Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Win32: Spyware-gen[spy] ->> problémy s hardwarem.

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
MikoKopi
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 28 úno 2009 23:17

Win32: Spyware-gen[spy] ->> problémy s hardwarem.

#1 Příspěvek od MikoKopi »

Dobrý den,
prosil bych o kontrolu logu z RSIT. Avast mi hlásil před 4 dny, že při stahování narazil na výše uvedený Vir a nabídl akci po restartu smazat. Po provedení této akce mi přestala fungovat Wi-fi karta a ve správci zařízení ani není uvedena, takže to vypadá jako můj PC ani Wi-fi kartu neměl. Občas se mi stává že Wi-fi karta se najednou zprovozní a v systému naskočí ale není to pravidelně ani v souvislosti se spuštěním nějaké akce které bych si byl vědom. Podotýkám, že přeinstalovat ovladače jak základní desky tak Wi-fi jsem zkusil a nepomohlo. Je možné že to spolu nesouvisí (Wifi a vir), ale jen pro jistotu bych se rád přesvědčil že v PC opravdu nic nemám. Děkuji za rady.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Massimo at 2010-02-05 00:15:04
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 389 MB (1%) free of 36 GB
Total RAM: 1918 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15, on 2010-02-05
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\=Thunderbirdportable=\ThunderbirdPortable.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gKbStatus.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
D:\Program Files\=Thunderbirdportable=\App\thunderbird\thunderbird.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Windows\system32\msinfo32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\mmc.exe
D:\Programs\=DeretizacePC=\hijackthis.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
D:\Programs\=DeretizacePC=\RSIT.exe
D:\Programs\=DeretizacePC=\Massimo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\SPYBOT~1\SDHelper.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\Program Files\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Users\Massimo\AppData\Local\Temp\E_S3180.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-2649372418-2571513921-1631211793-1003\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Lucinka')
O4 - HKUS\S-1-5-21-2649372418-2571513921-1631211793-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Lucinka')
O4 - HKUS\S-1-5-21-2649372418-2571513921-1631211793-1003\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Users\Massimo\AppData\Local\Temp\E_S3180.tmp" /EF "HKCU" (User 'Lucinka')
O4 - HKUS\S-1-5-21-2649372418-2571513921-1631211793-1003\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User 'Lucinka')
O4 - Startup: Thunderbird.lnk = D:\Program Files\=Thunderbirdportable=\ThunderbirdPortable.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer\Add_AllO.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Flash - {5699BDDB-A771-4E54-ACBB-BE86921D7892} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
O23 - Service: McciCMService - Unknown owner - C:\Program Files\Common Files\Motive\McciCMService.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11905 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2649372418-2571513921-1631211793-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2649372418-2571513921-1631211793-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{41CE75F6-47DA-4D98-8795-9476F5049CA4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2009-07-22 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2008-04-09 2595792]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-04-09 909208]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-04-09 136472]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]
"avast!"=C:\Program Files\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-09-15 1021224]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2007-12-17 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"EPSON SX100 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE [2008-02-05 188928]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-08-30 4608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]

C:\Users\Massimo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Thunderbird.lnk - D:\Program Files\=Thunderbirdportable=\ThunderbirdPortable.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-03-18 233888]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=Vista registred
"legalnoticetext"=Stay alert!!!
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0
"EnableUIADesktopToggle"=0
"DisableStartupSound"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{143796bd-f4d9-11dc-87aa-806e6f6e6963}]
shell\AutoRun\command - E:\Setup.exe


======File associations======

.js - edit - "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE" /verb edit "%1"
.js - open - "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE" /verb open "%1"

======List of files/folders created in the last 1 months======

2010-02-05 00:15:04 ----D---- C:\rsit
2010-02-03 17:04:50 ----D---- C:\Windows\system32\Adobe
2010-02-03 16:56:12 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-02 18:39:41 ----A---- C:\Windows\gmer.ini
2010-02-02 18:39:39 ----A---- C:\Windows\gmer_uninstall.cmd
2010-02-02 18:39:39 ----A---- C:\Windows\gmer.exe
2010-02-02 18:39:39 ----A---- C:\Windows\gmer.dll
2010-02-02 18:17:31 ----D---- C:\Users\Massimo\AppData\Roaming\Malwarebytes
2010-02-02 18:17:25 ----D---- C:\ProgramData\Malwarebytes
2010-02-02 17:40:32 ----A---- C:\Windows\NIRCMD.exe
2010-02-02 17:40:31 ----A---- C:\Windows\zip.exe
2010-02-02 17:40:31 ----A---- C:\Windows\VFIND.exe
2010-02-02 17:40:31 ----A---- C:\Windows\SWXCACLS.exe
2010-02-02 17:40:31 ----A---- C:\Windows\SWSC.exe
2010-02-02 17:40:31 ----A---- C:\Windows\SWREG.exe
2010-02-02 17:40:31 ----A---- C:\Windows\sed.exe
2010-02-02 17:40:31 ----A---- C:\Windows\grep.exe
2010-02-02 17:40:31 ----A---- C:\Windows\fdsv.exe
2010-02-02 17:40:18 ----D---- C:\ComboFix
2010-02-02 17:40:18 ----A---- C:\Windows\system32\CF21733.exe
2010-02-02 17:40:17 ----A---- C:\Windows\system32\swsc.exe
2010-01-28 15:25:45 ----D---- C:\Genius
2010-01-24 12:08:45 ----D---- C:\Program Files\Trust
2010-01-14 16:18:13 ----D---- C:\Program Files\7-Zip

