Dobrý den, mohli byste mi prosím zkontrolovat log,antivir mi našel virus,a nějak se ho nemžu zbavit.
Název: TR/Spy.Gen2
Děkuji
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-25 17:04:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 48 GB (31%) free of 153 GB
Total RAM: 2013 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:06, on 25.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Logitech . Registrace produktu.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: winmm.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\..\svchost.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10592 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1255450112.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-23 263280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-01-23 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-02 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-02 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-23 263280]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-04-06 33603584]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-02-26 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-02-26 142360]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-02-16 87336]
"PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2008-10-13 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-02-28 75048]
"pdfFactory Pro Dispatcher v3"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2009-03-24 606208]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-02 149280]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-10-10 69632]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-01-23 39408]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
Logitech . Registrace produktu.lnk - C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="winmm.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-02-20 206848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-11-07 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-08-08 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInternetIcon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Cyanide\Blood Bowl\BloodB.exe"="C:\Program Files\Cyanide\Blood Bowl\BloodB.exe:*:Enabled:Blood Bowl"
"C:\Documents and Settings\Administrator\Dokumenty\Azureus Downloads\Nová složka\Magic\Manalink.exe"="C:\Documents and Settings\Administrator\Dokumenty\Azureus Downloads\Nová složka\Magic\Manalink.exe:*:Enabled:manalink"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-25 17:05:00 ----D---- C:\Program Files\trend micro
2010-01-25 17:04:59 ----D---- C:\rsit
2010-01-23 13:57:34 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Tropico 3
2010-01-23 13:49:25 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-01-23 13:49:23 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-01-23 13:49:23 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-01-23 13:49:22 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2010-01-23 13:49:22 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2010-01-23 13:49:22 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-01-23 13:49:22 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-01-23 13:49:21 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2010-01-23 13:49:21 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2010-01-23 13:49:21 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2010-01-23 13:49:20 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2010-01-23 13:45:37 ----D---- C:\Program Files\Kalypso
2010-01-23 13:22:51 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Logitech
2010-01-23 13:20:53 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2010-01-23 13:20:19 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2010-01-23 13:20:15 ----A---- C:\WINDOWS\system32\KemXML.dll
2010-01-23 13:20:15 ----A---- C:\WINDOWS\system32\KemWnd.dll
2010-01-23 13:20:15 ----A---- C:\WINDOWS\system32\KemUtil.dll
2010-01-23 13:20:15 ----A---- C:\WINDOWS\system32\kemutb.dll
2010-01-23 13:19:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Logitech
2010-01-23 13:19:51 ----D---- C:\Program Files\Common Files\Logishrd
2010-01-23 13:19:45 ----D---- C:\Program Files\Logitech
2010-01-23 13:19:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogiShrd
2010-01-23 13:18:56 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-01-23 10:04:51 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-23 10:04:34 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-23 09:11:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-22 18:31:43 ----D---- C:\Program Files\Adobe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\zip.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\SWSC.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\SWREG.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\sed.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\PEV.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\MBR.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\grep.exe
2010-01-22 14:12:41 ----D---- C:\WINDOWS\ERDNT
2010-01-22 14:11:26 ----SD---- C:\ComboFix
2010-01-22 14:10:27 ----D---- C:\Qoobox
2010-01-22 12:24:34 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Uniblue
