Prosím o kontrolu logu

Zpráva

WiQiX · #1 Příspěvek od **WiQiX** » 22 led 2011 18:08

V PC něco je, ale nevím co. Občas mi tu z ničeho nic vyskočí okno cmd.exe, ve kterém nic není a hned zmizí. Search&Desroy vždy něco najde (virtumonde - MSSMGR), ale není schopen to opravit (ukáže opraveno, ale je to tam pořád). Děkuji za odpovědi.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2011-01-22 18:03:17
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (17%) free of 15 GB
Total RAM: 1015 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:03:47, on 22. 1. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: eeectl.lnk = C:\Program Files\eeectl\eeectl.exe
O4 - Global Startup: SuperHybridEngine.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3095270406
O20 - Winlogon Notify: winkpb32 - winkpb32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4552 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-515967899-299502267-500Core.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-12-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-12-31 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-12-04 114688]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-12-17 622592]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ShowBatteryBar"=C:\Program Files\BatteryBar\ShowBatteryBar.exe [2009-05-28 90624]
"Infium"=C:\Program Files\QIP Infium\infium.exe [2011-01-12 6012800]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"ServiceLayer"=3
"ose"=3
"odserv"=3
"idsvc"=3

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
eeectl.lnk - C:\Program Files\eeectl\eeectl.exe
SuperHybridEngine.exe.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winkpb32]
C:\WINDOWS\system32\winkpb32.dll [2011-01-04 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-01-22 17:07:25 ----A---- C:\WINDOWS\ntbtlog.txt
2011-01-22 16:08:37 ----D---- C:\!KillBox
2011-01-21 18:29:46 ----SHD---- C:\FOUND.000
2011-01-21 00:51:04 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-01-21 00:51:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-01-19 09:37:15 ----A---- C:\Boot.bak
2011-01-19 09:37:12 ----RASHD---- C:\cmdcons
2011-01-19 09:35:58 ----A---- C:\WINDOWS\zip.exe
2011-01-19 09:35:58 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-01-19 09:35:58 ----A---- C:\WINDOWS\SWSC.exe
2011-01-19 09:35:58 ----A---- C:\WINDOWS\SWREG.exe
2011-01-19 09:35:58 ----A---- C:\WINDOWS\sed.exe
2011-01-19 09:35:58 ----A---- C:\WINDOWS\PEV.exe
2011-01-19 09:35:58 ----A---- C:\WINDOWS\NIRCMD.exe
2011-01-19 09:35:58 ----A---- C:\WINDOWS\MBR.exe
2011-01-19 09:35:58 ----A---- C:\WINDOWS\grep.exe
2011-01-19 09:35:50 ----SD---- C:\ComboFix
2011-01-19 09:34:29 ----D---- C:\WINDOWS\system32\NtmsData
2011-01-19 09:32:30 ----D---- C:\WINDOWS\ERDNT
2011-01-19 05:28:10 ----D---- C:\Avenger
2011-01-19 05:28:10 ----A---- C:\avenger.txt
2011-01-19 04:47:23 ----D---- C:\Qoobox
2011-01-19 04:27:18 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2011-01-19 04:23:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-01-19 04:17:08 ----D---- C:\rsit
2011-01-19 04:17:08 ----D---- C:\Program Files\trend micro
2011-01-18 20:21:58 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2011-01-18 20:21:18 ----D---- C:\Program Files\Firefox
2011-01-13 20:10:32 ----D---- C:\Program Files\CCleaner
2011-01-13 12:30:11 ----D---- C:\Program Files\Common Files\Windows Live
2011-01-13 12:28:03 ----D---- C:\Program Files\Microsoft Silverlight
2011-01-12 23:54:52 ----D---- C:\dd0a43284a3c5cadb1548a124981
2011-01-12 21:10:54 ----D---- C:\Config.Msi
2011-01-12 20:34:37 ----D---- C:\Program Files\MSXML 4.0
2011-01-11 23:57:35 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Nokia Ovi Suite
2011-01-11 23:57:33 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Nokia
2011-01-11 22:58:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nokia
2011-01-11 22:44:54 ----HD---- C:\WINDOWS\$NtUninstallWudf01009$
2011-01-11 22:44:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2011-01-11 22:44:36 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PC Suite
2011-01-11 22:38:59 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2011-01-11 22:38:55 ----HD---- C:\WINDOWS\$NtUninstallWdf01009$
