Zamrzání notebooku

Zpráva

rakato11 · #1 Příspěvek od **rakato11** » 26 lis 2010 21:06

Přeji všem dobrý večer.Nedávno jsem zde toto řešil tady ( http://www.viry.cz/forum/viewtopic.php?f=30&t=106449 ),chvíli byl pokoj a nyní se opět notebook začal zasekávat.Počítač jsem proskenoval antivírem AVÍRA,ten tam našel 3 šmejdy: TR/FraudPack.kvb.10, TR/Trash.Gen, TR/Crypt.XPACK.Gen.Ty jsem odstranil,ale notebook stále stávkuje.Prosím o zkontrolování logu.Děkuji.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Otakar Vavrečka at 2010-11-26 21:05:27
Microsoft Windows 7 Home Premium
System drive C: has 126 GB (80%) free of 158 GB
Total RAM: 3066 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:05:41, on 26.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\MSTMON_N.EXE
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Users\Otakar Vavrečka\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\taskeng.exe
C:\Users\Otakar Vavrečka\Desktop\RSIT.exe
C:\Program Files\trend micro\Otakar Vavrečka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14656&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\windows\system32\MSTMON_N.EXE
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Otakar Vavrečka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASO3DiskOptimizer - Systweak Inc., (www.systweak.com) - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11894 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyA0.dll [2010-09-28 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-25 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-25 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-07-23 98576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyA0.dll [2010-09-28 2735200]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-25 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-07-27 288312]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-08-25 186904]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2009-06-18 563736]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-07-23 498744]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-06 281768]
"KONICA MINOLTA PagePro 1300WStatusDisplay"=C:\windows\system32\MSTMON_N.EXE [2004-11-25 151552]
"acevents"=C:\Program Files\ActivIdentity\ActivClient\acevents.exe [2009-06-03 153640]
"accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2009-06-03 400936]
"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2009-07-30 354360]
"CognizanceTS"=C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2009-07-23 24848]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-03 98304]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-07-16 1668664]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"eyeBeam SIP Client"=C:\Program Files\CounterPath\X-Lite\x-lite.exe [2010-01-04 23941120]
"Google Update"=C:\Users\Otakar Vavrečka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 135664]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-24 39408]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-10-19 328056]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Otakar Vavrečka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=2

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-11-23 17:16:04 ----A---- C:\TDSSKiller.2.4.8.0_23.11.2010_17.16.04_log.txt
2010-11-23 17:15:12 ----A---- C:\windows\system32\drivers\eula.txt
2010-11-23 17:12:21 ----A---- C:\TDSSKiller.2.4.8.0_23.11.2010_17.12.21_log.txt
2010-11-14 13:00:33 ----A---- C:\ComboFix.txt
2010-11-14 12:59:38 ----SHD---- C:\$RECYCLE.BIN
2010-11-14 12:51:48 ----A---- C:\windows\SWXCACLS.exe
2010-11-13 21:19:52 ----D---- C:\Program Files\Yamicsoft
2010-11-12 20:27:47 ----A---- C:\windows\zip.exe
2010-11-12 20:27:47 ----A---- C:\windows\SWSC.exe
2010-11-12 20:27:47 ----A---- C:\windows\SWREG.exe
2010-11-12 20:27:47 ----A---- C:\windows\sed.exe
2010-11-12 20:27:47 ----A---- C:\windows\NIRCMD.exe
2010-11-12 20:27:47 ----A---- C:\windows\MBR.exe
2010-11-12 20:27:47 ----A---- C:\windows\grep.exe
2010-11-12 08:51:08 ----D---- C:\Device
2010-11-12 08:43:30 ----D---- C:\windows\ERDNT
2010-11-11 21:21:29 ----D---- C:\windows\temp
2010-11-11 20:45:50 ----A---- C:\windows\PEV.exe
2010-11-11 20:45:14 ----D---- C:\Qoobox
2010-11-10 20:11:31 ----D---- C:\rsit
2010-11-10 20:11:31 ----D---- C:\Program Files\trend micro
2010-11-06 23:37:34 ----D---- C:\Program Files\EAGLE-5.4.0
2010-10-31 21:44:27 ----D---- C:\Users\Otakar Vavrečka\AppData\Roaming\IObit
2010-10-31 21:06:35 ----D---- C:\Program Files\Your Uninstaller 2010
2010-10-27 07:45:26 ----A---- C:\windows\system32\msdri.dll
2010-10-27 07:45:26 ----A---- C:\windows\system32\CPFilters.dll
2010-10-27 07:45:22 ----A---- C:\windows\system32\drivers\Diskdump.sys

======List of files/folders modified in the last 1 months======

2010-11-26 21:05:39 ----D---- C:\windows\Prefetch
2010-11-26 21:02:25 ----D---- C:\Users\Otakar Vavrečka\AppData\Roaming\uTorrent
2010-11-26 20:14:46 ----D---- C:\windows\system32\config
2010-11-26 20:13:19 ----SHD---- C:\System Volume Information
2010-11-25 15:08:31 ----D---- C:\Users\Otakar Vavrečka\AppData\Roaming\Skype
2010-11-25 14:12:12 ----D---- C:\Users\Otakar Vavrečka\AppData\Roaming\skypePM
2010-11-25 14:09:56 ----D---- C:\windows\system32\catroot2
2010-11-25 13:55:52 ----AD---- C:\ProgramData\TEMP
2010-11-24 09:30:24 ----D---- C:\Program Files\Internet Explorer
2010-11-24 09:30:22 ----D---- C:\windows\winsxs
2010-11-24 07:08:56 ----D---- C:\windows\system32\catroot
2010-11-23 17:17:21 ----D---- C:\windows\system32\drivers
2010-11-21 12:56:38 ----D---- C:\windows\System32
2010-11-21 12:56:38 ----D---- C:\windows\inf
2010-11-21 12:56:38 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-11-21 09:29:07 ----D---- C:\Program Files\JDownloader
2010-11-21 08:50:55 ----D---- C:\ProgramData\PDFC
2010-11-14 12:58:44 ----D---- C:\Windows
2010-11-14 12:58:44 ----A---- C:\windows\system.ini
2010-11-14 12:56:08 ----D---- C:\windows\AppPatch
2010-11-14 12:56:07 ----D---- C:\Program Files\Common Files
2010-11-13 22:10:12 ----D---- C:\windows\system32\wbem
2010-11-13 22:09:30 ----D---- C:\Users\Otakar Vavrečka\AppData\Roaming\IrfanView
2010-11-13 22:09:30 ----D---- C:\Users\Otakar Vavrečka\AppData\Roaming\CadSoft
2010-11-13 22:09:30 ----D---- C:\Program Files\Mozilla Firefox
2010-11-13 22:09:28 ----SHD---- C:\windows\Installer
2010-11-13 22:09:28 ----D---- C:\windows\Tasks
2010-11-13 22:09:28 ----D---- C:\windows\system32\Tasks
2010-11-13 22:09:28 ----D---- C:\windows\system32\DriverStore
2010-11-13 22:09:28 ----D---- C:\windows\system32\drivers\etc
2010-11-13 22:09:28 ----D---- C:\windows\system32\CodeIntegrity
2010-11-13 22:09:28 ----D---- C:\windows\registration
2010-11-13 21:34:52 ----RD---- C:\Program Files
2010-11-13 21:34:36 ----D---- C:\Program Files\WinRAR
2010-11-13 21:19:53 ----SD---- C:\Users\Otakar Vavrečka\AppData\Roaming\Microsoft
2010-11-13 21:09:50 ----D---- C:\windows\system32\wfp
2010-11-13 04:38:42 ----D---- C:\windows\AppCompat
2010-11-12 09:18:09 ----A---- C:\windows\system32\MRT.exe
2010-11-12 09:04:34 ----RD---- C:\Users
2010-11-12 09:04:32 ----D---- C:\ProgramData
2010-11-06 08:43:56 ----D---- C:\Program Files\Opera
2010-11-06 08:43:44 ----D---- C:\Users\Otakar Vavrečka\AppData\Roaming\ICQ
2010-11-03 09:21:13 ----A---- C:\Users\Otakar Vavrečka\AppData\Roaming\burnaware.ini
2010-11-01 12:40:30 ----D---- C:\Program Files\ICQ7.2
2010-10-28 14:04:33 ----D---- C:\windows\rescache
2010-10-27 20:08:43 ----D---- C:\windows\Microsoft.NET
2010-10-27 20:08:06 ----RSD---- C:\windows\assembly
2010-10-27 09:14:53 ----D---- C:\windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2010-06-15 25656]
R0 iaStor;Intel RAID Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-08-07 330264]
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2009-07-09 45200]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2009-07-29 109216]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-07-29 51408]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2009-07-29 12960]
R1 avipbb;avipbb; C:\windows\system32\DRIVERS\avipbb.sys [2010-11-06 126856]
R1 mfehidk;McAfee Inc. mfehidk; C:\windows\system32\drivers\mfehidk.sys [2009-05-16 214024]
R1 mfetdik;McAfee Inc. mfetdik; C:\windows\system32\drivers\mfetdik.sys [2009-05-16 55336]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2009-07-29 12528]
R1 ssmdrv;ssmdrv; C:\windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 avgntflt;avgntflt; C:\windows\system32\DRIVERS\avgntflt.sys [2010-11-23 61960]
R2 cpuz133;cpuz133; \??\C:\windows\system32\drivers\cpuz133_x32.sys [2010-05-11 20072]
R3 5U876UVC;HP Webcam [2 MP series]; C:\windows\system32\DRIVERS\5U876.sys [2009-06-30 118656]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2010-06-15 33848]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2009-05-18 381440]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2009-07-27 1161664]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 214016]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\windows\system32\drivers\AtiHdmi.sys [2009-07-24 103440]
R3 BCM43XX;Broadcom 802.11 - ovládač sieťového adaptéru; C:\windows\system32\DRIVERS\bcmwl6.sys [2010-04-12 2506232]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
S2 MLPTDR_N;MLPTDR_N; \??\C:\windows\system32\MLPTDR_N.SYS [2003-07-19 18848]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2009-07-01 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
S3 catchme;catchme; \??\C:\Users\OTAKAR~1\AppData\Local\Temp\catchme.sys []
S3 cpuz132;cpuz132; \??\C:\Users\OTAKAR~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys []
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
S3 MfeAVFK;McAfee Inc. MfeAVFK; C:\windows\system32\drivers\MfeAVFK.sys [2009-05-16 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK; C:\windows\system32\drivers\MfeBOPK.sys [2009-05-16 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK; C:\windows\system32\drivers\MfeRKDK.sys [2009-05-16 34248]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 30720]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ac.sharedstore;ActivIdentity Shared Store Service; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2008-07-15 90112]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-07-27 14336]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2010-08-04 176128]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-11-06 267944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-06 135336]
R2 ASBroker;Logon Session Broker; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 ASChannel;Local Communication Channel; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer; C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe [2010-09-27 239928]
R2 ATService;AuthenTec Fingerprint Service; C:\Program Files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-30 582944]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-03-24 121344]
R2 HpFkCryptService;Drive Encryption Service; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2010-06-15 26168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-08-25 354840]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 yksvc;Marvell Yukon Service; C:\windows\System32\svchost.exe [2009-07-14 20992]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-24 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-24 182768]
S3 HP ProtectTools Service;HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-07-30 45056]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2009-04-30 74392]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 26 lis 2010 21:30

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

rakato11 · #3 Příspěvek od **rakato11** » 27 lis 2010 01:17

Zde je log z Combofix:

ComboFix 10-11-25.06 - Otakar Vavrečka 26.11.2010 22:31:50.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.3066.1982 [GMT 1:00]
Running from: c:\users\Otakar Vavrečka\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-10-26 to 2010-11-26 )))))))))))))))))))))))))))))))
.

2010-11-26 21:51 . 2010-11-26 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-26 07:50 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDDEF398-E356-4D85-9206-5C4177469575}\mpengine.dll
2010-11-24 06:09 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-13 20:19 . 2010-11-13 20:19 -------- d-----w- c:\program files\Yamicsoft
2010-11-13 11:17 . 2010-11-26 21:51 -------- d-----w- c:\users\Otakar Vavrečka\AppData\Local\temp
2010-11-12 07:51 . 2010-11-12 07:51 -------- d-----w- C:\Device
2010-11-10 19:11 . 2010-11-26 20:05 -------- d-----w- c:\program files\trend micro
2010-11-10 19:11 . 2010-11-10 19:12 -------- d-----w- C:\rsit
2010-11-06 22:37 . 2010-11-07 17:58 -------- d-----w- c:\program files\EAGLE-5.4.0
2010-10-31 20:44 . 2010-10-31 21:10 -------- d-----w- c:\users\Otakar Vavrečka\AppData\Roaming\IObit
2010-10-31 20:06 . 2010-10-31 20:06 -------- d-----w- c:\program files\Your Uninstaller 2010

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 17:34 . 2010-04-12 08:49 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-06 18:44 . 2010-04-12 08:49 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-19 09:41 . 2010-04-12 09:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-04-20 19:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 04:30 . 2010-10-13 21:08 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-13 21:08 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-13 21:08 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-13 21:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-13 21:07 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-13 21:07 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-13 21:08 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-13 21:08 954288 ----a-w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyA0.dll" [2010-09-28 2735200]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-09-28 08:36 2735200 ----a-w- c:\program files\MyAshampoo\tbMyA0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyA0.dll" [2010-09-28 2735200]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA0.dll" [2010-09-28 2735200]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"eyeBeam SIP Client"="c:\program files\CounterPath\X-Lite\x-lite.exe" [2010-01-04 23941120]
"Google Update"="c:\users\Otakar Vavrečka\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-24 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-24 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-19 328056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]
"KONICA MINOLTA PagePro 1300WStatusDisplay"="c:\windows\system32\MSTMON_N.EXE" [2004-11-25 151552]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-07-30 354360]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-23 24848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\users\Otakar Vavreźka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 135664]
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [2003-07-19 18848]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-07-30 45056]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-06 135336]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [2010-09-27 239928]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-05-11 20072]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-06-15 26168]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-06-30 12:01 118656]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 214016]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
GPSvcGroup REG_MULTI_SZ GPSvc
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 18:50]

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 18:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com?o=14656&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sk_SK&c=92&bd=all&pf=cmnb
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\dnr21fna.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CPUID&o=14654&locale=en_EU&apn_uid=1B6EDB93-958C-442F-9BA7-AE4B064CD855&apn_ptnrs=CV&apn_sauid=54F31988-2E7D-4AA6-8245-F1464BC9042C&apn_dtid=YYYYYYYYCZ&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\dnr21fna.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\dnr21fna.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_ rev.FC4O -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: >>UNKNOWN [0x82C3D000]<< >>UNKNOWN [0x8BBCE000]<< >>UNKNOWN [0x8C9E2000]<< >>UNKNOWN [0x8C9A7000]<< >>UNKNOWN [0x82C06000]<< >>UNKNOWN [0x8BCE6000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x82C79458] -> \Device\Harddisk0\DR0[0x8777C030]
\Driver\Disk[0x8777B8A0] -> IRP_MJ_CREATE -> 0x8BBD239F
3 [0x8BBD259E] -> ntkrnlpa!IofCallDriver[0x82C79458] -> [0x8777AA20]
\Driver\hpdskflt[0x86D6A680] -> IRP_MJ_CREATE -> 0x8C9A8FB0
5 [0x8C9A9090] -> ntkrnlpa!IofCallDriver[0x82C79458] -> \Device\Ide\IAAStorageDevice-1[0x86CC2028]
\Driver\iaStor[0x86D0CF38] -> IRP_MJ_CREATE -> 0x8BD2A954
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(33120)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2010-11-26 23:59:48
ComboFix-quarantined-files.txt 2010-11-26 22:59
ComboFix2.txt 2010-11-14 12:00
ComboFix3.txt 2010-11-13 11:19
ComboFix4.txt 2010-11-12 22:01
ComboFix5.txt 2010-11-26 21:25

