kontrola logu, moc prosím

Zpráva

Tosho · #1 Příspěvek od **Tosho** » 26 zář 2010 22:00

Dobrý den,
mám problémy s ovladačem na wifi a myslím si že v tom je nějaká havěť
antiviráky nic nenašly ale přesto bych prosil o kontrolu mého logu:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Honza at 2010-09-26 22:50:39
Microsoft Windows 7 Home Premium
System drive C: has 67 GB (67%) free of 100 GB
Total RAM: 3071 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:50:40, on 26.9.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Users\Honza\Desktop\RSIT.exe
C:\Program Files\trend micro\Honza.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: HGKWMGKZGZXJ - Unknown owner - C:\Users\Honza\AppData\Local\Temp\HGKWMGKZGZXJ.exe (file missing)
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UWCISGARG - Unknown owner - C:\Users\Honza\AppData\Local\Temp\UWCISGARG.exe (file missing)
O23 - Service: XTNORVEH - Unknown owner - C:\Users\Honza\AppData\Local\Temp\XTNORVEH.exe (file missing)

--
End of file - 7364 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-09-20 1241552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-09-20 1241552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-14 7617056]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2009-07-22 83336]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2009-08-05 2072576]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-04-06 102400]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-07-27 1983816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-18 767312]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-01-12 37888]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-09-24 3037696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-26 22:40:41 ----D---- C:\rsit
2010-09-26 22:40:41 ----D---- C:\Program Files\trend micro
2010-09-26 21:46:12 ----D---- C:\Program Files\Atheros
2010-09-26 21:44:02 ----A---- C:\Windows\system32\athr.sys
2010-09-26 21:43:44 ----D---- C:\ProgramData\Atheros
2010-09-25 16:03:47 ----A---- C:\Windows\system32\msvcr71.DLL
2010-09-25 16:03:47 ----A---- C:\Windows\system32\msvcp71.dll
2010-09-25 16:03:47 ----A---- C:\Windows\system32\MFC71.dll
2010-09-25 16:03:47 ----A---- C:\Windows\system32\ccrpTmr.dll
2010-09-25 15:36:47 ----D---- C:\Users\Honza\AppData\Roaming\Mozart 10
2010-09-24 15:26:22 ----D---- C:\Program Files\Crawler
2010-09-24 15:26:19 ----A---- C:\Windows\system32\drivers\sp_rsdrv2.sys
2010-09-24 15:26:18 ----D---- C:\Users\Honza\AppData\Roaming\Spyware Terminator
2010-09-24 15:26:16 ----D---- C:\ProgramData\Spyware Terminator
2010-09-24 15:26:16 ----D---- C:\Program Files\Spyware Terminator
2010-09-24 15:21:11 ----D---- C:\Program Files\CCleaner
2010-09-22 16:28:23 ----D---- C:\Program Files\2K Games
2010-09-16 16:38:19 ----D---- C:\Users\Honza\AppData\Roaming\Ashampoo
2010-09-16 06:55:48 ----A---- C:\Windows\system32\iertutil.dll
2010-09-16 06:45:31 ----A---- C:\Windows\system32\spoolsv.exe
2010-08-28 18:20:18 ----D---- C:\ProgramData\ashampoo
2010-08-28 18:20:13 ----D---- C:\Program Files\Ashampoo

