threats found: 2
Infected objects found: 29
Suspicious objects found: 0
Scan duration: 00:37:24


File name / Threat / Threats count
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02E00000\4BE2412D.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02E00001\4BE2413E.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05300000\4F73120B.VBN Infected: Trojan.Win32.Buzus.crty 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05300001\4F73121E.VBN Infected: Trojan.Win32.Buzus.crty 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06000000\4F4233DD.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06000001\4F4233ED.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09380000\4B7CA7EF.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09380001\4B7CA800.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09D40000\4BD754B5.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09D40001\4BD754D4.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A9C0000\4BDF852C.VBN Infected: Trojan.Win32.Buzus.crty 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700000\4B7237AC.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700001\4B7237B9.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B900000\4BD314DA.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B900001\4BD314F2.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000\4BFF12D1.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0001\4BFF12EF.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740000\4F7733D0.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740001\4F7733E6.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80000\4FFB5D95.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80001\4FFB5DAE.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F3C0000\4F7F17AD.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F3C0001\4F7F17D5.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00000\4FE62483.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00001\4FE6249B.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FC40000.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FC40001\4FC730F0.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15E80000\5FECA192.VBN Infected: Net-Worm.Win32.Kolab.fhi 1
C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15E80001\5FECA1A8.VBN Infected: Net-Worm.Win32.Kolab.fhi 1

Selected area has been scanned.
Nahoru
pitimir
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 479
Registrován: 18 čer 2008 17:54
Bydliště: Šutrovec
Kontaktovat uživatele:
Kontaktovat uživatele pitimir

Re: asi nějaká havěť Downolader a ....

#8 Příspěvek od pitimir »

To je uz len SVI, vymaze sa pouzitim T-Clanera.

1) Docistime to:
  • Odinstaluj Combofix:
    Start -> Spustit -> (napis) combofix /uninstall
  • Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).
  • Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).

2) Vloz log z HJT.

V pripade nezrovnalosti sa >>tu<< nachadza navod.
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém: :!:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Nahoru
hlinik
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 08 led 2010 09:40
Bydliště: Plzeň

Re: asi nějaká havěť Downolader a ....

#9 Příspěvek od hlinik »

Uf :roll: tak jsem to zvládl
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:45, on 9.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis. HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1066F736-1F21-4324-AD46-01EC65E32647}: NameServer = 192.168.16.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Služba Google Update (gupdate1c9aaf1b7490128) (gupdate1c9aaf1b7490128) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 8518 bytes
Nahoru
pitimir
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 479
Registrován: 18 čer 2008 17:54
Bydliště: Šutrovec
Kontaktovat uživatele:
Kontaktovat uživatele pitimir

Re: asi nějaká havěť Downolader a ....

#10 Příspěvek od pitimir »

1) Fixni v HJT (zasrktni stvorcek pri danom riadku a stlac "Fix Checked"):

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
2) Pouzi JavaRa, mas staru Javu.


3) Skopiruj do poznamkoveho bloku:

Kód: Vybrat vše

@echo off
sc stop "NMIndexingService "
sc delete "NMIndexingService "
del %0
exit
Uloz ako del.bat (typ vsetky subory) na plochu a spust.


4) Updatuj Adobe Reader (poslednu verziu najdes >>tu<<).


A hotovo ;)
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém: :!:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Nahoru
hlinik
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 08 led 2010 09:40
Bydliště: Plzeň

Re: asi nějaká havěť Downolader a ....

#11 Příspěvek od hlinik »

Hotovo :worship:
Velice se klaním a vážím si Vaší (Tvojí pomoci)
Toto forum je opravdu super a určitě ho podpořím.
Ahoj hliník
Nahoru
pitimir
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 479
Registrován: 18 čer 2008 17:54
Bydliště: Šutrovec
Kontaktovat uživatele:
Kontaktovat uživatele pitimir

Re: asi nějaká havěť Downolader a ....

#12 Příspěvek od pitimir »

Rado sa stalo, maj sa fajn ;)
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém: :!:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“