2011-01-11 22:38:21 ----A---- C:\WINDOWS\system32\drivers\prodigy.sys
2011-01-11 22:37:31 ----D---- C:\Program Files\NSS
2011-01-11 22:37:12 ----D---- C:\Program Files\Common Files\Nokia
2011-01-11 22:35:05 ----D---- C:\Program Files\DIFX
2011-01-11 22:35:04 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2011-01-11 22:34:46 ----D---- C:\Program Files\PC Connectivity Solution
2011-01-11 22:34:02 ----A---- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2011-01-11 22:34:00 ----A---- C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2011-01-11 22:33:58 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2011-01-11 22:33:57 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2011-01-11 22:33:54 ----A---- C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011-01-11 22:33:52 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2011-01-11 22:33:52 ----A---- C:\WINDOWS\system32\drivers\ccdcmb.sys
2011-01-11 22:33:52 ----A---- C:\WINDOWS\system32\ccdcmbwu.dll
2011-01-11 22:29:29 ----A---- C:\WINDOWS\system32\drivers\usbser.sys
2011-01-11 22:29:01 ----D---- C:\Program Files\Nokia
2011-01-11 22:29:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache
2011-01-11 22:27:51 ----HD---- C:\WINDOWS\$NtUninstallWdf01005$
2011-01-11 21:51:33 ----A---- C:\WINDOWS\system32\drivers\seehcri.sys
2011-01-11 21:48:27 ----A---- C:\WINDOWS\system32\drivers\oreans32.sys
2011-01-11 20:29:46 ----D---- C:\Program Files\Sony Ericsson
2011-01-11 20:29:46 ----A---- C:\WINDOWS\system32\drivers\SS1018mdm.sys
2011-01-10 18:45:04 ----A---- C:\WINDOWS\system32\hidserv.dll
2011-01-10 18:44:58 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2011-01-10 18:44:51 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2011-01-08 12:21:22 ----D---- C:\Documents and Settings\Administrator\Data aplikací\vlc
2011-01-06 17:23:54 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-01-06 17:23:54 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-01-06 17:23:54 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-01-06 17:23:54 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-01-06 17:23:54 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-01-06 17:23:54 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-01-06 17:23:54 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-01-06 17:23:19 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-01-06 17:23:05 ----D---- C:\Program Files\Alwil Software
2011-01-06 17:23:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2011-01-06 07:19:44 ----HD---- C:\WINDOWS\PIF
2011-01-05 22:37:24 ----D---- C:\Program Files\Microsoft Works
2011-01-05 22:36:34 ----D---- C:\Program Files\Microsoft Visual Studio
2011-01-05 22:36:33 ----D---- C:\Program Files\Common Files\DESIGNER
2011-01-05 22:31:09 ----D---- C:\WINDOWS\SHELLNEW
2011-01-05 22:29:32 ----D---- C:\Program Files\Microsoft Office
2011-01-05 22:29:03 ----RHD---- C:\MSOCache
2011-01-05 22:25:00 ----A---- C:\WINDOWS\system32\wmpns.dll
2011-01-05 22:23:14 ----D---- C:\WINDOWS\Prefetch
2011-01-05 22:12:36 ----D---- C:\Program Files\Messenger
2011-01-05 22:12:35 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2011-01-05 22:12:35 ----N---- C:\WINDOWS\system32\comsdupd.exe
2011-01-05 22:12:34 ----N---- C:\WINDOWS\system32\smtpapi.dll
2011-01-05 22:12:34 ----N---- C:\WINDOWS\system32\rwnh.dll
2011-01-05 22:12:33 ----N---- C:\WINDOWS\system32\ati3duag.dll
2011-01-05 22:12:33 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2011-01-05 22:12:33 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2011-01-05 22:12:33 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2011-01-05 22:12:33 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2011-01-05 22:12:32 ----N---- C:\WINDOWS\system32\ieencode.dll
2011-01-05 22:12:32 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2011-01-05 22:12:32 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2011-01-05 22:12:32 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2011-01-05 22:12:31 ----N---- C:\WINDOWS\system32\s3gnb.dll
