Dobry den,
prosim o kontrolu logu. Pocitac je pomaly a neustale cte nebo zapisuje na disk.Taky se me zablokovala rezidentni ochrana avastem a nelze ji opetovne zpustit.
Predem dekuji
Logfile of random's system information tool 1.08 (written by random/random)
Run by Kuba at 2010-07-27 10:11:25
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 66 GB (21%) free of 305 GB
Total RAM: 3326 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:13:04, on 27.7.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\WerCon.exe
C:\ProgramData\LangSoft\OETRN.EXE
C:\Program Files\ICQ7.1\ICQ.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kuba\AppData\Local\Temp\nro.tmp\SetupX.exe
C:\Users\Kuba\AppData\Local\Temp\nro.tmp\ipclog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\DVD-Cloner Platinum\DVD-Cloner\Dvd-cloner6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\MsiExec.exe
C:\Users\Kuba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WILEKVGD\RSIT[1].exe
C:\Program Files\trend micro\Kuba.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\ProgramData\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí &BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Terrex Network Service Version 2.1 - Unknown owner - C:\Program Files\Terrex\TerraVista 5.1\Bin\networksvc.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
End of file - 9145 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-06-29 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-19 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-06-29 798771]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-03-17 1302528]
"SoundTray"=C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe [2008-03-26 143360]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2008-12-16 4375032]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-12-16 962128]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-12-16 165144]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-07-19 148888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Nektra OEAPI"= []
"OEXPRESS"=C:\ProgramData\LangSoft\OETRN.EXE [2010-06-29 26624]
"ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2010-06-08 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=2
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-07-27 10:11:25 ----D---- C:\Program Files\trend micro
2010-07-27 10:11:24 ----D---- C:\rsit
2010-07-27 10:06:17 ----A---- C:\Windows\system32\msadio.dll
2010-07-27 09:59:42 ----D---- C:\Program Files\DVD-Cloner Platinum
2010-07-27 08:34:13 ----D---- C:\Program Files\Dvd-cloner
2010-07-26 17:33:52 ----HD---- C:\ProgramData\CanonBJ
2010-07-19 16:28:56 ----A---- C:\Windows\system32\javaws.exe
2010-07-19 16:28:56 ----A---- C:\Windows\system32\javaw.exe
2010-07-19 16:28:56 ----A---- C:\Windows\system32\java.exe
2010-07-19 16:28:56 ----A---- C:\Windows\system32\deploytk.dll
2010-07-19 16:28:18 ----D---- C:\Program Files\Java
2010-06-30 10:33:39 ----D---- C:\Program Files\CAPCOM
2010-06-30 10:30:22 ----D---- C:\Windows\system32\xlive
2010-06-30 10:30:21 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-06-30 03:00:36 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-30 03:00:36 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-30 03:00:36 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-30 03:00:36 ----A---- C:\Windows\system32\mscoree.dll
2010-06-30 03:00:36 ----A---- C:\Windows\system32\dfshim.dll
2010-06-29 09:24:52 ----D---- C:\TRANSLAT
2010-06-29 09:24:50 ----D---- C:\ProgramData\LangSoft
2010-06-29 09:24:15 ----D---- C:\Users\Kuba\AppData\Roaming\LangSoft
2010-06-28 16:02:02 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-28 15:26:38 ----D---- C:\Westwood
2010-06-28 15:25:47 ----A---- C:\Windows\uninst.exe
======List of files/folders modified in the last 1 months======
2010-07-27 10:11:53 ----D---- C:\Windows\Temp
2010-07-27 10:11:25 ----RD---- C:\Program Files
2010-07-27 10:10:50 ----SHD---- C:\Windows\Installer
2010-07-27 10:09:54 ----SHD---- C:\System Volume Information