======List of files/folders modified in the last 1 months======

2010-09-26 22:50:30 ----D---- C:\Windows\Temp
2010-09-26 22:47:11 ----D---- C:\Windows
2010-09-26 22:40:41 ----RD---- C:\Program Files
2010-09-26 21:55:38 ----D---- C:\Users\Honza\AppData\Roaming\ICQ
2010-09-26 21:52:30 ----D---- C:\Windows\system32\NDF
2010-09-26 21:46:53 ----D---- C:\Windows\system32\config
2010-09-26 21:46:12 ----D---- C:\Windows\System32
2010-09-26 21:46:11 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-26 21:44:15 ----D---- C:\Windows\system32\catroot
2010-09-26 21:44:14 ----D---- C:\Windows\system32\DriverStore
2010-09-26 21:44:13 ----D---- C:\Windows\inf
2010-09-26 21:43:44 ----HD---- C:\ProgramData
2010-09-26 08:45:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-25 16:38:36 ----D---- C:\Program Files\Mozilla Firefox
2010-09-25 15:36:57 ----SD---- C:\Users\Honza\AppData\Roaming\Microsoft
2010-09-25 15:36:57 ----SD---- C:\ProgramData\Microsoft
2010-09-25 15:36:42 ----RSD---- C:\Windows\Fonts
2010-09-24 16:54:01 ----D---- C:\Windows\Prefetch
2010-09-24 16:37:43 ----SHD---- C:\System Volume Information
2010-09-24 15:35:20 ----D---- C:\Windows\system32\drivers
2010-09-24 15:22:51 ----D---- C:\Windows\debug
2010-09-20 13:54:11 ----D---- C:\Windows\system32\catroot2
2010-09-16 14:34:21 ----D---- C:\Windows\winsxs
2010-09-16 06:56:00 ----A---- C:\Windows\system32\MRT.exe
2010-09-01 17:53:56 ----D---- C:\Windows\SoftwareDistribution
2010-08-28 20:42:42 ----D---- C:\Program Files\The KMPlayer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-08 691696]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-09-24 142592]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-07-28 69480]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-14 2662624]
R3 netr28;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28.sys [2009-08-04 616960]
R3 SiSGbeLH;SiS191/SiS190 – ovladač NDIS 6.0 zařízení sítě Ethernet; C:\Windows\system32\DRIVERS\SiSGB6.sys [2009-07-14 48128]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2009-06-17 46984]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2008-01-24 48904]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 azveazbe;azveazbe; C:\Windows\system32\drivers\azveazbe.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 cpuz130;cpuz130; \??\C:\Users\Honza\AppData\Local\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-09-17 27672]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-06-04 166912]
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2009-07-07 168936]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2009-06-19 42472]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2009-06-19 79872]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 21608]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2009-07-27 55680]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2009-07-28 49016]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2008-01-24 29192]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2008-01-24 14728]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-04-07 172032]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-05-21 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [2009-07-09 160768]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-09-24 488960]
R3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-07-30 144752]
S3 HGKWMGKZGZXJ;HGKWMGKZGZXJ; C:\Users\Honza\AppData\Local\Temp\HGKWMGKZGZXJ.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]
S3 UWCISGARG;UWCISGARG; C:\Users\Honza\AppData\Local\Temp\UWCISGARG.exe []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1343400]
S3 XTNORVEH;XTNORVEH; C:\Users\Honza\AppData\Local\Temp\XTNORVEH.exe []

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 26 zář 2010 22:23

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Tosho · #3 Příspěvek od **Tosho** » 27 zář 2010 06:14

ComboFix 10-09-25.07 - Honza 27.09.2010 6:54.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.2302 [GMT 2:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-08-27 do 2010-09-27 )))))))))))))))))))))))))))))))
.