Pre-Run: 132 366 684 160 bytes free
Post-Run: 132 083 236 864 bytes free

- - End Of File - - A4A515FA6E484CCF0C70116B0A9157DD

#4 Příspěvek od **Rudy** » 27 lis 2010 11:02

Problém patrně způsobuje TDSS rootkit. Udělejte sken MBR: http://www2.gmer.net/mbr/mbr.exe a dejte log.

rakato11 · #5 Příspěvek od **rakato11** » 27 lis 2010 12:57

Když jsem stáhnul MBR,uložil na plochu a následně spustil,probliklo na ploše nějaké okno,které ihned zmizelo a objevilo se toto.

Pak už se nic nedělo.

#6 Příspěvek od **Rudy** » 27 lis 2010 19:15

MBR nic nenašel. Zkusil bych BootkitRemover. Vzhledem k tomu, že máte Win7, se ale může stát, že nenastartujete systém. Pokud nemáte instal. DVD, nechci to riskovat. Udělejte sken GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 a dejte oba logy.

rakato11 · #7 Příspěvek od **rakato11** » 27 lis 2010 20:51

Zde je log-1

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-27 20:34:36
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FC4O
Running: gmer.exe; Driver: C:\Users\OTAKAR~1\AppData\Local\Temp\ufryapoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Log-2

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-27 20:50:26
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FC4O
Running: gmer.exe; Driver: C:\Users\OTAKAR~1\AppData\Local\Temp\ufryapoc.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C4E599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C72F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\windows\System32\Drivers\SafeBoot.sys Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92A2A000, 0x331A84, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[7252] ntdll.dll!LdrLoadDll 7723F625 5 Bytes JMP 011E13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[9856] USER32.dll!TrackPopupMenu 75A84B3B 5 Bytes JMP 5D3B5CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\WinRAR\WinRAR.exe[35388] @ C:\windows\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [75285E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\WinRAR\WinRAR.exe[35388] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\WinRAR\WinRAR.exe[35388] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\WinRAR\WinRAR.exe[35388] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\WinRAR\WinRAR.exe[35388] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\WinRAR\WinRAR.exe[35388] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\WinRAR\WinRAR.exe[35388] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\OTAKAR~1\AppData\Local\Temp\Rar$EX00.444\gmer.exe[35508] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\OTAKAR~1\AppData\Local\Temp\Rar$EX00.444\gmer.exe[35508] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\OTAKAR~1\AppData\Local\Temp\Rar$EX00.444\gmer.exe[35508] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\OTAKAR~1\AppData\Local\Temp\Rar$EX00.444\gmer.exe[35508] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\OTAKAR~1\AppData\Local\Temp\Rar$EX00.444\gmer.exe[35508] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\OTAKAR~1\AppData\Local\Temp\Rar$EX00.444\gmer.exe[35508] @ C:\windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000075 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00271361010a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00271361010a@001e3aba383a 0x35 0x42 0x3F 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00271361010a@a87e33d1697f 0x0B 0x9E 0x59 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00271361010a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00271361010a@001e3aba383a 0x35 0x42 0x3F 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00271361010a@a87e33d1697f 0x0B 0x9E 0x59 0x92 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\KONICA MINOLTA PagePro 1300W (kópia 2)@ChangeID 16091877

---- EOF - GMER 1.0.15 ----

#8 Příspěvek od **Rudy** » 27 lis 2010 20:55

Ani zde nic nevidím. Máte tedy instal. médium Win7?

rakato11 · #9 Příspěvek od **rakato11** » 27 lis 2010 21:30

Ano mám.Jen mi prosím poraďte přesně co mám udělat,ať něco nepomrvím.

#10 Příspěvek od **Rudy** » 27 lis 2010 22:07

Stáhněte BotkitRemover: http://www.esagelab.com/ . Rozbalte na plochu a spusťte. program proběhne velmi rychle. Stiskněte klávesu, okno se zavře a na ploše by měl být log. Jeho obsah sem vložte.

rakato11 · #11 Příspěvek od **rakato11** » 28 lis 2010 07:04

Dobrý den,tak jsem si stáhnul program,rozbalil na plochu a spustil.Počítač se mi akorát restartoval.Proto jem skusil program spustit ještě jednou,objevilo se mi okno a program začal scanovat.Když se ukončilo scanování,tak jsem tabulku mohl jen "vystřihnout",po jejím zavření se pravděpodobně data v tabulce vymazaly.Zkusil jsem ještě jeden scan a už mi zobrazilo jenom jednu položku.Tu jsem ale nevystřihnul,proto ji sem nemohu dát.

Jo,nyní vidím,že se mi tam zobrazila akorát ta poslední položka.Snad jsem vše provedl správně.

#12 Příspěvek od **Rudy** » 28 lis 2010 11:46

Tyto objekty nebezpečné nejsou. Buď máte v PC něco, co způsobuje sw konflikt, nebo poškozený systém. Co jste instaloval těsně před tím, než se problém objevil?

rakato11 · #13 Příspěvek od **rakato11** » 28 lis 2010 15:09

Už si přesně nemohu vzpomenout,po čem mi to začalo zamrzávat,je to přece jenom pár měsíců dozadu.Akorát si vzpomínám,že jsem jednou něco odinstalovával,ono mi to seklo a nešlo dokončit odinstalačku(stále se točilo takové kolečko,jako když nabíhá program,nebo co při Win7),musel jsem to natvrdo vypnout,neboť to šlo 2hod. a stále nic.V obchodě,kde jsem to kupoval,se prodávač informoval v HP centru a ti mu poradili přeinstalovat počítač,tak objednal DVD k tomuto notebooku,které mi přišly domů.Já jsem uvažoval,co bych udělal a napadlo mně vrátit systém na bod obnovy.Po tomto se počítač rozchodil,ale zamrzávání zůstalo.Ono to zamrzalo už před tou odinstalací.
Hovořil jsem se svým zetěm a on mi říkal,že jemu to také dělá,ale pouze na některých serverech(jako mi).Uvidím,co to bude dále dělat,možná že se už to umoudřilo.
Velmi pěkně Vám děkuji za ochotu mi pomoci.Vyzkouším to a kdyby byl problém,tak se ozvu.
Přeji příjemný zbytek víkendu.

#14 Příspěvek od **Rudy** » 28 lis 2010 19:58

Příjemný den i vám a nemáte zač!

VIRY.CZ

Zamrzání notebooku

Zamrzání notebooku

Re: Zamrzání notebooku

Re: Zamrzání notebooku

Re: Zamrzání notebooku

Re: Zamrzání notebooku

Re: Zamrzání notebooku

Re: Zamrzání notebooku

Re: Zamrzání notebooku

Re: Zamrzání notebooku

Re: Zamrzání notebooku

Re: Zamrzání notebooku

Re: Zamrzání notebooku

Re: Zamrzání notebooku

Re: Zamrzání notebooku