2011-01-05 22:12:31 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2011-01-05 22:12:31 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2011-01-05 22:12:31 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2011-01-05 22:12:30 ----N---- C:\WINDOWS\system32\slgen.dll
2011-01-05 22:12:30 ----N---- C:\WINDOWS\system32\slextspk.dll
2011-01-05 22:12:30 ----N---- C:\WINDOWS\system32\slcoinst.dll
2011-01-05 22:12:29 ----N---- C:\WINDOWS\system32\slrundll.exe
2011-01-05 22:11:59 ----N---- C:\WINDOWS\system32\slserv.exe
2011-01-05 22:11:58 ----N---- C:\WINDOWS\slrundll.exe
2011-01-05 22:11:57 ----D---- C:\WINDOWS\system32\bits
2011-01-05 22:01:20 ----D---- C:\WINDOWS\ServicePackFiles
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2011-01-05 22:01:16 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2011-01-05 22:01:15 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2011-01-05 22:01:15 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2011-01-05 22:01:15 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2011-01-05 22:01:15 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2011-01-05 22:01:15 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2011-01-05 22:01:15 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2011-01-05 22:01:15 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2011-01-05 22:01:14 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2011-01-05 22:01:14 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2011-01-05 22:01:14 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2011-01-05 22:01:14 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2011-01-05 22:01:14 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2011-01-05 22:01:14 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2011-01-05 22:01:14 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2011-01-05 22:01:13 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2011-01-05 22:01:13 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2011-01-05 22:01:13 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2011-01-05 22:01:13 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2011-01-05 22:01:13 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2011-01-05 22:01:13 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2011-01-05 22:01:13 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2011-01-05 22:01:13 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2011-01-05 22:01:13 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2011-01-05 22:01:13 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2011-01-05 22:01:13 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2011-01-05 22:01:12 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2011-01-05 22:01:12 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2011-01-05 22:01:12 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2011-01-05 22:01:12 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2011-01-05 22:01:12 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2011-01-05 22:01:12 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2011-01-05 22:01:12 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2011-01-05 22:01:12 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2011-01-05 22:01:11 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2011-01-05 22:01:11 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2011-01-05 22:01:11 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2011-01-05 22:01:11 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2011-01-05 22:01:08 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2011-01-05 22:01:08 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2011-01-05 22:01:08 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2011-01-05 22:01:08 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2011-01-05 22:01:07 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2011-01-05 22:01:07 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2011-01-05 22:01:07 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2011-01-05 22:01:07 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2011-01-05 22:01:07 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2011-01-05 22:01:07 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2011-01-05 22:01:07 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2011-01-05 