2010-01-22 11:23:57 ----D---- C:\Program Files\Ultimate Process Manager
2010-01-22 11:19:24 ----D---- C:\Program Files\Reimage
2010-01-17 20:35:39 ----HDC---- C:\WINDOWS\ie8
2010-01-17 16:49:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-01-17 16:41:03 ----D---- C:\Program Files\CCleaner
2010-01-17 12:22:00 ----D---- C:\WINDOWS\pss
2010-01-01 13:29:33 ----D---- C:\Program Files\Aml Pages
2010-01-01 12:57:39 ----D---- C:\Program Files\Visual Zip Password Recovery
======List of files/folders modified in the last 1 months======
2010-01-25 17:05:00 ----RD---- C:\Program Files
2010-01-25 17:02:42 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2010-01-25 17:02:37 ----D---- C:\WINDOWS\Prefetch
2010-01-25 15:46:56 ----D---- C:\WINDOWS\Temp
2010-01-25 15:46:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-24 14:58:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Temp
2010-01-24 12:09:42 ----D---- C:\Documents and Settings\Administrator\Data aplikací\vlc
2010-01-24 09:33:23 ----D---- C:\WINDOWS
2010-01-23 13:53:25 ----HD---- C:\WINDOWS\inf
2010-01-23 13:49:29 ----D---- C:\WINDOWS\system32\DirectX
2010-01-23 13:49:28 ----D---- C:\WINDOWS\system32
2010-01-23 13:49:02 ----RSD---- C:\WINDOWS\assembly
2010-01-23 13:48:30 ----SHD---- C:\WINDOWS\Installer
2010-01-23 13:45:37 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-23 13:36:25 ----D---- C:\Program Files\Google
2010-01-23 13:21:27 ----D---- C:\WINDOWS\system32\drivers
2010-01-23 13:21:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-23 13:21:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-23 13:19:51 ----D---- C:\Program Files\Common Files
2010-01-23 10:04:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-01-23 09:53:27 ----D---- C:\Program Files\EA Sports
2010-01-22 18:31:52 ----D---- C:\Program Files\Common Files\Adobe
2010-01-22 18:31:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-01-22 14:12:49 ----SHD---- C:\System Volume Information
2010-01-22 14:12:49 ----D---- C:\WINDOWS\system32\Restore
2010-01-22 11:22:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-17 20:38:27 ----D---- C:\WINDOWS\system32\cs-cz
2010-01-17 20:38:27 ----D---- C:\WINDOWS\Media
2010-01-17 20:38:27 ----D---- C:\WINDOWS\Help
2010-01-17 20:38:27 ----D---- C:\Program Files\Internet Explorer
2010-01-17 20:24:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-17 16:49:05 ----SD---- C:\WINDOWS\Tasks
2010-01-17 16:43:25 ----D---- C:\Program Files\Electronic Arts
2010-01-17 16:43:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
2010-01-12 17:38:47 ----D---- C:\Program Files\World of Warcraft
2010-01-04 11:31:10 ----D---- C:\Program Files\ICQ6.5
2010-01-03 10:46:26 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Google
2010-01-02 12:48:32 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/31 12:52:55]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2008-09-26 10384]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-02-20 6312864]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-03-26 1086208]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 afe43mya;afe43mya; C:\WINDOWS\system32\drivers\afe43mya.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-14 272896]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 148168]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-09-26 20240]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-08-08 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-08-08 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-12 258103]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-02 153376]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S2 msupdate;Microsoft security update service; c:\windows\system32\..\svchost.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-23 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-11-07 121360]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119403
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
22.1. jste dělal sken ComboFix. Dejte z něj log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Combo Fix jsem spustil,poté mi naběhlo,že nemám v pc nějaký program, a začalo se mi něco stahovat ze stránek Microsoftu,poté jsem to zrušil.
Takže sken neproběhl až dokonce,log tudíž nemám.
Poté co jsem navštívil toto forum jsem zjistil,že preferujete 1.log z programu RSIT.
Mám udělat teď aktuální log z Combofixu?
Takže sken neproběhl až dokonce,log tudíž nemám.
Poté co jsem navštívil toto forum jsem zjistil,že preferujete 1.log z programu RSIT.
Mám udělat teď aktuální log z Combofixu?
-
Rudy
- Site Admin
- Příspěvky: 119403
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
RSIT je prvotní sken, aby rádce mohl rozhodnout, co dál použít. CF udělejte, ale v nouz. režimu, Konzolu pro zotavení neinstalujte a hlavně: při chodu CF nikam a na nic neklikejte. Mohl by se poškodit systém.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Přikládám log z CF:
ComboFix 10-01-21.07 - Administrator 25.01.2010 20:00:37.1.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2013.1769 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSUPDATE
-------\Service_msupdate
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.