2010-09-26 20:40 . 2010-09-26 20:50 -------- d-----w- c:\program files\trend micro
2010-09-26 20:40 . 2010-09-26 20:41 -------- d-----w- C:\rsit
2010-09-26 19:46 . 2010-09-26 19:46 -------- d-----w- c:\program files\Atheros
2010-09-26 19:44 . 2009-10-05 07:31 1221632 ----a-w- c:\windows\system32\athr.sys
2010-09-26 19:43 . 2010-09-26 19:43 -------- d-----w- c:\programdata\Atheros
2010-09-25 14:03 . 2006-05-29 10:03 81408 ----a-w- c:\windows\system32\ccrpTmr.dll
2010-09-25 14:03 . 2006-01-31 07:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-25 14:03 . 2003-03-19 05:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-09-25 14:03 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.DLL
2010-09-25 13:36 . 2010-09-25 13:36 -------- d-----w- c:\users\Honza\AppData\Roaming\Mozart 10
2010-09-24 13:26 . 2010-09-24 13:26 -------- d-----w- c:\program files\Crawler
2010-09-24 13:26 . 2010-09-24 13:26 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-09-24 13:26 . 2010-09-24 13:26 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-09-24 13:26 . 2010-09-24 13:26 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-09-24 13:26 . 2010-09-27 04:48 -------- d-----w- c:\users\Honza\AppData\Roaming\Spyware Terminator
2010-09-24 13:26 . 2010-09-27 04:49 -------- d-----w- c:\programdata\Spyware Terminator
2010-09-24 13:26 . 2010-09-24 13:27 -------- d-----w- c:\program files\Spyware Terminator
2010-09-24 13:21 . 2010-09-24 13:21 -------- d-----w- c:\program files\CCleaner
2010-09-22 14:49 . 2010-09-22 14:49 -------- d-----w- c:\users\Honza\AppData\Local\2K Games
2010-09-22 14:28 . 2010-09-22 14:28 -------- d-----w- c:\program files\2K Games
2010-09-16 14:38 . 2010-09-16 14:38 -------- d-----w- c:\users\Honza\AppData\Roaming\Ashampoo
2010-09-16 04:45 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-09 04:57 . 2010-09-21 18:05 -------- d-----w- c:\users\Honza\AppData\Local\ElevatedDiagnostics
2010-08-28 16:20 . 2010-08-28 16:20 -------- d-----w- c:\users\Honza\AppData\Local\ashampoo
2010-08-28 16:20 . 2010-08-28 16:20 -------- d-----w- c:\programdata\ashampoo
2010-08-28 16:20 . 2010-08-28 16:20 -------- d-----w- c:\program files\Ashampoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 21:03 . 2010-05-23 12:54 -------- d-----w- c:\users\Honza\AppData\Roaming\ICQ
2010-09-26 19:46 . 2010-05-21 08:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-26 06:45 . 2009-07-14 08:44 622660 ----a-w- c:\windows\system32\perfh005.dat
2010-09-26 06:45 . 2009-07-14 08:44 118810 ----a-w- c:\windows\system32\perfc005.dat
2010-09-25 14:18 . 2010-05-21 10:03 115080 ----a-w- c:\users\Honza\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-28 18:42 . 2010-06-11 14:56 -------- d-----w- c:\program files\The KMPlayer
2010-08-23 18:06 . 2010-05-26 15:38 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-08-14 15:11 . 2010-08-14 15:11 617 ----a-w- c:\windows\eReg.dat
2010-08-14 15:08 . 2010-08-14 15:08 -------- d-----w- c:\program files\EA Games
2010-08-14 15:03 . 2010-05-21 08:53 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-11 18:47 . 2010-08-11 18:47 -------- d-----w- c:\program files\7-Zip
2010-08-01 22:06 . 2010-05-23 12:54 -------- d-----w- c:\program files\ICQ6.5
2010-07-29 06:30 . 2010-08-11 15:54 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 15:54 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-22 09:08 . 2010-07-22 09:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 09:51 . 2010-07-09 09:27 52337 ----a-w- c:\windows\War3Unin.dat
2010-07-09 09:41 . 2010-07-09 09:27 2829 ----a-w- c:\windows\War3Unin.pif
2010-07-09 09:41 . 2010-07-09 09:27 139264 ----a-w- c:\windows\War3Unin.exe
2010-07-08 10:57 . 2010-07-08 10:57 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-30 06:25 . 2010-08-11 15:54 978432 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-09-24 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-14 7617056]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

R3 cpuz130;cpuz130;c:\users\Honza\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 HGKWMGKZGZXJ;HGKWMGKZGZXJ;c:\users\Honza\AppData\Local\Temp\HGKWMGKZGZXJ.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 166912]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 UWCISGARG;UWCISGARG;c:\users\Honza\AppData\Local\Temp\UWCISGARG.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1343400]
R3 XTNORVEH;XTNORVEH;c:\users\Honza\AppData\Local\Temp\XTNORVEH.exe [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-08 691696]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-09-24 142592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-08-04 616960]
S3 SiSGbeLH;SiS191/SiS190 – ovladač NDIS 6.0 zařízení sítě Ethernet;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\nq3nkj5v.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60327&qkw=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-09-27 07:00:48
ComboFix-quarantined-files.txt 2010-09-27 05:00

Před spuštěním: Volných bajtů: 70 223 548 416
Po spuštění: Volných bajtů: 69 874 814 976

- - End Of File - - E905D58B5E1AB779E454A0BE1FA74684

#4 Příspěvek od **Rudy** » 27 zář 2010 16:28

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\users\Honza\AppData\Local\Temp\HGKWMGKZGZXJ.exe
c:\users\Honza\AppData\Local\Temp\XTNORVEH.exe

Driver::
HGKWMGKZGZXJ
XTNORVEH

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pustte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

VIRY.CZ

kontrola logu, moc prosím

kontrola logu, moc prosím

Re: kontrola logu, moc prosím

Re: kontrola logu, moc prosím

Re: kontrola logu, moc prosím