2010-07-27 10:09:20 ----D---- C:\Windows\Prefetch
2010-07-27 10:06:17 ----D---- C:\Windows\System32
2010-07-27 09:55:18 ----D---- C:\ProgramData\NVIDIA
2010-07-27 08:04:10 ----D---- C:\Download
2010-07-27 07:45:10 ----D---- C:\Users\Kuba\AppData\Roaming\ICQ
2010-07-27 07:44:37 ----D---- C:\Windows
2010-07-26 17:33:52 ----HD---- C:\ProgramData
2010-07-26 17:33:15 ----D---- C:\Windows\system32\drivers
2010-07-20 11:52:54 ----D---- C:\Windows\SoftwareDistribution
2010-07-20 11:52:31 ----SD---- C:\Windows\Downloaded Program Files
2010-07-20 09:40:15 ----D---- C:\Windows\inf
2010-07-20 09:40:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-15 03:10:25 ----D---- C:\Windows\winsxs
2010-07-15 03:03:44 ----D---- C:\Windows\system32\catroot
2010-07-15 03:03:43 ----D---- C:\Windows\system32\catroot2
2010-07-15 03:03:30 ----D---- C:\Program Files\Windows Mail
2010-07-15 03:03:17 ----D---- C:\ProgramData\Microsoft Help
2010-07-02 08:14:46 ----D---- C:\Windows\Minidump
2010-06-30 03:16:55 ----D---- C:\Windows\AppPatch
2010-06-29 09:24:29 ----D---- C:\Windows\system32\Tasks
2010-06-29 08:50:28 ----SD---- C:\Users\Kuba\AppData\Roaming\Microsoft
2010-06-28 16:02:08 ----SD---- C:\ProgramData\Microsoft
2010-06-28 15:25:56 ----D---- C:\Windows\system32\NDF
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 snapman380;Acronis Snapshots Manager (Build 380); C:\Windows\system32\DRIVERS\snman380.sys [2010-04-16 134272]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-14 691696]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174); C:\Windows\system32\DRIVERS\tdrpm174.sys [2010-04-16 971552]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-04-16 540000]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-05-06 23376]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2010-05-06 307280]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 VD_FileDisk;VD_FileDisk; C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2009-12-17 588800]
R2 Haspnt;Haspnt; \??\C:\Windows\system32\drivers\Haspnt.sys [2010-04-20 47616]
R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2006-05-07 90688]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2010-04-16 44704]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2008-03-20 373760]
R3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\Windows\system32\DRIVERS\HidBatt.sys [2008-01-21 21504]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-04 11573800]
R3 SNTNLUSB;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\Windows\system32\DRIVERS\SNTNLUSB.SYS [2006-05-07 33504]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-09-19 305664]
S2 DS1410D;DS1410D; \??\C:\Windows\system32\drivers\ds1410d.sys []
S3 a3epoasq;a3epoasq; C:\Windows\system32\drivers\a3epoasq.sys []
S3 akshasp;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2009-12-17 238208]
S3 aksusb;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2009-12-17 16384]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-12-16 554264]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-10-19 86016]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-05-07 206400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
R2 Terrex Network Service Version 2.1;Terrex Network Service Version 2.1; C:\Program Files\Terrex\TerraVista 5.1\Bin\networksvc.exe [2006-09-29 298496]
R2 yksvc;Marvell Yukon Service; ykx32mpcoinst,serviceStartProc []
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-05-11 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: prosim o kontrolu logu
Dobrý den,
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
stahnete a ulozte nejlepe na plochu ComboFix
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Re: prosim o kontrolu logu
ComboFix 10-07-24.03 - Kuba 27.07.2010 10:57:58.1.4 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.3326.2218 [GMT 2:00]
Spuštěný z: c:\download\Wii\wComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-27 do 2010-07-27 )))))))))))))))))))))))))))))))
.