2010-01-25 18:56 . 2010-01-25 18:57 -------- d-----w- C:\32788R22FWJFW
2010-01-25 16:05 . 2010-01-25 16:05 -------- d-----w- c:\program files\trend micro
2010-01-25 16:04 . 2010-01-25 16:05 -------- d-----w- C:\rsit
2010-01-23 12:49 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2010-01-23 12:49 . 2008-10-15 06:03 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-01-23 12:49 . 2008-10-15 06:03 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-01-23 12:49 . 2008-10-15 06:03 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-01-23 12:49 . 2008-10-15 06:03 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-01-23 12:49 . 2008-07-30 05:20 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-01-23 12:49 . 2008-07-30 05:20 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-01-23 12:49 . 2008-07-30 05:20 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-01-23 12:49 . 2008-07-10 10:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-01-23 12:49 . 2008-07-10 10:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-01-23 12:49 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-01-23 12:45 . 2010-01-23 12:45 -------- d-----w- c:\program files\Kalypso
2010-01-23 12:21 . 2008-09-26 08:52 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-01-23 12:20 . 2008-11-07 15:37 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-23 12:20 . 2008-11-07 15:38 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-23 12:20 . 2008-11-07 15:38 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-23 12:20 . 2008-11-07 15:38 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-23 12:20 . 2008-11-07 15:38 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-23 12:19 . 2010-01-23 12:22 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-23 12:19 . 2010-01-23 12:19 -------- d-----w- c:\program files\Logitech
2010-01-23 12:18 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-01-23 12:18 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-01-23 12:18 . 2008-04-14 06:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-01-23 12:18 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-01-23 09:04 . 2010-01-23 09:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-23 09:04 . 2010-01-23 12:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-22 10:23 . 2010-01-22 10:24 -------- d-----w- c:\program files\Ultimate Process Manager
2010-01-22 10:19 . 2010-01-22 10:21 -------- d-----w- c:\program files\Reimage
2010-01-22 08:33 . 2010-01-22 08:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-22 08:33 . 2010-01-22 08:33 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-01-17 19:43 . 2010-01-17 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-01-17 19:42 . 2010-01-17 19:42 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-17 19:38 . 2010-01-17 19:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-17 19:35 . 2010-01-17 19:37 -------- dc-h--w- c:\windows\ie8
2010-01-17 15:41 . 2010-01-17 15:41 -------- d-----w- c:\program files\CCleaner
2010-01-01 12:29 . 2010-01-01 12:33 -------- d-----w- c:\program files\Aml Pages
2010-01-01 11:57 . 2010-01-01 12:00 -------- d-----w- c:\program files\Visual Zip Password Recovery
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 19:08 . 2009-10-30 22:36 -------- d-----w- c:\program files\ICQ6.5
2010-01-23 12:45 . 2009-08-31 21:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 12:36 . 2009-11-07 17:22 -------- d-----w- c:\program files\Google
2010-01-23 12:21 . 2010-01-23 12:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-23 12:21 . 2010-01-23 12:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-23 12:20 . 2010-01-23 12:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-23 09:04 . 2009-09-02 10:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-23 08:53 . 2009-10-19 17:18 -------- d-----w- c:\program files\EA Sports
2010-01-22 17:31 . 2009-08-31 17:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-17 15:43 . 2009-09-02 11:08 -------- d-----w- c:\program files\Electronic Arts
2010-01-12 16:38 . 2009-09-01 16:06 -------- d-----w- c:\program files\World of Warcraft
2009-12-16 20:48 . 2001-10-25 12:00 76696 ----a-w- c:\windows\system32\perfc005.dat
2009-12-16 20:48 . 2001-10-25 12:00 424356 ----a-w- c:\windows\system32\perfh005.dat
2009-12-07 16:50 . 2009-09-15 19:34 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-02 18:37 . 2009-12-02 18:37 -------- d-----w- c:\program files\WIDCOMM
2009-12-02 14:40 . 2009-12-02 14:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-02 14:40 . 2009-12-01 16:35 -------- d-----w- c:\program files\Java
2009-12-01 16:35 . 2009-12-01 16:35 -------- d-----w- c:\program files\Common Files\Java
2009-11-21 16:45 . 2009-11-21 16:45 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-11-07 17:22 . 2009-10-31 11:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-31 11:51 . 2009-10-31 11:52 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-31 11:51 . 2009-10-31 11:52 29480 ----a-w- c:\windows\system32\msxml3a.dll
.
------- Sigcheck -------
[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\documents and settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-07-14 150768]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-14 15:14 150768 ----a-w- c:\documents and settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-23 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-04-06 33603584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 142360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-03-24 606208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-02 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech . Registrace produktu.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-23 809488]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2009-11-11 315392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 15:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=c:\docume~1\ADMINI~1\LOCALS~1\Temp\geih.old 2nHAPKGEHD
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.9.2009 11:50 691696]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/31 12:52];c:\program files\CyberLink\PowerDVD9\000.fcl [28.2.2009 19:40 87536]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15.9.2009 20:34 108289]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23.1.2010 13:21 10384]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [31.8.2009 16:30 1086208]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-13 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4255450112.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 20:28
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spfy.sys >>UNKNOWN [0x89DC8938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> prosync1.sys @ 0xba5b06c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d12bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d1fa21
SendHandler -> NDIS.sys @ 0xb9cfd87b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-776561741-1563985344-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,e1,2b,25,1e,38,03,4c,b8,3d,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,e1,2b,25,1e,38,03,4c,b8,3d,7c,\
[HKEY_USERS\S-1-5-21-776561741-1563985344-1801674531-500\Software\SecuROM\License information*]
"datasecu"=hex:b5,a3,b1,e0,87,4f,46,a4,f0,ae,fb,59,6d,a0,35,70,fb,62,a1,66,59,
f7,09,c5,97,80,fb,9f,22,67,db,28,04,e3,55,13,63,46,13,ee,a9,90,63,2c,39,32,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(592)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\jsproxy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-01-25 20:30:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-25 19:30
Před spuštěním: Volných bajtů: 53 897 084 928
Po spuštění: Volných bajtů: 53 803 053 056
- - End Of File - - 8D0CE833CDB4948C4EAE24DAAF41707E
ComboFix 10-01-21.07 - Administrator 25.01.2010 20:00:37.1.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2013.1769 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSUPDATE
-------\Service_msupdate
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.
2010-01-25 18:56 . 2010-01-25 18:57 -------- d-----w- C:\32788R22FWJFW
2010-01-25 16:05 . 2010-01-25 16:05 -------- d-----w- c:\program files\trend micro
2010-01-25 16:04 . 2010-01-25 16:05 -------- d-----w- C:\rsit
2010-01-23 12:49 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2010-01-23 12:49 . 2008-10-15 06:03 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-01-23 12:49 . 2008-10-15 06:03 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-01-23 12:49 . 2008-10-15 06:03 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-01-23 12:49 . 2008-10-15 06:03 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-01-23 12:49 . 2008-07-30 05:20 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-01-23 12:49 . 2008-07-30 05:20 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-01-23 12:49 . 2008-07-30 05:20 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-01-23 12:49 . 2008-07-10 10:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-01-23 12:49 . 2008-07-10 10:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-01-23 12:49 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-01-23 12:45 . 2010-01-23 12:45 -------- d-----w- c:\program files\Kalypso
2010-01-23 12:21 . 2008-09-26 08:52 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-01-23 12:20 . 2008-11-07 15:37 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-23 12:20 . 2008-11-07 15:38 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-23 12:20 . 2008-11-07 15:38 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-23 12:20 . 2008-11-07 15:38 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-23 12:20 . 2008-11-07 15:38 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-23 12:19 . 2010-01-23 12:22 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-23 12:19 . 2010-01-23 12:19 -------- d-----w- c:\program files\Logitech
2010-01-23 12:18 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-01-23 12:18 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-01-23 12:18 . 2008-04-14 06:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-01-23 12:18 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-01-23 09:04 . 2010-01-23 09:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-23 09:04 . 2010-01-23 12:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-22 10:23 . 2010-01-22 10:24 -------- d-----w- c:\program files\Ultimate Process Manager
2010-01-22 10:19 . 2010-01-22 10:21 -------- d-----w- c:\program files\Reimage