======List of files/folders modified in the last 1 months======

2010-02-05 00:15:23 ----D---- C:\Windows\Temp
2010-02-05 00:14:08 ----D---- C:\Windows\Internet Logs
2010-02-05 00:10:55 ----HD---- C:\ProgramData
2010-02-05 00:01:41 ----D---- C:\Windows
2010-02-04 23:38:20 ----RD---- C:\Program Files
2010-02-04 23:38:19 ----D---- C:\Windows\system32\drivers
2010-02-04 23:15:55 ----D---- C:\Windows\registration
2010-02-04 23:00:39 ----D---- C:\Users\Massimo\AppData\Roaming\ICQ
2010-02-04 22:55:57 ----A---- C:\Windows\WDICT32.INI
2010-02-04 17:15:18 ----D---- C:\Users\Massimo\AppData\Roaming\FlashGet
2010-02-03 21:55:58 ----D---- C:\Windows\tracing
2010-02-03 17:41:20 ----D---- C:\Windows\pss
2010-02-03 17:12:59 ----SHD---- C:\Windows\Installer
2010-02-03 17:07:48 ----D---- C:\Program Files\Foxit Reader
2010-02-03 17:04:50 ----D---- C:\Windows\System32
2010-02-03 16:56:12 ----D---- C:\Program Files\Common Files
2010-02-03 16:53:54 ----D---- C:\Windows\system32\Macromed
2010-02-03 16:40:45 ----D---- C:\Program Files\Mozilla Firefox
2010-02-03 16:38:11 ----D---- C:\Windows\Tasks
2010-02-03 16:38:11 ----D---- C:\Windows\system32\Tasks
2010-02-02 22:01:16 ----D---- C:\Windows\Prefetch
2010-02-02 19:55:52 ----A---- C:\Windows\NeroDigital.ini
2010-02-02 18:07:08 ----D---- C:\Windows\system32\catroot
2010-02-02 18:07:08 ----D---- C:\Windows\inf
2010-02-02 17:40:19 ----D---- C:\Windows\ERDNT
2010-02-02 17:40:18 ----D---- C:\Windows\system32\cs-CZ
2010-02-02 17:35:18 ----D---- C:\Windows\system32\catroot2
2010-02-02 17:27:45 ----D---- C:\Windows\system32\LogFiles
2010-02-02 16:47:19 ----D---- C:\Users\Massimo\AppData\Roaming\uTorrent
2010-02-01 20:17:06 ----D---- C:\Users\Massimo\AppData\Roaming\Skype
2010-02-01 19:52:21 ----D---- C:\Users\Massimo\AppData\Roaming\skypePM
2010-01-28 15:27:56 ----D---- C:\Windows\winsxs
2010-01-28 15:25:43 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-26 01:47:36 ----D---- C:\Windows\Minidump
2010-01-21 19:18:44 ----D---- C:\Program Files\Common Files\Adobe
2010-01-21 19:18:43 ----D---- C:\ProgramData\Adobe
2010-01-21 19:18:28 ----D---- C:\Program Files\Adobe
2010-01-20 21:01:24 ----A---- C:\Windows\DesktopOK.ini
2010-01-20 18:29:58 ----D---- C:\Users\Massimo\AppData\Roaming\Ahead
2010-01-20 18:13:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-19 17:56:37 ----A---- C:\Windows\win.ini
2010-01-19 17:07:33 ----D---- C:\Program Files\Opera
2010-01-16 14:02:42 ----D---- C:\ProgramData\NVIDIA
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-12 13:58:26 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2008-12-23 215872]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2009-10-29 116368]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2009-10-29 41424]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-02-15 293528]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2009-03-08 44384]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\Windows\System32\Drivers\gHidPnp.Sys [2008-12-25 18432]
R3 gMouUsb16;USB 16-bit Mouse Device Drv; C:\Windows\system32\DRIVERS\gMouUsb16.sys [2008-12-25 9216]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 mod7700;DiBcom S830 based TV tuner device; C:\Windows\System32\Drivers\dvb7700all.sys [2007-07-02 466176]
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-01-16 1032104]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-15 191408]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2009-10-29 103888]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 VHidMinidrv;Bluetooth HID Device Service; C:\Windows\system32\drivers\VHIDMini.sys [2007-03-05 19472]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\Windows\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\Windows\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
S3 azowepcv;azowepcv; C:\Windows\system32\drivers\azowepcv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2010-02-02 85969]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 CH341SER;CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [2006-06-04 35824]
S3 KMWDFilter;KMWDFilter; \??\C:\Windows\System32\Drivers\KMWDFilter.SYS [2007-03-29 17024]
S3 mbr;mbr; \??\C:\Users\Massimo\AppData\Local\Temp\mbr.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\Program Files\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\Program Files\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\Program Files\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\Program Files\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\Program Files\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\Program Files\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 msloop;Microsoft Loopback Adapter Driver; C:\Windows\system32\DRIVERS\loop.sys [2008-01-19 6656]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nhcDriverDevice;Notebook Hardware Control Driver; \??\C:\Windows\system32\drivers\nhcDriver.sys [2008-04-25 22528]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2009-10-29 95376]
S3 VBoxTAP;VirtualBox TAP Adapter; C:\Windows\system32\DRIVERS\VBoxTAP.sys [2008-09-12 47056]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2009-10-29 32016]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-04-09 431384]
R2 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-01-17 24635]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2007-12-27 166520]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2007-03-20 278608]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe [2007-06-09 208896]
R2 LPDSVC;@%systemroot%\system32\lpdsvc.dll,-500; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MySQL;MySQL; C:\Program Files\Apache Software Foundation\MySQL\bin\mysqld --defaults-file=C:\Program Files\Apache Software Foundation\MySQL\my.ini MySQL []
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-03-20 262247]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-09 492896]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2008-12-11 603904]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-30 72704]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-12-11 362240]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]
S4 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2007-03-20 110677]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 136120]
S4 Start BT in service;Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119408
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Win32: Spyware-gen[spy] ->> problémy s hardwarem.

#2 Příspěvek od Rudy »

2.2. jste dělal sken ComboFix. Dejte z něj log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
MikoKopi
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 28 úno 2009 23:17

Re: Win32: Spyware-gen[spy] ->> problémy s hardwarem.

#3 Příspěvek od MikoKopi »

Sken z 2.2. nemohu přiložit, jelikož se mi při něm zasekl PC. Ale přikládám sken z Combofixu z dnešního dne.

ComboFix 10-02-06.03 - Massimo 07-02-10 12:44:21.3.1 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.420.1029.18.1918.1208 [GMT 1:00]
Spuštěný z: c:\users\Massimo\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\windows\system32\libmhash.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-07 do 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-02-06 21:29 . 2010-02-06 21:29 318976 ----a-w- c:\windows\system32\CF27324.exe
2010-02-04 23:34 . 2010-02-04 23:34 -------- d---a-w- c:\windows\VDLL.DLL
2010-02-04 23:34 . 2010-02-04 23:34 -------- d---a-w- c:\windows\system32\runouce.exe
2010-02-04 23:34 . 2010-02-04 23:34 -------- d---a-w- c:\windows\rundll16.exe
2010-02-04 23:34 . 2010-02-04 23:34 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-02-04 23:34 . 2010-02-04 23:34 -------- d---a-w- c:\windows\logo1_.exe
2010-02-04 23:34 . 2010-02-04 23:34 -------- d---a-w- c:\windows\logo_1.exe
2010-02-04 23:32 . 2010-02-04 23:32 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-02-04 23:15 . 2010-02-04 23:15 -------- d-----w- C:\rsit
2010-02-03 16:04 . 2010-02-03 16:04 -------- d-----w- c:\windows\system32\Adobe
2010-02-03 15:56 . 2010-02-03 15:55 38784 ----a-w- c:\users\Massimo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-03 15:56 . 2010-02-03 15:55 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-03 15:56 . 2010-02-03 15:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-02 17:17 . 2010-02-06 15:05 -------- d-----w- c:\users\Massimo\AppData\Roaming\Malwarebytes
2010-02-02 17:17 . 2010-02-02 17:17 -------- d-----w- c:\programdata\Malwarebytes
2010-02-02 16:40 . 2010-02-02 16:40 318976 ----a-w- c:\windows\system32\CF21733.exe
2010-01-28 14:27 . 2008-12-25 15:28 18432 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2010-01-28 14:27 . 2008-12-25 15:29 9216 ----a-w- c:\windows\system32\drivers\gMouUsb16.sys
2010-01-28 14:25 . 2010-01-28 14:25 -------- d-----w- C:\Genius
2010-01-24 11:08 . 2007-03-29 14:00 17024 ----a-w- c:\windows\system32\drivers\KMWDFilter.SYS
2010-01-24 11:08 . 2010-01-24 11:08 -------- d-----w- c:\program files\Trust
2010-01-14 15:18 . 2010-01-14 15:18 -------- d-----w- c:\program files\7-Zip
2010-01-11 09:37 . 2010-01-11 09:37 -------- d-----w- c:\users\Lucinka\AppData\Roaming\GHISLER
2010-01-11 09:29 . 2010-01-11 09:29 -------- d-----w- c:\users\Lucinka\AppData\Roaming\Feedreader

