Mam AVG Internet Security. Při testu mi to vždycky nahlásí že byl v několika souborech nalezen Vundo.KA a že pro dokončení testu je nutný restart. Jenže po restartu a opětovném otestování jsou tam infikované soubory zas zpět. Zkoušel jsem Vundofix a Virtumundobegone, ale ani jenden z nich nic nezkoušel. Na fóru jsem toho našel spoustu o tomhle viru, ale skoro vůbec se v tom neviznam (doposud jsem měl minimální problémy s viry a když se něco objevilo, tak to AVG zachránilo).
Výsledek testu vypadá takto:
Infekce
Soubor;"Infekce";"Výsledek"
C:\WINNT\system32\svchost.exe (1396):\memory_001a0000;"Trojský kůň Vundo.KA";"Pro dokončení akce je potřeba provést restart"
C:\WINNT\system32\svchost.exe (1396);"Trojský kůň Vundo.KA";"Pro dokončení akce je potřeba provést restart"
C:\WINNT\explorer.exe (376):\memory_001a0000;"Trojský kůň Vundo.KA";"Pro dokončení akce je potřeba provést restart"
C:\WINNT\explorer.exe (376);"Trojský kůň Vundo.KA";"Pro dokončení akce je potřeba provést restart"
Jednou je infikován explorer, tak jak je v tom výsledku a jednou zas firefox (pdle toho jak se obnový soubory po smazání antivirem).
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vundo.KA
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Vundo.KA
tady je log na kterej jsem patrně zapoměl ...
Logfile of random's system information tool 1.06 (written by random/random)
Run by Petr at 2010-02-05 12:33:23
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (77%) free of 71 GB
Total RAM: 1023 MB (29% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINNT\tasks\User_Feed_Synchronization-{FF827C00-AC4C-466B-8AE0-D7203A9C9211}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-26 1484056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"PHIME2002ASync"=C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"SoundMan"=C:\WINNT\SOUNDMAN.EXE [2004-12-01 77824]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINNT\system32\NvMcTray.dll [2009-11-20 110184]
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2009-11-20 12669544]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-26 2033432]
"Samsung PanelMgr"=C:\WINNT\Samsung\PanelMgr\SSMMgr.exe [2008-08-08 524288]
"Kernel and Hardware Abstraction Layer"=C:\WINNT\KHALMNPR.EXE [2009-06-17 55824]
"StartupDelayer"=C:\Program Files\Startup Delayer\Startup Launcher GUI.exe [2009-03-08 147456]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-05-16 430080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINNT\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-05 2002160]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Petr\Nabídka Start\Programy\Po spuštění
SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINNT\system32\avgrsstx.dll [2009-12-26 12464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINNT\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d02ea3af-fcf8-11de-b57a-001109e9ca5c}]
shell\AutoRun\command - I:\setup.exe
======List of files/folders created in the last 1 months======
2010-02-05 12:33:36 ----D---- C:\Program Files\trend micro
2010-02-05 12:33:23 ----D---- C:\rsit
2010-02-05 11:19:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-02-05 11:18:35 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-05 11:18:35 ----D---- C:\Documents and Settings\Petr\Data aplikací\SUPERAntiSpyware.com
2010-02-05 10:26:45 ----D---- C:\WINNT\CSC
2010-02-05 10:23:58 ----D---- C:\VundoFix Backups
2010-02-05 10:23:58 ----A---- C:\VundoFix.txt
2010-02-04 00:06:22 ----D---- C:\WINNT\system32\Adobe
2010-02-02 17:53:28 ----D---- C:\Documents and Settings\Petr\Data aplikací\ArcSoft
2010-02-02 17:51:10 ----D---- C:\Documents and Settings\Petr\Data aplikací\Canon
2010-02-02 17:47:42 ----D---- C:\Program Files\CanoScan Toolbox Ver4.1
2010-02-02 17:45:53 ----D---- C:\Documents and Settings\Petr\Data aplikací\ScanSoft
2010-02-02 17:45:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\SSScanWizard
2010-02-02 17:45:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\SSScanAppDataDir
2010-02-02 17:45:48 ----A---- C:\WINNT\MAXLINK.INI
2010-02-02 17:45:30 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2010-02-02 17:45:04 ----D---- C:\Program Files\OmniPageSE
2010-02-02 17:42:51 ----A---- C:\WINNT\system32\TWAIN_32.DLL
2010-02-02 17:42:51 ----A---- C:\WINNT\system32\PCDLIB32.DLL
2010-02-02 17:42:39 ----D---- C:\Program Files\ArcSoft PhotoStudio 5
2010-02-02 17:42:16 ----D---- C:\Program Files\Common Files\InstallShield
2010-02-02 17:41:55 ----A---- C:\WINNT\system32\UCS32P.DLL
2010-02-02 17:41:50 ----A---- C:\WINNT\system32\CNQU71.DLL
2010-02-02 17:41:50 ----A---- C:\WINNT\system32\CNQL1208.dll
2010-02-02 17:41:49 ----HD---- C:\CanoScan
2010-02-01 18:30:02 ----D---- C:\WINNT\system32\oodag
2010-02-01 18:18:50 ----D---- C:\Program Files\OO Defrag
2010-01-31 13:06:09 ----D---- C:\Program Files\Western Digital Technologies
2010-01-24 13:12:35 ----A---- C:\WINNT\oodcnt.INI
2010-01-23 12:12:24 ----DC---- C:\WINNT\system32\DRVSTORE
2010-01-23 12:12:21 ----D---- C:\Program Files\Western Digital
2010-01-22 21:05:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-01-22 21:05:36 ----D---- C:\Program Files\Common Files\Java
2010-01-22 21:04:31 ----A---- C:\WINNT\system32\javaws.exe
2010-01-22 21:04:31 ----A---- C:\WINNT\system32\javaw.exe
2010-01-22 21:04:31 ----A---- C:\WINNT\system32\java.exe
2010-01-17 20:06:17 ----D---- C:\Documents and Settings\Petr\Data aplikací\VitySoft
2010-01-17 20:05:57 ----D---- C:\Program Files\FreeRapid
2010-01-14 17:35:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\SlySoft
2010-01-14 17:32:58 ----D---- C:\Program Files\CloneCD
2010-01-14 17:32:03 ----A---- C:\WINNT\temp.exe
2010-01-13 14:11:48 ----HDC---- C:\WINNT\$NtUninstallKB972270$
2010-01-13 11:31:48 ----D---- C:\Temp
2010-01-13 10:55:12 ----D---- C:\Program Files\CloneDVD2
2010-01-07 16:07:13 ----D---- C:\Documents and Settings\Petr\Data aplikací\gtk-2.0
2010-01-07 14:57:03 ----D---- C:\Program Files\GIMP
2010-01-06 21:18:15 ----D---- C:\Program Files\Adobe Photoshop CS2
======List of files/folders modified in the last 1 months======
2010-02-05 12:33:36 ----RD---- C:\Program Files
2010-02-05 12:32:04 ----D---- C:\WINNT\Temp
2010-02-05 12:30:31 ----D---- C:\Documents and Settings\Petr\Data aplikací\AIMP
2010-02-05 12:26:50 ----D---- C:\WINNT\system32\CatRoot2
2010-02-05 12:24:04 ----D---- C:\Documents and Settings\Petr\Data aplikací\Skype
2010-02-05 12:23:55 ----D---- C:\Program Files\Mozilla Firefox
2010-02-05 12:23:00 ----D---- C:\WINNT\Prefetch
2010-02-05 12:22:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-02-05 12:21:59 ----AD---- C:\WINNT
2010-02-05 12:21:45 ----D---- C:\WINNT\system32
2010-02-05 12:19:23 ----A---- C:\WINNT\SchedLgU.Txt
2010-02-05 11:18:49 ----SHD---- C:\WINNT\Installer
2010-02-05 11:18:11 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-05 10:40:27 ----D---- C:\Documents and Settings\Petr\Data aplikací\uTorrent
2010-02-05 09:42:40 ----D---- C:\Documents and Settings\Petr\Data aplikací\skypePM
2010-02-05 00:00:43 ----D---- C:\WINNT\security
2010-02-04 22:45:38 ----SD---- C:\Documents and Settings\Petr\Data aplikací\Microsoft
2010-02-04 14:44:11 ----RSHDC---- C:\WINNT\system32\dllcache
2010-02-04 11:24:37 ----HD---- C:\WINNT\system32\GroupPolicy
2010-02-04 11:01:38 ----D---- C:\WINNT\system32\drivers
2010-02-03 14:00:53 ----D---- C:\Documents and Settings\Petr\Data aplikací\XnView
2010-02-03 09:07:15 ----D---- C:\Program Files\WinRAR
2010-02-02 17:48:34 ----D---- C:\WINNT\twain_32
2010-02-02 17:48:25 ----HD---- C:\WINNT\inf
2010-02-02 17:47:50 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-02 17:45:30 ----D---- C:\Program Files\Common Files
2010-01-23 18:49:36 ----A---- C:\WINNT\system32\PerfStringBackup.INI
2010-01-23 12:30:27 ----D---- C:\WINNT\system32\inetsrv
2010-01-22 21:04:25 ----D---- C:\Program Files\Java
2010-01-22 06:18:06 ----D---- C:\Program Files\Internet Explorer
2010-01-22 06:17:56 ----D---- C:\WINNT\ie8updates
2010-01-22 06:17:41 ----HD---- C:\WINNT\$hf_mig$
2010-01-21 08:01:48 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-17 20:37:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-01-17 10:20:04 ----D---- C:\WINNT\Debug
2010-01-14 13:45:57 ----D---- C:\Program Files\Adobe
2010-01-14 13:45:53 ----D---- C:\Program Files\Common Files\Adobe
2010-01-14 13:43:49 ----D---- C:\Documents and Settings\Petr\Data aplikací\Adobe