2010-01-22 08:33 . 2010-01-22 08:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-22 08:33 . 2010-01-22 08:33 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-01-17 19:43 . 2010-01-17 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-01-17 19:42 . 2010-01-17 19:42 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-17 19:38 . 2010-01-17 19:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-17 19:35 . 2010-01-17 19:37 -------- dc-h--w- c:\windows\ie8
2010-01-17 15:41 . 2010-01-17 15:41 -------- d-----w- c:\program files\CCleaner
2010-01-01 12:29 . 2010-01-01 12:33 -------- d-----w- c:\program files\Aml Pages
2010-01-01 11:57 . 2010-01-01 12:00 -------- d-----w- c:\program files\Visual Zip Password Recovery
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 19:08 . 2009-10-30 22:36 -------- d-----w- c:\program files\ICQ6.5
2010-01-23 12:45 . 2009-08-31 21:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 12:36 . 2009-11-07 17:22 -------- d-----w- c:\program files\Google
2010-01-23 12:21 . 2010-01-23 12:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-23 12:21 . 2010-01-23 12:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-23 12:20 . 2010-01-23 12:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-23 09:04 . 2009-09-02 10:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-23 08:53 . 2009-10-19 17:18 -------- d-----w- c:\program files\EA Sports
2010-01-22 17:31 . 2009-08-31 17:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-17 15:43 . 2009-09-02 11:08 -------- d-----w- c:\program files\Electronic Arts
2010-01-12 16:38 . 2009-09-01 16:06 -------- d-----w- c:\program files\World of Warcraft
2009-12-16 20:48 . 2001-10-25 12:00 76696 ----a-w- c:\windows\system32\perfc005.dat
2009-12-16 20:48 . 2001-10-25 12:00 424356 ----a-w- c:\windows\system32\perfh005.dat
2009-12-07 16:50 . 2009-09-15 19:34 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-02 18:37 . 2009-12-02 18:37 -------- d-----w- c:\program files\WIDCOMM
2009-12-02 14:40 . 2009-12-02 14:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-02 14:40 . 2009-12-01 16:35 -------- d-----w- c:\program files\Java
2009-12-01 16:35 . 2009-12-01 16:35 -------- d-----w- c:\program files\Common Files\Java
2009-11-21 16:45 . 2009-11-21 16:45 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-11-07 17:22 . 2009-10-31 11:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-31 11:51 . 2009-10-31 11:52 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-31 11:51 . 2009-10-31 11:52 29480 ----a-w- c:\windows\system32\msxml3a.dll
.
------- Sigcheck -------
[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\documents and settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-07-14 150768]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-14 15:14 150768 ----a-w- c:\documents and settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-23 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-04-06 33603584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 142360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-03-24 606208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-02 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech . Registrace produktu.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-23 809488]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2009-11-11 315392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 15:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=c:\docume~1\ADMINI~1\LOCALS~1\Temp\geih.old 2nHAPKGEHD
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.9.2009 11:50 691696]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/31 12:52];c:\program files\CyberLink\PowerDVD9\000.fcl [28.2.2009 19:40 87536]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15.9.2009 20:34 108289]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23.1.2010 13:21 10384]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [31.8.2009 16:30 1086208]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-13 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4255450112.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 20:28
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spfy.sys >>UNKNOWN [0x89DC8938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> prosync1.sys @ 0xba5b06c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d12bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d1fa21
SendHandler -> NDIS.sys @ 0xb9cfd87b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-776561741-1563985344-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,e1,2b,25,1e,38,03,4c,b8,3d,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,e1,2b,25,1e,38,03,4c,b8,3d,7c,\
[HKEY_USERS\S-1-5-21-776561741-1563985344-1801674531-500\Software\SecuROM\License information*]
"datasecu"=hex:b5,a3,b1,e0,87,4f,46,a4,f0,ae,fb,59,6d,a0,35,70,fb,62,a1,66,59,
f7,09,c5,97,80,fb,9f,22,67,db,28,04,e3,55,13,63,46,13,ee,a9,90,63,2c,39,32,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(592)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\jsproxy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-01-25 20:30:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-25 19:30
Před spuštěním: Volných bajtů: 53 897 084 928
Po spuštění: Volných bajtů: 53 803 053 056
- - End Of File - - 8D0CE833CDB4948C4EAE24DAAF41707E
-
Rudy
- Site Admin
- Příspěvky: 119403
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
2 položky smazány, zbytek logu vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Ještě jsem to pro kontrolu projel antivirakem.
Našlo mi to to stejné, + ještě se objevil nějaký malware.
geih.old - v tomto programu hlásí prve zmíněný virus, po manuálním smazání se tam za pár sekund znovu objeví.
Pro info přikládám log ze scanu:
Avira AntiVir Personal
Report file date: 25. ledna 2010 20:47
Scanning for 1643218 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HOME-COMPIK
Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 2.12.2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 19.11.2009 17:55:54
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.2.2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.2.2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.2.2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 17:55:54
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 17:55:27
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.1.2010 08:17:03
VBASE003.VDF : 7.10.3.2 2048 Bytes 20.1.2010 08:17:03
VBASE004.VDF : 7.10.3.3 2048 Bytes 20.1.2010 08:17:03
VBASE005.VDF : 7.10.3.4 2048 Bytes 20.1.2010 08:17:03
VBASE006.VDF : 7.10.3.5 2048 Bytes 20.1.2010 08:17:03
VBASE007.VDF : 7.10.3.6 2048 Bytes 20.1.2010 08:17:04
VBASE008.VDF : 7.10.3.7 2048 Bytes 20.1.2010 08:17:04
VBASE009.VDF : 7.10.3.8 2048 Bytes 20.1.2010 08:17:04
VBASE010.VDF : 7.10.3.9 2048 Bytes 20.1.2010 08:17:04
VBASE011.VDF : 7.10.3.10 2048 Bytes 20.1.2010 08:17:04
VBASE012.VDF : 7.10.3.11 2048 Bytes 20.1.2010 08:17:05
VBASE013.VDF : 7.10.3.12 2048 Bytes 20.1.2010 08:17:05
VBASE014.VDF : 7.10.3.45 173568 Bytes 22.1.2010 18:30:18
VBASE015.VDF : 7.10.3.46 2048 Bytes 22.1.2010 18:30:18
VBASE016.VDF : 7.10.3.47 2048 Bytes 22.1.2010 18:30:18
VBASE017.VDF : 7.10.3.48 2048 Bytes 22.1.2010 18:30:18
VBASE018.VDF : 7.10.3.49 2048 Bytes 22.1.2010 18:30:18
VBASE019.VDF : 7.10.3.50 2048 Bytes 22.1.2010 18:30:18
VBASE020.VDF : 7.10.3.51 2048 Bytes 22.1.2010 18:30:18
VBASE021.VDF : 7.10.3.52 2048 Bytes 22.1.2010 18:30:18
VBASE022.VDF : 7.10.3.53 2048 Bytes 22.1.2010 18:30:18
VBASE023.VDF : 7.10.3.54 2048 Bytes 22.1.2010 18:30:19
VBASE024.VDF : 7.10.3.55 2048 Bytes 22.1.2010 18:30:19
VBASE025.VDF : 7.10.3.56 2048 Bytes 22.1.2010 18:30:19
VBASE026.VDF : 7.10.3.57 2048 Bytes 22.1.2010 18:30:19
VBASE027.VDF : 7.10.3.58 2048 Bytes 22.1.2010 18:30:19
VBASE028.VDF : 7.10.3.59 2048 Bytes 22.1.2010 18:30:19
VBASE029.VDF : 7.10.3.60 2048 Bytes 22.1.2010 18:30:19
VBASE030.VDF : 7.10.3.61 2048 Bytes 22.1.2010 18:30:19
VBASE031.VDF : 7.10.3.68 159232 Bytes 25.1.2010 18:30:19
Engineversion : 8.2.1.150
AEVDF.DLL : 8.1.1.3 106868 Bytes 25.1.2010 18:30:20
AESCRIPT.DLL : 8.1.3.12 823675 Bytes 25.1.2010 18:30:20
AESCN.DLL : 8.1.3.1 127348 Bytes 22.1.2010 08:17:28
AESBX.DLL : 8.1.1.1 246132 Bytes 19.11.2009 17:55:54
AERDL.DLL : 8.1.3.4 479605 Bytes 1.12.2009 14:53:49
AEPACK.DLL : 8.2.0.5 422262 Bytes 22.1.2010 08:17:27
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23.7.2009 08:59:39
AEHEUR.DLL : 8.1.0.195 2232695 Bytes 22.1.2010 08:17:25
AEHELP.DLL : 8.1.10.0 237942 Bytes 22.1.2010 08:17:16
AEGEN.DLL : 8.1.1.83 369014 Bytes 22.1.2010 08:17:14
AEEMU.DLL : 8.1.1.0 393587 Bytes 3.10.2009 05:28:01
AECORE.DLL : 8.1.9.5 184693 Bytes 22.1.2010 08:17:11
AEBB.DLL : 8.1.0.3 53618 Bytes 9.10.2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 15.9.2009 19:35:56
AVREP.DLL : 8.0.0.3 155905 Bytes 20.1.2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5.12.2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.3.2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.1.2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.1.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2.2.2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5.12.2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.5.2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 19.11.2009 17:55:53
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Optimised scan......................: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+JOKE,+PFS,+SPR,
Start of the scan: 25. ledna 2010 20:47
Starting search for hidden objects.
'33533' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '67' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Administrator\Dokumenty\Dokumenty\Hudba\MP3\Simple plan\Still Not Getting Any (Limited Edition-2004)\Lyrics\11 - Untitled_soubory\ysb_prompt.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
C:\Documents and Settings\Administrator\Local Settings\temp\geih.old
[DETECTION] Is the TR/Spy.Gen2 Trojan
C:\RECYCLER\S-1-5-21-776561741-1563985344-1801674531-500\Dc1.old
[DETECTION] Is the TR/Spy.Gen2 Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Beginning disinfection:
C:\Documents and Settings\Administrator\Dokumenty\Dokumenty\Hudba\MP3\Simple plan\Still Not Getting Any (Limited Edition-2004)\Lyrics\11 - Untitled_soubory\ysb_prompt.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4bbff931.qua'!
C:\Documents and Settings\Administrator\Local Settings\temp\geih.old
[DETECTION] Is the TR/Spy.Gen2 Trojan
[NOTE] The file was moved to '4bc6f924.qua'!
C:\RECYCLER\S-1-5-21-776561741-1563985344-1801674531-500\Dc1.old
[DETECTION] Is the TR/Spy.Gen2 Trojan
[NOTE] The file was moved to '4b8ef922.qua'!
End of the scan: 25. ledna 2010 21:02
Used time: 13:37 Minute(s)
The scan has been done completely.
5003 Scanned directories
207160 Files were scanned
2 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
207155 Files not concerned
1354 Archives were scanned
2 Warnings
4 Notes
33533 Objects were scanned with rootkit scan
0 Hidden objects were found
Našlo mi to to stejné, + ještě se objevil nějaký malware.
geih.old - v tomto programu hlásí prve zmíněný virus, po manuálním smazání se tam za pár sekund znovu objeví.
Pro info přikládám log ze scanu:
Avira AntiVir Personal
Report file date: 25. ledna 2010 20:47
Scanning for 1643218 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HOME-COMPIK
Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 2.12.2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 19.11.2009 17:55:54
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.2.2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.2.2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.2.2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 17:55:54
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 17:55:27
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.1.2010 08:17:03
VBASE003.VDF : 7.10.3.2 2048 Bytes 20.1.2010 08:17:03
VBASE004.VDF : 7.10.3.3 2048 Bytes 20.1.2010 08:17:03
VBASE005.VDF : 7.10.3.4 2048 Bytes 20.1.2010 08:17:03
VBASE006.VDF : 7.10.3.5 2048 Bytes 20.1.2010 08:17:03
VBASE007.VDF : 7.10.3.6 2048 Bytes 20.1.2010 08:17:04
VBASE008.VDF : 7.10.3.7 2048 Bytes 20.1.2010 08:17:04
VBASE009.VDF : 7.10.3.8 2048 Bytes 20.1.2010 08:17:04
VBASE010.VDF : 7.10.3.9 2048 Bytes 20.1.2010 08:17:04
VBASE011.VDF : 7.10.3.10 2048 Bytes 20.1.2010 08:17:04
VBASE012.VDF : 7.10.3.11 2048 Bytes 20.1.2010 08:17:05
VBASE013.VDF : 7.10.3.12 2048 Bytes 20.1.2010 08:17:05
VBASE014.VDF : 7.10.3.45 173568 Bytes 22.1.2010 18:30:18
VBASE015.VDF : 7.10.3.46 2048 Bytes 22.1.2010 18:30:18
VBASE016.VDF : 7.10.3.47 2048 Bytes 22.1.2010 18:30:18
VBASE017.VDF : 7.10.3.48 2048 Bytes 22.1.2010 18:30:18
VBASE018.VDF : 7.10.3.49 2048 Bytes 22.1.2010 18:30:18
VBASE019.VDF : 7.10.3.50 2048 Bytes 22.1.2010 18:30:18
VBASE020.VDF : 7.10.3.51 2048 Bytes 22.1.2010 18:30:18
VBASE021.VDF : 7.10.3.52 2048 Bytes 22.1.2010 18:30:18
VBASE022.VDF : 7.10.3.53 2048 Bytes 22.1.2010 18:30:18
VBASE023.VDF : 7.10.3.54 2048 Bytes 22.1.2010 18:30:19
VBASE024.VDF : 7.10.3.55 2048 Bytes 22.1.2010 18:30:19
VBASE025.VDF : 7.10.3.56 2048 Bytes 22.1.2010 18:30:19
VBASE026.VDF : 7.10.3.57 2048 Bytes 22.1.2010 18:30:19
VBASE027.VDF : 7.10.3.58 2048 Bytes 22.1.2010 18:30:19
VBASE028.VDF : 7.10.3.59 2048 Bytes 22.1.2010 18:30:19
VBASE029.VDF : 7.10.3.60 2048 Bytes 22.1.2010 18:30:19
VBASE030.VDF : 7.10.3.61 2048 Bytes 22.1.2010 18:30:19
VBASE031.VDF : 7.10.3.68 159232 Bytes 25.1.2010 18:30:19
Engineversion : 8.2.1.150
AEVDF.DLL : 8.1.1.3 106868 Bytes 25.1.2010 18:30:20
AESCRIPT.DLL : 8.1.3.12 823675 Bytes 25.1.2010 18:30:20
AESCN.DLL : 8.1.3.1 127348 Bytes 22.1.2010 08:17:28
AESBX.DLL : 8.1.1.1 246132 Bytes 19.11.2009 17:55:54
AERDL.DLL : 8.1.3.4 479605 Bytes 1.12.2009 14:53:49
AEPACK.DLL : 8.2.0.5 422262 Bytes 22.1.2010 08:17:27
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23.7.2009 08:59:39
AEHEUR.DLL : 8.1.0.195 2232695 Bytes 22.1.2010 08:17:25
AEHELP.DLL : 8.1.10.0 237942 Bytes 22.1.2010 08:17:16
AEGEN.DLL : 8.1.1.83 369014 Bytes 22.1.2010 08:17:14
AEEMU.DLL : 8.1.1.0 393587 Bytes 3.10.2009 05:28:01
AECORE.DLL : 8.1.9.5 184693 Bytes 22.1.2010 08:17:11
AEBB.DLL : 8.1.0.3 53618 Bytes 9.10.2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 15.9.2009 19:35:56
AVREP.DLL : 8.0.0.3 155905 Bytes 20.1.2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5.12.2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.3.2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.1.2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.1.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2.2.2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5.12.2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.5.2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 19.11.2009 17:55:53
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Optimised scan......................: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+JOKE,+PFS,+SPR,
Start of the scan: 25. ledna 2010 20:47
Starting search for hidden objects.
'33533' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '67' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Administrator\Dokumenty\Dokumenty\Hudba\MP3\Simple plan\Still Not Getting Any (Limited Edition-2004)\Lyrics\11 - Untitled_soubory\ysb_prompt.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
C:\Documents and Settings\Administrator\Local Settings\temp\geih.old
[DETECTION] Is the TR/Spy.Gen2 Trojan
C:\RECYCLER\S-1-5-21-776561741-1563985344-1801674531-500\Dc1.old
[DETECTION] Is the TR/Spy.Gen2 Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Beginning disinfection:
C:\Documents and Settings\Administrator\Dokumenty\Dokumenty\Hudba\MP3\Simple plan\Still Not Getting Any (Limited Edition-2004)\Lyrics\11 - Untitled_soubory\ysb_prompt.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4bbff931.qua'!
C:\Documents and Settings\Administrator\Local Settings\temp\geih.old
[DETECTION] Is the TR/Spy.Gen2 Trojan
[NOTE] The file was moved to '4bc6f924.qua'!
C:\RECYCLER\S-1-5-21-776561741-1563985344-1801674531-500\Dc1.old
[DETECTION] Is the TR/Spy.Gen2 Trojan
[NOTE] The file was moved to '4b8ef922.qua'!
End of the scan: 25. ledna 2010 21:02
Used time: 13:37 Minute(s)
The scan has been done completely.
5003 Scanned directories
207160 Files were scanned
2 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
207155 Files not concerned
1354 Archives were scanned
2 Warnings
4 Notes
33533 Objects were scanned with rootkit scan
0 Hidden objects were found
-
Rudy
- Site Admin
- Příspěvky: 119403
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Ano. AV dal infikované objekty do karantény.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Projel jsem to ještě jednou, AV našel opět ten soubor geih.old. Pak jsem zkusil reset.
Po restartu Pc mi ihned vyběhne asi 3-8 varoných oken s nalezením výšše uvedeného viru.
Po restartu Pc mi ihned vyběhne asi 3-8 varoných oken s nalezením výšše uvedeného viru.
-
Rudy
- Site Admin
- Příspěvky: 119403
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Ten by ho měl sejmout.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Mnohokrát děkuji,problém byl úspěšně vyřešen 
!!
!!-
Rudy
- Site Admin
- Příspěvky: 119403
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?