2010-07-27 09:06 . 2010-07-27 09:06 -------- d-----w- c:\users\Kuba\AppData\Local\temp
2010-07-27 09:06 . 2010-07-27 09:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-27 08:11 . 2010-07-27 08:13 -------- d-----w- c:\program files\trend micro
2010-07-27 08:11 . 2010-07-27 08:13 -------- d-----w- C:\rsit
2010-07-27 08:06 . 2007-08-27 15:08 58 ----a-w- c:\windows\system32\msadio.dll
2010-07-27 07:59 . 2010-07-27 08:06 -------- d-----w- c:\program files\DVD-Cloner Platinum
2010-07-27 06:34 . 2010-07-27 07:59 -------- d-----w- c:\program files\Dvd-cloner
2010-07-26 15:33 . 2010-07-26 15:33 -------- d--h--w- c:\programdata\CanonBJ
2010-07-26 15:33 . 2006-11-02 09:46 70144 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL
2010-07-19 14:28 . 2010-07-19 14:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-07-19 14:28 . 2010-07-19 14:28 -------- d-----w- c:\program files\Java
2010-06-30 09:34 . 2010-06-30 09:34 -------- d-----w- c:\users\Kuba\AppData\Local\CAPCOM
2010-06-30 08:33 . 2010-06-30 08:33 -------- d-----w- c:\program files\CAPCOM
2010-06-30 08:30 . 2010-06-30 08:30 -------- d-----w- c:\windows\system32\xlive
2010-06-30 08:30 . 2010-06-30 08:31 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-30 01:00 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-30 01:00 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-30 01:00 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-30 01:00 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-30 01:00 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-29 07:24 . 2010-06-29 07:26 -------- d-----w- C:\TRANSLAT
2010-06-29 07:24 . 2010-06-29 07:26 -------- d-----w- c:\programdata\LangSoft
2010-06-29 07:24 . 2010-06-30 10:00 -------- d-----w- c:\users\Kuba\AppData\Roaming\LangSoft
2010-06-28 14:02 . 2010-06-28 14:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-28 13:26 . 2010-06-28 13:27 -------- d-----w- C:\Westwood
2010-06-28 13:25 . 1997-04-08 18:08 299520 ----a-w- c:\windows\uninst.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 08:54 . 2010-05-27 10:18 -------- d-----w- c:\programdata\NVIDIA
2010-07-27 08:38 . 2010-06-21 09:08 -------- d-----w- c:\program files\Common Files\Nero
2010-07-27 08:29 . 2010-06-21 09:08 -------- d-----w- c:\programdata\Nero
2010-07-27 08:26 . 2010-06-21 09:10 -------- d-----w- c:\program files\Nero
2010-07-27 07:55 . 2010-05-27 10:21 125437 ----a-w- c:\programdata\nvModes.dat
2010-07-27 05:45 . 2010-04-14 11:31 -------- d-----w- c:\users\Kuba\AppData\Roaming\ICQ
2010-07-20 07:40 . 2008-01-21 06:01 635756 ----a-w- c:\windows\system32\perfh005.dat
2010-07-20 07:40 . 2008-01-21 06:01 134582 ----a-w- c:\windows\system32\perfc005.dat
2010-07-15 01:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-15 01:03 . 2010-04-16 06:31 -------- d-----w- c:\programdata\Microsoft Help
2010-06-29 07:26 . 2010-06-29 07:26 798771 ----a-w- c:\programdata\LangSoft\WebIE.dll
2010-06-29 07:26 . 2010-06-29 07:26 45056 ----a-w- c:\programdata\LangSoft\TRNOEH.DLL
2010-06-29 07:26 . 2010-06-29 07:26 26624 ----a-w- c:\programdata\LangSoft\OETRN.EXE
2010-06-29 07:26 . 2010-06-29 07:26 200704 ----a-w- c:\programdata\LangSoft\TRNOET.DLL
2010-06-29 07:26 . 2010-06-29 07:26 356352 ----a-w- c:\programdata\LangSoft\TrnOutl.dll
2010-06-29 07:26 . 2010-06-29 07:26 299008 ----a-w- c:\programdata\LangSoft\TrnWord.dll
2010-06-22 04:32 . 2010-06-22 04:32 -------- d-----w- c:\users\Kuba\AppData\Roaming\Nero
2010-06-22 04:23 . 2010-04-12 13:06 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-22 04:23 . 2010-04-12 13:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-22 01:00 . 2010-06-22 01:00 -------- d-----w- c:\program files\MSXML 4.0
2010-06-21 09:08 . 2010-06-21 09:08 -------- d-----w- c:\users\Kuba\AppData\Roaming\BitSpirit