2010-01-08 12:51:42 ----A---- C:\WINNT\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINNT\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINNT\System32\Drivers\avgldx86.sys [2009-12-25 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINNT\System32\Drivers\avgmfx86.sys [2009-12-26 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINNT\System32\Drivers\avgtdix.sys [2009-12-26 360584]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINNT\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINNT\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINNT\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 LBeepKE;LBeepKE; C:\WINNT\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINNT\system32\drivers\ALCXWDM.SYS [2004-12-01 2300928]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINNT\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Avgfwdx;Avgfwdx; C:\WINNT\system32\DRIVERS\avgfwdx.sys [2009-12-26 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 ElbyCDFL;ElbyCDFL; C:\WINNT\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINNT\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 hidusb;Ovladač třídy standardu HID; C:\WINNT\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINNT\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINNT\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 mouhid;Ovladač myši standardu HID; C:\WINNT\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINNT\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINNT\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINNT\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINNT\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINNT\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINNT\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINNT\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINNT\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINNT\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINNT\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINNT\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S2 DgiVecp;DgiVecp; \??\C:\WINNT\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINNT\system32\Drivers\SSPORT.sys []
S3 Avgfwfd;AVG network filter service; C:\WINNT\system32\DRIVERS\avgfwdx.sys [2009-12-26 30104]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINNT\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINNT\system32\DRIVERS\wdcsam.sys [2008-05-16 11520]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINNT\system32\svchost.exe [2008-04-14 14336]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2009-12-25 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-26 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-01-14 2304192]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2009-12-26 5832712]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINNT\system32\nvsvc32.exe [2009-11-20 154216]
R2 O&O Defrag;O&O Defrag; C:\Program Files\OO Defrag\oodag.exe [2009-09-12 1488128]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]
R2 WSearch;Windows Search; C:\WINNT\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Petr at 2010-02-05 12:33:23
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (77%) free of 71 GB
Total RAM: 1023 MB (29% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINNT\tasks\User_Feed_Synchronization-{FF827C00-AC4C-466B-8AE0-D7203A9C9211}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-26 1484056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"PHIME2002ASync"=C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"SoundMan"=C:\WINNT\SOUNDMAN.EXE [2004-12-01 77824]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINNT\system32\NvMcTray.dll [2009-11-20 110184]
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2009-11-20 12669544]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-26 2033432]
"Samsung PanelMgr"=C:\WINNT\Samsung\PanelMgr\SSMMgr.exe [2008-08-08 524288]
"Kernel and Hardware Abstraction Layer"=C:\WINNT\KHALMNPR.EXE [2009-06-17 55824]
"StartupDelayer"=C:\Program Files\Startup Delayer\Startup Launcher GUI.exe [2009-03-08 147456]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-05-16 430080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINNT\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-05 2002160]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Petr\Nabídka Start\Programy\Po spuštění
SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINNT\system32\avgrsstx.dll [2009-12-26 12464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINNT\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d02ea3af-fcf8-11de-b57a-001109e9ca5c}]
shell\AutoRun\command - I:\setup.exe
======List of files/folders created in the last 1 months======
2010-02-05 12:33:36 ----D---- C:\Program Files\trend micro
2010-02-05 12:33:23 ----D---- C:\rsit
2010-02-05 11:19:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-02-05 11:18:35 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-05 11:18:35 ----D---- C:\Documents and Settings\Petr\Data aplikací\SUPERAntiSpyware.com
2010-02-05 10:26:45 ----D---- C:\WINNT\CSC
2010-02-05 10:23:58 ----D---- C:\VundoFix Backups
2010-02-05 10:23:58 ----A---- C:\VundoFix.txt
2010-02-04 00:06:22 ----D---- C:\WINNT\system32\Adobe
2010-02-02 17:53:28 ----D---- C:\Documents and Settings\Petr\Data aplikací\ArcSoft
2010-02-02 17:51:10 ----D---- C:\Documents and Settings\Petr\Data aplikací\Canon
2010-02-02 17:47:42 ----D---- C:\Program Files\CanoScan Toolbox Ver4.1
2010-02-02 17:45:53 ----D---- C:\Documents and Settings\Petr\Data aplikací\ScanSoft
2010-02-02 17:45:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\SSScanWizard
2010-02-02 17:45:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\SSScanAppDataDir
2010-02-02 17:45:48 ----A---- C:\WINNT\MAXLINK.INI
2010-02-02 17:45:30 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2010-02-02 17:45:04 ----D---- C:\Program Files\OmniPageSE
2010-02-02 17:42:51 ----A---- C:\WINNT\system32\TWAIN_32.DLL
2010-02-02 17:42:51 ----A---- C:\WINNT\system32\PCDLIB32.DLL
2010-02-02 17:42:39 ----D---- C:\Program Files\ArcSoft PhotoStudio 5
2010-02-02 17:42:16 ----D---- C:\Program Files\Common Files\InstallShield
2010-02-02 17:41:55 ----A---- C:\WINNT\system32\UCS32P.DLL
2010-02-02 17:41:50 ----A---- C:\WINNT\system32\CNQU71.DLL
2010-02-02 17:41:50 ----A---- C:\WINNT\system32\CNQL1208.dll
2010-02-02 17:41:49 ----HD---- C:\CanoScan
2010-02-01 18:30:02 ----D---- C:\WINNT\system32\oodag
2010-02-01 18:18:50 ----D---- C:\Program Files\OO Defrag
2010-01-31 13:06:09 ----D---- C:\Program Files\Western Digital Technologies
2010-01-24 13:12:35 ----A---- C:\WINNT\oodcnt.INI
2010-01-23 12:12:24 ----DC---- C:\WINNT\system32\DRVSTORE
2010-01-23 12:12:21 ----D---- C:\Program Files\Western Digital
2010-01-22 21:05:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-01-22 21:05:36 ----D---- C:\Program Files\Common Files\Java
2010-01-22 21:04:31 ----A---- C:\WINNT\system32\javaws.exe
2010-01-22 21:04:31 ----A---- C:\WINNT\system32\javaw.exe
2010-01-22 21:04:31 ----A---- C:\WINNT\system32\java.exe
2010-01-17 20:06:17 ----D---- C:\Documents and Settings\Petr\Data aplikací\VitySoft
2010-01-17 20:05:57 ----D---- C:\Program Files\FreeRapid
2010-01-14 17:35:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\SlySoft
2010-01-14 17:32:58 ----D---- C:\Program Files\CloneCD
2010-01-14 17:32:03 ----A---- C:\WINNT\temp.exe
2010-01-13 14:11:48 ----HDC---- C:\WINNT\$NtUninstallKB972270$
2010-01-13 11:31:48 ----D---- C:\Temp
2010-01-13 10:55:12 ----D---- C:\Program Files\CloneDVD2
2010-01-07 16:07:13 ----D---- C:\Documents and Settings\Petr\Data aplikací\gtk-2.0
2010-01-07 14:57:03 ----D---- C:\Program Files\GIMP
2010-01-06 21:18:15 ----D---- C:\Program Files\Adobe Photoshop CS2
======List of files/folders modified in the last 1 months======
2010-02-05 12:33:36 ----RD---- C:\Program Files
2010-02-05 12:32:04 ----D---- C:\WINNT\Temp
2010-02-05 12:30:31 ----D---- C:\Documents and Settings\Petr\Data aplikací\AIMP
2010-02-05 12:26:50 ----D---- C:\WINNT\system32\CatRoot2
2010-02-05 12:24:04 ----D---- C:\Documents and Settings\Petr\Data aplikací\Skype
2010-02-05 12:23:55 ----D---- C:\Program Files\Mozilla Firefox
2010-02-05 12:23:00 ----D---- C:\WINNT\Prefetch
2010-02-05 12:22:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-02-05 12:21:59 ----AD---- C:\WINNT
2010-02-05 12:21:45 ----D---- C:\WINNT\system32
2010-02-05 12:19:23 ----A---- C:\WINNT\SchedLgU.Txt
2010-02-05 11:18:49 ----SHD---- C:\WINNT\Installer
2010-02-05 11:18:11 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-05 10:40:27 ----D---- C:\Documents and Settings\Petr\Data aplikací\uTorrent
2010-02-05 09:42:40 ----D---- C:\Documents and Settings\Petr\Data aplikací\skypePM
2010-02-05 00:00:43 ----D---- C:\WINNT\security
2010-02-04 22:45:38 ----SD---- C:\Documents and Settings\Petr\Data aplikací\Microsoft
2010-02-04 14:44:11 ----RSHDC---- C:\WINNT\system32\dllcache
2010-02-04 11:24:37 ----HD---- C:\WINNT\system32\GroupPolicy
2010-02-04 11:01:38 ----D---- C:\WINNT\system32\drivers
2010-02-03 14:00:53 ----D---- C:\Documents and Settings\Petr\Data aplikací\XnView
2010-02-03 09:07:15 ----D---- C:\Program Files\WinRAR
2010-02-02 17:48:34 ----D---- C:\WINNT\twain_32
2010-02-02 17:48:25 ----HD---- C:\WINNT\inf
2010-02-02 17:47:50 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-02 17:45:30 ----D---- C:\Program Files\Common Files
2010-01-23 18:49:36 ----A---- C:\WINNT\system32\PerfStringBackup.INI
2010-01-23 12:30:27 ----D---- C:\WINNT\system32\inetsrv
2010-01-22 21:04:25 ----D---- C:\Program Files\Java
2010-01-22 06:18:06 ----D---- C:\Program Files\Internet Explorer
2010-01-22 06:17:56 ----D---- C:\WINNT\ie8updates
2010-01-22 06:17:41 ----HD---- C:\WINNT\$hf_mig$
2010-01-21 08:01:48 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-17 20:37:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-01-17 10:20:04 ----D---- C:\WINNT\Debug
2010-01-14 13:45:57 ----D---- C:\Program Files\Adobe
2010-01-14 13:45:53 ----D---- C:\Program Files\Common Files\Adobe
2010-01-14 13:43:49 ----D---- C:\Documents and Settings\Petr\Data aplikací\Adobe
2010-01-08 12:51:42 ----A---- C:\WINNT\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINNT\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINNT\System32\Drivers\avgldx86.sys [2009-12-25 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINNT\System32\Drivers\avgmfx86.sys [2009-12-26 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINNT\System32\Drivers\avgtdix.sys [2009-12-26 360584]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINNT\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINNT\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINNT\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 LBeepKE;LBeepKE; C:\WINNT\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINNT\system32\drivers\ALCXWDM.SYS [2004-12-01 2300928]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINNT\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Avgfwdx;Avgfwdx; C:\WINNT\system32\DRIVERS\avgfwdx.sys [2009-12-26 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 ElbyCDFL;ElbyCDFL; C:\WINNT\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINNT\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 hidusb;Ovladač třídy standardu HID; C:\WINNT\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINNT\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINNT\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 mouhid;Ovladač myši standardu HID; C:\WINNT\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINNT\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINNT\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINNT\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINNT\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINNT\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINNT\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINNT\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINNT\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINNT\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINNT\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINNT\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S2 DgiVecp;DgiVecp; \??\C:\WINNT\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINNT\system32\Drivers\SSPORT.sys []
S3 Avgfwfd;AVG network filter service; C:\WINNT\system32\DRIVERS\avgfwdx.sys [2009-12-26 30104]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINNT\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINNT\system32\DRIVERS\wdcsam.sys [2008-05-16 11520]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINNT\system32\svchost.exe [2008-04-14 14336]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2009-12-25 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-26 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-01-14 2304192]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2009-12-26 5832712]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINNT\system32\nvsvc32.exe [2009-11-20 154216]
R2 O&O Defrag;O&O Defrag; C:\Program Files\OO Defrag\oodag.exe [2009-09-12 1488128]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]
R2 WSearch;Windows Search; C:\WINNT\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Vundo.KA
Dobrý večer 
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe -souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?