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 11:40 . 2008-03-18 21:34 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-02-06 21:11 . 2008-11-23 21:06 -------- d-----w- c:\users\Massimo\AppData\Roaming\ICQ
2010-02-06 15:06 . 2008-03-18 18:56 -------- d-----w- c:\users\Massimo\AppData\Roaming\XnView
2010-02-06 13:07 . 2009-04-05 08:32 98863 ----a-w- c:\programdata\nvModes.dat
2010-02-05 00:23 . 2008-05-06 06:20 -------- d-----w- c:\users\Massimo\AppData\Roaming\Thunderbird
2010-02-04 23:32 . 2009-03-11 23:17 -------- d-----w- c:\programdata\MicroWorld
2010-02-04 22:25 . 2008-09-11 17:22 110912 ----a-w- c:\users\Lucinka\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-04 22:04 . 2008-04-21 16:42 31043612 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-02-04 16:15 . 2008-07-22 06:27 -------- d-----w- c:\users\Massimo\AppData\Roaming\FlashGet
2010-02-03 16:07 . 2009-11-13 10:37 -------- d-----w- c:\program files\Foxit Reader
2010-02-02 15:47 . 2008-03-18 20:52 -------- d-----w- c:\users\Massimo\AppData\Roaming\uTorrent
2010-02-01 20:14 . 2009-04-01 18:27 1 ----a-w- c:\users\Massimo\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-01 19:17 . 2008-03-27 16:48 -------- d-----w- c:\users\Massimo\AppData\Roaming\Skype
2010-02-01 18:52 . 2008-03-27 16:50 -------- d-----w- c:\users\Massimo\AppData\Roaming\skypePM
2010-01-30 21:56 . 2010-01-31 09:53 2398720 ----a-w- c:\windows\Internet Logs\xDB653C.tmp
2010-01-28 14:25 . 2008-03-18 17:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-22 05:22 . 2010-01-24 11:02 2394112 ----a-w- c:\windows\Internet Logs\xDB7BE9.tmp
2010-01-21 18:18 . 2008-03-18 22:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-20 17:29 . 2008-04-08 21:31 -------- d-----w- c:\users\Massimo\AppData\Roaming\Ahead
2010-01-20 17:13 . 2007-07-16 11:12 602092 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 17:13 . 2007-07-16 11:12 116204 ----a-w- c:\windows\system32\perfc005.dat
2010-01-19 16:07 . 2008-06-18 20:34 -------- d-----w- c:\program files\Opera
2010-01-16 13:02 . 2008-03-18 17:01 -------- d-----w- c:\programdata\NVIDIA
2010-01-14 10:12 . 2009-10-04 14:20 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 00:55 . 2010-01-13 14:05 2360320 ----a-w- c:\windows\Internet Logs\xDBA835.tmp
2010-01-12 21:06 . 2008-03-18 12:19 110912 ----a-w- c:\users\Massimo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-08 17:59 . 2010-01-08 18:01 2352640 ----a-w- c:\windows\Internet Logs\xDB804D.tmp
2010-01-07 22:45 . 2010-01-08 17:31 2351616 ----a-w- c:\windows\Internet Logs\xDB76BB.tmp
2010-01-06 08:34 . 2010-01-06 08:36 2342912 ----a-w- c:\windows\Internet Logs\xDB8846.tmp
2009-12-30 16:33 . 2010-01-01 16:38 2338816 ----a-w- c:\windows\Internet Logs\xDBC9DA.tmp
2009-12-29 19:33 . 2009-12-30 09:15 2338304 ----a-w- c:\windows\Internet Logs\xDBC546.tmp
2009-12-28 11:03 . 2009-12-28 11:22 2336256 ----a-w- c:\windows\Internet Logs\xDBEC29.tmp
2009-12-27 16:04 . 2009-12-27 16:05 2331648 ----a-w- c:\windows\Internet Logs\xDBB2EC.tmp
2009-12-26 13:39 . 2009-12-26 13:39 -------- d-----w- c:\program files\WinHTTrack
2009-12-25 23:20 . 2008-11-23 21:02 -------- d-----w- c:\program files\ICQ
2009-12-25 23:09 . 2008-03-18 23:02 -------- d-----w- c:\program files\Java
2009-12-23 14:05 . 2009-12-23 16:23 2326528 ----a-w- c:\windows\Internet Logs\xDBC596.tmp
2009-12-22 16:44 . 2009-12-22 16:45 2325504 ----a-w- c:\windows\Internet Logs\xDBA4DB.tmp
2009-12-14 18:58 . 2009-12-14 19:00 2319360 ----a-w- c:\windows\Internet Logs\xDBDBC4.tmp
2009-11-24 23:54 . 2009-05-14 15:59 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:49 . 2009-05-14 15:59 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-05-14 15:59 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-05-14 15:59 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-10 16:43 . 2009-11-10 16:34 4 ----a-w- c:\windows\info147.sys
2009-11-10 00:51 . 2009-11-10 17:15 2266624 ----a-w- c:\windows\Internet Logs\xDBA91F.tmp
2007-07-11 15:27 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-08-30 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"avast!"="c:\program files\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440]