22:01:06 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2011-01-05 22:01:06 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2011-01-05 22:01:06 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2011-01-05 22:01:06 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2011-01-05 22:01:06 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2011-01-05 22:01:06 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2011-01-05 22:01:06 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2011-01-05 22:01:06 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2011-01-05 22:01:06 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2011-01-05 22:01:06 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2011-01-05 22:01:05 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2011-01-05 22:01:05 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2011-01-05 22:01:05 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2011-01-05 22:01:05 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2011-01-05 22:01:05 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2011-01-05 22:01:05 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2011-01-05 21:59:50 ----A---- C:\WINDOWS\000001_.tmp
2011-01-05 21:27:21 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Help
2011-01-05 19:17:47 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
2011-01-05 19:17:41 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2011-01-05 19:17:39 ----D---- C:\Program Files\PDFCreator
2011-01-05 16:59:01 ----D---- C:\Program Files\QIP Infium
2011-01-04 17:12:58 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2011-01-04 16:59:51 ----A---- C:\WINDOWS\system32\winkpb32.dll
2011-01-04 15:10:22 ----AD---- C:\Program Files\kmin
2011-01-04 14:44:17 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ShurikSoft
2011-01-04 14:44:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-12-31 22:47:08 ----D---- C:\Program Files\Tina 7
2010-12-31 22:46:43 ----A---- C:\WINDOWS\IsUninst.exe
2010-12-31 00:56:41 ----D---- C:\WINDOWS\Sun
2010-12-31 00:56:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-12-31 00:56:34 ----D---- C:\Program Files\Common Files\Java
2010-12-31 00:56:21 ----A---- C:\WINDOWS\system32\javaws.exe
2010-12-31 00:56:21 ----A---- C:\WINDOWS\system32\javaw.exe
2010-12-31 00:56:21 ----A---- C:\WINDOWS\system32\java.exe
2010-12-31 00:56:21 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-12-31 00:55:31 ----D---- C:\Program Files\Java
2010-12-31 00:54:19 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Sun
2010-12-30 01:43:45 ----HD---- C:\77c280515c82abb89715960edb188c51
2010-12-29 23:57:09 ----D---- C:\Program Files\Microsoft.NET
2010-12-29 23:50:01 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-12-29 23:50:00 ----HD---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2010-12-29 22:45:47 ----D---- C:\WINDOWS\system32\WindowsPowerShell
2010-12-29 22:45:46 ----D---- C:\WINDOWS\system32\winrm
2010-12-29 22:45:43 ----HD---- C:\WINDOWS\$968930Uinstall_KB968930$
2010-12-29 22:31:55 ----HD---- C:\WINDOWS\$NtUninstallbasecsp$
2010-12-29 22:30:15 ----D---- C:\Program Files\Windows Desktop Search
2010-12-29 22:29:22 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-12-29 22:29:21 ----HD---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-12-29 22:28:51 ----D---- C:\Program Files\Windows Media Connect 2
2010-12-29 22:28:27 ----HD---- C:\WINDOWS\$NtUninstallwmp11$
2010-12-29 22:27:15 ----HD---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-12-29 22:26:36 ----D---- C:\WINDOWS\system32\LogFiles
2010-12-29 22:26:36 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-12-29 22:26:33 ----HD---- C:\WINDOWS\$NtUninstallWudf01000$
2010-12-29 22:23:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2010-12-29 22:22:48 ----D---- C:\WINDOWS\system32\URTTEMP
2010-12-27 16:07:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-12-25 18:12:45 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Foxit Software
2010-12-25 18:11:42 ----D---- C:\Program Files\Foxit Reader
2010-12-23 23:23:07 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-12-23 23:23:07 ----A---- C:\WINDOWS\system32\mucltui.dll