2010-06-21 09:08 . 2010-06-21 09:08 -------- d-----w- c:\program files\Common Files\BitSpirit
2010-06-21 09:08 . 2010-06-21 09:08 -------- d-----w- c:\program files\BitSpirit
2010-06-15 09:29 . 2010-04-12 13:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-06-15 08:11 . 2010-06-15 08:11 -------- d-----w- c:\program files\Google
2010-06-11 05:37 . 2010-04-14 11:30 -------- d-----w- c:\program files\ICQ7.1
2010-06-07 04:18 . 2010-06-02 08:59 -------- d-----w- c:\program files\Starcraft
2010-06-02 08:59 . 2010-06-02 08:59 12306 ----a-w- c:\windows\scunin.dat
2010-06-02 08:59 . 2010-06-02 08:59 967 ----a-w- c:\windows\ScUnin.pif
2010-06-02 08:59 . 2010-06-02 08:59 68096 ----a-w- c:\windows\ScUnin.exe
2010-06-02 08:00 . 2010-06-15 09:28 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-01 07:27 . 2010-06-01 07:27 -------- d-----w- c:\program files\Torrent Harvester
2010-05-27 10:07 . 2010-05-27 10:07 680 ----a-w- c:\users\Kuba\AppData\Local\d3d9caps.dat
2010-05-26 16:16 . 2010-06-10 07:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 07:20 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2010-04-09 11:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 08:36 . 2010-04-08 12:12 100432 ----a-w- c:\users\Kuba\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-06 20:59 . 2010-04-15 07:12 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:41 . 2010-04-15 07:13 307280 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-05-06 20:39 . 2010-04-15 07:13 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-04-15 07:13 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-04-15 07:13 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2010-04-15 07:13 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2010-04-15 07:13 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-04 05:59 . 2010-06-10 07:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 07:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-10 07:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-10 07:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-10 07:20 2036224 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-05-06 21:02 151648 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"OEXPRESS"="c:\programdata\LangSoft\OETRN.EXE" [2010-06-29 26624]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-06-08 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-03-17 1302528]
"SoundTray"="c:\program files\Analog Devices\SoundMAX\SoundTray.exe" [2008-03-26 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-12-16 4375032]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-12-16 165144]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-07-19 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 Terrex Network Service Version 2.1;Terrex Network Service Version 2.1;c:\program files\Terrex\TerraVista 5.1\Bin\networksvc.exe [2006-09-29 298496]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-14 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí &BitSpiritu - c:\program files\BitSpirit\bsurl.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Nektra OEAPI - (no file)
AddRemove-PC Translator - c:\users\Kuba\AppData\Local\Temp\UN32.EXE
AddRemove-Rainbow Sentinel Driver - c:\windows\SYSTEM32\RNBOSENT\SETUPX86.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-27 11:06
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-07-27 11:11:35
ComboFix-quarantined-files.txt 2010-07-27 09:11
Před spuštěním: Volných bajtů: 71 791 284 224
Po spuštění: Volných bajtů: 79 584 935 936
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 0471F828927D0CBF0AADC5B633385CAC
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.3326.2218 [GMT 2:00]
Spuštěný z: c:\download\Wii\wComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-27 do 2010-07-27 )))))))))))))))))))))))))))))))
.
2010-07-27 09:06 . 2010-07-27 09:06 -------- d-----w- c:\users\Kuba\AppData\Local\temp
2010-07-27 09:06 . 2010-07-27 09:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-27 08:11 . 2010-07-27 08:13 -------- d-----w- c:\program files\trend micro
2010-07-27 08:11 . 2010-07-27 08:13 -------- d-----w- C:\rsit
2010-07-27 08:06 . 2007-08-27 15:08 58 ----a-w- c:\windows\system32\msadio.dll
2010-07-27 07:59 . 2010-07-27 08:06 -------- d-----w- c:\program files\DVD-Cloner Platinum
2010-07-27 06:34 . 2010-07-27 07:59 -------- d-----w- c:\program files\Dvd-cloner
2010-07-26 15:33 . 2010-07-26 15:33 -------- d--h--w- c:\programdata\CanonBJ
2010-07-26 15:33 . 2006-11-02 09:46 70144 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL
2010-07-19 14:28 . 2010-07-19 14:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-07-19 14:28 . 2010-07-19 14:28 -------- d-----w- c:\program files\Java
2010-06-30 09:34 . 2010-06-30 09:34 -------- d-----w- c:\users\Kuba\AppData\Local\CAPCOM
2010-06-30 08:33 . 2010-06-30 08:33 -------- d-----w- c:\program files\CAPCOM
2010-06-30 08:30 . 2010-06-30 08:30 -------- d-----w- c:\windows\system32\xlive
2010-06-30 08:30 . 2010-06-30 08:31 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-30 01:00 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-30 01:00 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-30 01:00 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-30 01:00 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-30 01:00 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-29 07:24 . 2010-06-29 07:26 -------- d-----w- C:\TRANSLAT
2010-06-29 07:24 . 2010-06-29 07:26 -------- d-----w- c:\programdata\LangSoft
2010-06-29 07:24 . 2010-06-30 10:00 -------- d-----w- c:\users\Kuba\AppData\Roaming\LangSoft
2010-06-28 14:02 . 2010-06-28 14:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-28 13:26 . 2010-06-28 13:27 -------- d-----w- C:\Westwood
2010-06-28 13:25 . 1997-04-08 18:08 299520 ----a-w- c:\windows\uninst.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 08:54 . 2010-05-27 10:18 -------- d-----w- c:\programdata\NVIDIA
2010-07-27 08:38 . 2010-06-21 09:08 -------- d-----w- c:\program files\Common Files\Nero
2010-07-27 08:29 . 2010-06-21 09:08 -------- d-----w- c:\programdata\Nero
2010-07-27 08:26 . 2010-06-21 09:10 -------- d-----w- c:\program files\Nero
2010-07-27 07:55 . 2010-05-27 10:21 125437 ----a-w- c:\programdata\nvModes.dat
2010-07-27 05:45 . 2010-04-14 11:31 -------- d-----w- c:\users\Kuba\AppData\Roaming\ICQ
2010-07-20 07:40 . 2008-01-21 06:01 635756 ----a-w- c:\windows\system32\perfh005.dat
2010-07-20 07:40 . 2008-01-21 06:01 134582 ----a-w- c:\windows\system32\perfc005.dat
2010-07-15 01:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-15 01:03 . 2010-04-16 06:31 -------- d-----w- c:\programdata\Microsoft Help
2010-06-29 07:26 . 2010-06-29 07:26 798771 ----a-w- c:\programdata\LangSoft\WebIE.dll
2010-06-29 07:26 . 2010-06-29 07:26 45056 ----a-w- c:\programdata\LangSoft\TRNOEH.DLL
2010-06-29 07:26 . 2010-06-29 07:26 26624 ----a-w- c:\programdata\LangSoft\OETRN.EXE
2010-06-29 07:26 . 2010-06-29 07:26 200704 ----a-w- c:\programdata\LangSoft\TRNOET.DLL
2010-06-29 07:26 . 2010-06-29 07:26 356352 ----a-w- c:\programdata\LangSoft\TrnOutl.dll
2010-06-29 07:26 . 2010-06-29 07:26 299008 ----a-w- c:\programdata\LangSoft\TrnWord.dll
2010-06-22 04:32 . 2010-06-22 04:32 -------- d-----w- c:\users\Kuba\AppData\Roaming\Nero
2010-06-22 04:23 . 2010-04-12 13:06 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-22 04:23 . 2010-04-12 13:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-22 01:00 . 2010-06-22 01:00 -------- d-----w- c:\program files\MSXML 4.0
2010-06-21 09:08 . 2010-06-21 09:08 -------- d-----w- c:\users\Kuba\AppData\Roaming\BitSpirit
2010-06-21 09:08 . 2010-06-21 09:08 -------- d-----w- c:\program files\Common Files\BitSpirit
2010-06-21 09:08 . 2010-06-21 09:08 -------- d-----w- c:\program files\BitSpirit
2010-06-15 09:29 . 2010-04-12 13:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-06-15 08:11 . 2010-06-15 08:11 -------- d-----w- c:\program files\Google
2010-06-11 05:37 . 2010-04-14 11:30 -------- d-----w- c:\program files\ICQ7.1
2010-06-07 04:18 . 2010-06-02 08:59 -------- d-----w- c:\program files\Starcraft
2010-06-02 08:59 . 2010-06-02 08:59 12306 ----a-w- c:\windows\scunin.dat
2010-06-02 08:59 . 2010-06-02 08:59 967 ----a-w- c:\windows\ScUnin.pif
2010-06-02 08:59 . 2010-06-02 08:59 68096 ----a-w- c:\windows\ScUnin.exe
2010-06-02 08:00 . 2010-06-15 09:28 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-01 07:27 . 2010-06-01 07:27 -------- d-----w- c:\program files\Torrent Harvester
2010-05-27 10:07 . 2010-05-27 10:07 680 ----a-w- c:\users\Kuba\AppData\Local\d3d9caps.dat
2010-05-26 16:16 . 2010-06-10 07:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 07:20 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2010-04-09 11:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 08:36 . 2010-04-08 12:12 100432 ----a-w- c:\users\Kuba\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-06 20:59 . 2010-04-15 07:12 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:41 . 2010-04-15 07:13 307280 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-05-06 20:39 . 2010-04-15 07:13 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-04-15 07:13 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-04-15 07:13 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2010-04-15 07:13 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2010-04-15 07:13 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-04 05:59 . 2010-06-10 07:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 07:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-10 07:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-10 07:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-10 07:20 2036224 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-05-06 21:02 151648 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"OEXPRESS"="c:\programdata\LangSoft\OETRN.EXE" [2010-06-29 26624]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-06-08 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-03-17 1302528]
"SoundTray"="c:\program files\Analog Devices\SoundMAX\SoundTray.exe" [2008-03-26 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-12-16 4375032]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-12-16 165144]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-07-19 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 Terrex Network Service Version 2.1;Terrex Network Service Version 2.1;c:\program files\Terrex\TerraVista 5.1\Bin\networksvc.exe [2006-09-29 298496]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-14 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí &BitSpiritu - c:\program files\BitSpirit\bsurl.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Nektra OEAPI - (no file)
AddRemove-PC Translator - c:\users\Kuba\AppData\Local\Temp\UN32.EXE
AddRemove-Rainbow Sentinel Driver - c:\windows\SYSTEM32\RNBOSENT\SETUPX86.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-27 11:06
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-07-27 11:11:35
ComboFix-quarantined-files.txt 2010-07-27 09:11
Před spuštěním: Volných bajtů: 71 791 284 224
Po spuštění: Volných bajtů: 79 584 935 936
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 0471F828927D0CBF0AADC5B633385CAC
Re: prosim o kontrolu logu
O.K. Klikněte ještě na MBAM v mém podpise a udělejte scan. Log také sem.
Re: prosim o kontrolu logu
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4356
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928
27.7.2010 12:01:43
mbam-log-2010-07-27 (12-01-43).txt
Typ skenu: Rychlý sken
Skenované objekty: 135701
Uplynulý čas: 6 minuta(y), 30 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
www.malwarebytes.org
Verze databáze: 4356
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928
27.7.2010 12:01:43
mbam-log-2010-07-27 (12-01-43).txt
Typ skenu: Rychlý sken
Skenované objekty: 135701
Uplynulý čas: 6 minuta(y), 30 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Re: prosim o kontrolu logu
No já tam taky nic nevidím.
Ještě uděláme toto:
stáhněte GMER a aplikujte. Potom sem zkopírujte oba logy.
Ještě uděláme toto:
Po vyčištění počítače podle tohoto návodu: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878► Stáhni si a spusť program StartUpLite - http://www.malwarebytes.org/StartUpLite.exe
- Program vypíše seznam zbytečných programů spouštějících se při startu Windows
- K vypnutí spouštění těchto programů zaškrtni u příslušných řádků Disable a klikni na Continue
► Vyčisti počítač od nepotřebných souborů, vyčisti a optimalizuj registry:
Stáhni, nainstaluj a spusť program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- Klikni na Cleaner -> záložku Windows a stiskni Analyze a poté Run Cleaner
- Klikni na záložku Applications a stiskni Analyze a poté Run Cleaner
- Klikni na Issues, stiskni Scan for Issues, po dokončení skenování klikni na Fix selected issues, zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Fix all selected issues
stáhněte GMER a aplikujte. Potom sem zkopírujte oba logy.
Přispějete na provoz fóra?