c:\users\Massimo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Thunderbird.lnk - d:\program files\=Thunderbirdportable=\ThunderbirdPortable.exe [2007-11-28 137000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2f,32,86,4a,bf,1f,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [14-5-09 16:59 114768]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [09-11-09 22:37 116368]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [09-11-09 22:37 41424]
R2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [17-1-08 23:37 24635]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [14-5-09 16:59 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [14-5-09 16:59 53328]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Mouse\KMWDSrv.exe [09-6-07 00:23 208896]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18-3-08 22:44 1153368]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [28-1-10 15:27 18432]
R3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\System32\drivers\gMouUsb16.sys [28-1-10 15:27 9216]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [29-10-09 14:48 103888]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\System32\drivers\adusbmdm65.sys [26-6-08 12:06 64896]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\System32\drivers\adusbser.sys [20-12-06 04:58 97920]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\System32\drivers\adusbser65.sys [26-6-08 12:06 64896]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06-11-07 21:22 34064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [29-10-09 14:48 95376]
S3 VBoxTAP;VirtualBox TAP Adapter;c:\windows\System32\drivers\VBoxTAP.sys [12-9-08 16:00 47056]
S3 VBoxUSB;VirtualBox USB;c:\windows\System32\drivers\VBoxUSB.sys [29-10-09 14:49 32016]
S4 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [27-12-07 15:39 51816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-04-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2649372418-2571513921-1631211793-1000Core.job
- c:\users\Massimo\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-05 20:41]

2010-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2649372418-2571513921-1631211793-1000UA.job
- c:\users\Massimo\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-05 20:41]

2010-02-07 c:\windows\Tasks\User_Feed_Synchronization-{41CE75F6-47DA-4D98-8795-9476F5049CA4}.job
- c:\windows\system32\msfeedssync.exe [2008-04-17 07:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer\Add_AllO.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{5699BDDB-A771-4E54-ACBB-BE86921D7892} - {5699BDDB-A771-4E54-ACBB-BE86921D7892} -
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Massimo\AppData\Roaming\Mozilla\Firefox\Profiles\v77o3b3p.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\Massimo\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-Cisco Networking Academy curriculum_is1 - c:\cisco_ccna\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 13:00
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\MySQL]
"ImagePath"="\"c:\program files\Apache Software Foundation\MySQL\bin\mysqld\" --defaults-file=\"c:\program files\Apache Software Foundation\MySQL\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\relog_ap.dll
.
Celkový čas: 2010-02-07 13:07:34
ComboFix-quarantined-files.txt 2010-02-07 12:07

Před spuštěním: 645 636 096
Po spuštění: 565 227 520

Current=10 Default=10 Failed=1 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8,10
- - End Of File - - E450581DB5D365A58E636DF78533A242
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119408
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Win32: Spyware-gen[spy] ->> problémy s hardwarem.

#4 Příspěvek od Rudy »

2 položky CF smazal, zbytek logu vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
MikoKopi
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 28 úno 2009 23:17

Re: Win32: Spyware-gen[spy] ->> problémy s hardwarem.

#5 Příspěvek od MikoKopi »

Změna nenastala žádná :(
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119408
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Win32: Spyware-gen[spy] ->> problémy s hardwarem.

#6 Příspěvek od Rudy »

Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
MikoKopi
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 28 úno 2009 23:17

Re: Win32: Spyware-gen[spy] ->> problémy s hardwarem.

#7 Příspěvek od MikoKopi »

Log z AVPtool, trochu nepřehledné. Dal jsem smazat co našel a pořád stejný problém....

Autoscan: completed 5 minutes ago (events: 40, objects: 1139560, time: 17:11:36)
07-2-10 23:18:50 Task started
08-2-10 09:37:46 Detected: HEUR:Trojan-Dropper.Script.Generic C:\Documents and Settings\Massimo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.1.9.gadget\js\flyout_fav.js
08-2-10 09:37:46 Untreated: HEUR:Trojan-Dropper.Script.Generic C:\Documents and Settings\Massimo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.1.9.gadget\js\flyout_fav.js Postponed
08-2-10 09:37:47 Detected: HEUR:Trojan-Dropper.Script.Generic C:\Documents and Settings\Massimo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.6.gadget\js\flyout_fav.js
08-2-10 09:37:47 Untreated: HEUR:Trojan-Dropper.Script.Generic C:\Documents and Settings\Massimo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.6.gadget\js\flyout_fav.js Postponed
08-2-10 09:43:02 Detected: HEUR:Trojan-Dropper.Script.Generic C:\Documents and Settings\Massimo\Local Settings\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.1.9.gadget\js\flyout_fav.js
08-2-10 09:43:02 Untreated: HEUR:Trojan-Dropper.Script.Generic C:\Documents and Settings\Massimo\Local Settings\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.1.9.gadget\js\flyout_fav.js Postponed
08-2-10 09:43:04 Detected: HEUR:Trojan-Dropper.Script.Generic C:\Documents and Settings\Massimo\Local Settings\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.6.gadget\js\flyout_fav.js
08-2-10 09:43:04 Untreated: HEUR:Trojan-Dropper.Script.Generic C:\Documents and Settings\Massimo\Local Settings\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.6.gadget\js\flyout_fav.js Postponed
08-2-10 10:39:52 Detected: Trojan.Win32.Agent.dfar C:\Program Files\MATLAB\R2007b\toolbox\rtw\targets\xpc\target\build\xpcblocks\fc422mexcalcbits.mexw32
08-2-10 10:39:52 Untreated: Trojan.Win32.Agent.dfar C:\Program Files\MATLAB\R2007b\toolbox\rtw\targets\xpc\target\build\xpcblocks\fc422mexcalcbits.mexw32 Postponed
08-2-10 11:07:04 Detected: HEUR:Trojan-Dropper.Script.Generic C:\Users\Massimo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.1.9.gadget\js\flyout_fav.js
08-2-10 11:07:04 Untreated: HEUR:Trojan-Dropper.Script.Generic C:\Users\Massimo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.1.9.gadget\js\flyout_fav.js Postponed
08-2-10 11:07:05 Detected: HEUR:Trojan-Dropper.Script.Generic C:\Users\Massimo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.6.gadget\js\flyout_fav.js
08-2-10 11:07:05 Untreated: HEUR:Trojan-Dropper.Script.Generic C:\Users\Massimo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.6.gadget\js\flyout_fav.js Postponed
08-2-10 11:11:57 Detected: HEUR:Trojan-Dropper.Script.Generic C:\Users\Massimo\Local Settings\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.1.9.gadget\js\flyout_fav.js
08-2-10 11:11:57 Untreated: HEUR:Trojan-Dropper.Script.Generic C:\Users\Massimo\Local Settings\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.1.9.gadget\js\flyout_fav.js Postponed
08-2-10 11:11:59 Detected: HEUR:Trojan-Dropper.Script.Generic C:\Users\Massimo\Local Settings\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.6.gadget\js\flyout_fav.js
08-2-10 11:11:59 Untreated: HEUR:Trojan-Dropper.Script.Generic C:\Users\Massimo\Local Settings\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.6.gadget\js\flyout_fav.js Postponed
08-2-10 12:18:38 Detected: SuspiciousPacker.Multi.Generic D:\Docs\IT_Articles\CainAbel\ca_setup.exe/WISE0017.BIN/PE_Patch.Upolyx
08-2-10 12:18:39 Untreated: SuspiciousPacker.Multi.Generic D:\Docs\IT_Articles\CainAbel\ca_setup.exe/WISE0017.BIN/PE_Patch.Upolyx Postponed
08-2-10 12:40:14 Detected: HEUR:Trojan-Dropper.Script.Generic D:\Programs\=Gadgets_ vista=\AppLauncherV3.3.1.9.gadget/js/flyout_fav.js
08-2-10 12:40:14 Untreated: HEUR:Trojan-Dropper.Script.Generic D:\Programs\=Gadgets_ vista=\AppLauncherV3.3.1.9.gadget/js/flyout_fav.js Postponed
08-2-10 12:40:14 Detected: HEUR:Trojan-Dropper.Script.Generic D:\Programs\=Gadgets_ vista=\AppLauncherV3.3.4.6.gadget/js/flyout_fav.js
08-2-10 12:40:14 Untreated: HEUR:Trojan-Dropper.Script.Generic D:\Programs\=Gadgets_ vista=\AppLauncherV3.3.4.6.gadget/js/flyout_fav.js Postponed
08-2-10 13:12:13 Processing error G:\Downloads\Ubuntu_9.10\ubuntu-9.10-desktop-amd64.iso/casper/filesystem.squashfs Read error
08-2-10 13:38:22 Processing error G:\Games\Operation Flashpoint Addons\ofp_bas_complete.rar/Operation Flashpoint BAS Addon Pack.msi/Data1.cab Read error
08-2-10 13:53:17 Detected: HEUR:Trojan-Dropper.Script.Generic C:\Documents and Settings\Massimo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.1.9.gadget\js\flyout_fav.js
08-2-10 16:27:42 Deleted: HEUR:Trojan-Dropper.Script.Generic C:\Documents and Settings\Massimo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.1.9.gadget\js\flyout_fav.js
08-2-10 16:27:42 Detected: HEUR:Trojan-Dropper.Script.Generic C:\Documents and Settings\Massimo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.6.gadget\js\flyout_fav.js
08-2-10 16:27:42 Deleted: HEUR:Trojan-Dropper.Script.Generic C:\Documents and Settings\Massimo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.6.gadget\js\flyout_fav.js
08-2-10 16:27:42 Detected: Trojan.Win32.Agent.dfar C:\Program Files\MATLAB\R2007b\toolbox\rtw\targets\xpc\target\build\xpcblocks\fc422mexcalcbits.mexw32
08-2-10 16:28:27 Deleted: Trojan.Win32.Agent.dfar C:\Program Files\MATLAB\R2007b\toolbox\rtw\targets\xpc\target\build\xpcblocks\fc422mexcalcbits.mexw32
08-2-10 16:28:29 Detected: SuspiciousPacker.Multi.Generic D:\Docs\IT_Articles\CainAbel\ca_setup.exe/WISE0017.BIN/PE_Patch.Upolyx
08-2-10 16:30:25 Deleted: SuspiciousPacker.Multi.Generic D:\Docs\IT_Articles\CainAbel\ca_setup.exe
08-2-10 16:30:25 Detected: HEUR:Trojan-Dropper.Script.Generic D:\Programs\=Gadgets_ vista=\AppLauncherV3.3.1.9.gadget/js/flyout_fav.js
08-2-10 16:30:25 Deleted: HEUR:Trojan-Dropper.Script.Generic D:\Programs\=Gadgets_ vista=\AppLauncherV3.3.1.9.gadget/js/flyout_fav.js
08-2-10 16:30:25 Detected: HEUR:Trojan-Dropper.Script.Generic D:\Programs\=Gadgets_ vista=\AppLauncherV3.3.4.6.gadget/js/flyout_fav.js
08-2-10 16:30:25 Deleted: HEUR:Trojan-Dropper.Script.Generic D:\Programs\=Gadgets_ vista=\AppLauncherV3.3.4.6.gadget/js/flyout_fav.js
08-2-10 16:30:26 Task completed
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119408
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Win32: Spyware-gen[spy] ->> problémy s hardwarem.

#8 Příspěvek od Rudy »

Zkuste teď reinstalovat ovladače WiFi.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
MikoKopi
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 28 úno 2009 23:17

Re: Win32: Spyware-gen[spy] ->> problémy s hardwarem.

#9 Příspěvek od MikoKopi »

Přeinstaloval jsem ovladače a stále to nefunguje. Tak mě napadlo, to co mě mělo napadnout už dávno, použil jsem externí disk kde mám nainstalovaný Ubuntu a kde předtím mi Wifi chodila taky bez problémů. Výsledek Wi-fi nejede ani zde, což z největší pravděpodobností značí že je Wi-fi karta nefunkční, nemýlím-li se?
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119408
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Win32: Spyware-gen[spy] ->> problémy s hardwarem.

#10 Příspěvek od Rudy »

V tom případě je to dost pravděpodobné. I když jste měl PC celkem dost zaplevelený.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“