======List of files/folders modified in the last 1 months======

2011-01-21 02:25:08 ----ASH---- C:\boot.ini
2011-01-21 02:17:44 ----A---- C:\WINDOWS\win.ini
2011-01-21 02:17:44 ----A---- C:\WINDOWS\system.ini
2011-01-19 09:36:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-04 17:20:14 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-05 546976]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 dciiodrv;dciiodrv; \??\C:\WINDOWS\system32\drivers\dciiodrv.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-17 4747776]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2011-01-11 27632]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S0 uxxfdjcn;uxxfdjcn; C:\WINDOWS\System32\drivers\jtnoexo.sys []
S0 wdxhgv;wdxhgv; C:\WINDOWS\System32\drivers\mhou.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2002-04-03 18102]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2002-04-03 49457]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SS1018mdm;Sony Ericsson Mobile Device Full USB Driver; C:\WINDOWS\system32\DRIVERS\SS1018mdm.sys [2008-10-16 58536]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-12-31 153376]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 22 led 2011 18:37

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

WiQiX · #3 Příspěvek od **WiQiX** » 22 led 2011 21:33

Tak log z Combofixu se mi nepodařilo vytvořit. Combofix nejdříve hlásí, že je spušťěn antivir MSE, který ani nemám nainstalovaný (jen avast a ten byl při testu vypnutý), pak nahlásil, že chybí konzola zotavení a nainstaloval ji tedy, ale při testu se vždy uplně zasekne PC a jde jen reset a pak tam chkdsk opravuje hromadu problémů. Zkoušeno několikrát, vždy stejný výsledek. Nemůže to být kvůli SSD disku? Je to teda "SSD" disk v EEE 900A.

#4 Příspěvek od **Rudy** » 22 led 2011 21:53

Tu konzolu jste instalovat nemusel. Pokud nemáte MSE nainstalován, hlášku ignorujte a zkuste CF spustit v nouz. režimu.

WiQiX · #5 Příspěvek od **WiQiX** » 22 led 2011 23:26

V nouzovém režimu to dělá to samé, už to jen nechce instalovat tu konzolu. Stále hlásí MSE a po chvíli se to celé sekne. Upozorňuje to, že to trvá 10 minut i déle a pod tím bliká kurzor, jinak nic. Ale i ten kurzor se časem zasekne a už s tím nejde vůbec nic. Je možné udělat log z něčeh jiného?

#6 Příspěvek od **Rudy** » 23 led 2011 11:14

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

WiQiX · #7 Příspěvek od **WiQiX** » 23 led 2011 12:25

Našlo to to samé jako S&D.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5576

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23. 1. 2011 12:24:40
mbam-log-2011-01-23 (12-24-33).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 160338
Uplynulý čas: 19 minut, 15 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

#8 Příspěvek od **Rudy** » 23 led 2011 12:30

Položku smažte, to je ten trojan. Jinak je log čistý.

WiQiX · #9 Příspěvek od **WiQiX** » 23 led 2011 14:03

Bohužel položka se tam vždy opět vytvoří znova. Už jsem to mazal mockrát v Search&Destroy a i v MBAM, ale vždy je to tam po chvíli znova. Dokonce i když otevřu regedit tam po smazání tam zmizí klíč MSSMGR, ale za pár minut je zpátky. Netuším co to tam pořád vytváří.

#10 Příspěvek od **Rudy** » 23 led 2011 17:11

Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

WiQiX · #11 Příspěvek od **WiQiX** » 23 led 2011 20:54

Během testu tam vyskočili dva soubory, že jsou chráněny heslem. Jeden "něco".reg, druhý "něco s registrem".ini přesný název ani cestu jsem si nestihl poznamenat. MSSMGR se stále vytváří.

Automatická kontrola: dokončeno před 4 min. (události: 2, objekty: 123693, čas: 00:35:48)
23. 1. 2011 20:10:19 Úloha byla spuštěna
23. 1. 2011 20:46:08 Úloha byla dokončena

#12 Příspěvek od **Rudy** » 23 led 2011 20:56

Zkuste ještě jednou ten ComboFix s tím, že soubor přejmenujete třeba na cokoli.com .

WiQiX · #13 Příspěvek od **WiQiX** » 23 led 2011 23:21

Combofix i po přejmenování na vvvv.com nic nedělá (opět reset). Ale během řešení problému jsem měl otevřený regedit a celý klíč MSSMGR mazal hned jak se objevil. Nyní už se neobjevuje, netuším, co přesně tomu pomohlo.

Děkuji za spolupráci, další problémy to nehlásí a tak už tu snad nic není.

#14 Příspěvek od **Rudy** » 24 led 2011 19:01

OK. Jen by mne zajímalo, co tak vehementně brání spuštění CF. Nemáte zač!

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu