Prosím o kontrolu logu. zamrzá mi nouťas a vrací mě to zpět při prohlížení internetu - dělá to ve všech prohlížečích (mozilla, seamonkey)
Předem moc děkuji
log:
"Logfile of random's system information tool 1.08 (written by random/random)
Run by Erika at 2011-01-26 08:09:12
Microsoft Windows 7 Home Premium
System drive C: has 159 GB (82%) free of 193 GB
Total RAM: 1788 MB (46% free)
======Scheduled tasks folder======
C:\windows\tasks\Norton Security Scan for Erika.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-27 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-03 98304]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [2010-03-10 496184]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-19 307768]
"UCam_Menu"=C:\Program Files\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"YouCam Mirror Tray icon"=C:\Program Files\Lenovo\YouCam\YouCamTray.exe [2009-12-22 167008]
"UpdateP2GShortCut"=C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"EnergyUtility"=C:\Program Files\Lenovo\Energy Management\utility.exe [2009-12-17 4114368]
"Energy Management"=C:\Program Files\Lenovo\Energy Management\Energy Management.exe [2009-12-17 6223808]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-11-30 74752]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-09-02 672632]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2011-01-26 08:05:42 ----D---- C:\Program Files\trend micro
2011-01-26 08:05:41 ----D---- C:\rsit
2011-01-26 00:19:26 ----D---- C:\Users\Erika\AppData\Roaming\Malwarebytes
2011-01-26 00:19:19 ----A---- C:\windows\system32\drivers\mbamswissarmy.sys
2011-01-26 00:19:18 ----D---- C:\ProgramData\Malwarebytes
2011-01-26 00:19:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-26 00:19:14 ----A---- C:\windows\system32\drivers\mbam.sys
2011-01-25 23:30:51 ----D---- C:\Program Files\CCleaner
2011-01-25 11:28:15 ----A---- C:\Bug.txt
2011-01-25 11:27:59 ----D---- C:\32788R22FWJFW
2011-01-19 17:36:17 ----A---- C:\windows\system32\xactengine2_9.dll
2011-01-19 17:36:17 ----A---- C:\windows\system32\d3dx10_35.dll
2011-01-19 17:36:17 ----A---- C:\windows\system32\D3DCompiler_35.dll
2011-01-19 17:36:16 ----A---- C:\windows\system32\xactengine2_8.dll
2011-01-19 17:36:16 ----A---- C:\windows\system32\x3daudio1_2.dll
2011-01-19 17:36:16 ----A---- C:\windows\system32\d3dx10_34.dll
2011-01-19 17:36:15 ----A---- C:\windows\system32\d3dx9_34.dll
2011-01-19 17:36:15 ----A---- C:\windows\system32\D3DCompiler_34.dll
2011-01-19 17:34:31 ----A---- C:\windows\ka.ini
2011-01-19 09:11:06 ----A---- C:\windows\system32\drivers\aswFsBlk.sys
2011-01-19 09:11:05 ----A---- C:\windows\system32\drivers\aswSP.sys
2011-01-19 09:11:03 ----A---- C:\windows\system32\drivers\aswRdr.sys
2011-01-19 09:11:02 ----A---- C:\windows\system32\drivers\aswTdi.sys
2011-01-19 09:11:00 ----A---- C:\windows\system32\drivers\aswMonFlt.sys
2011-01-19 09:10:40 ----A---- C:\windows\system32\aswBoot.exe
2011-01-18 13:49:43 ----D---- C:\Program Files\Barbie(TM) Dobrodruzstvi s konmi(TM)
2011-01-18 13:49:06 ----D---- C:\Users\Erika\AppData\Roaming\InstallShield
2011-01-11 20:33:02 ----A---- C:\windows\system32\d3d10warp.dll
2011-01-11 20:33:01 ----A---- C:\windows\system32\DWrite.dll
2011-01-11 20:33:01 ----A---- C:\windows\system32\d2d1.dll
2011-01-11 20:33:00 ----A---- C:\windows\system32\XpsPrint.dll
2011-01-11 20:33:00 ----A---- C:\windows\system32\mf.dll
2011-01-11 20:33:00 ----A---- C:\windows\system32\FntCache.dll
2011-01-11 20:32:59 ----A---- C:\windows\system32\XpsGdiConverter.dll
2011-01-11 20:32:59 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-01-11 20:32:58 ----A---- C:\windows\system32\WMVDECOD.DLL
2011-01-11 20:32:57 ----A---- C:\windows\system32\mfreadwrite.dll
2011-01-11 20:32:57 ----A---- C:\windows\system32\ExplorerFrame.dll
2011-01-11 20:32:57 ----A---- C:\windows\system32\d3d10_1core.dll
2011-01-11 20:32:57 ----A---- C:\windows\system32\cdd.dll
2011-01-11 20:32:56 ----A---- C:\windows\system32\XpsRasterService.dll
2011-01-11 20:32:56 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-01-11 20:32:56 ----A---- C:\windows\system32\d3d10_1.dll
2011-01-11 20:32:02 ----A---- C:\windows\system32\odbc32.dll
======List of files/folders modified in the last 1 months======
2011-01-26 08:09:19 ----A---- C:\windows\red_dialer.ini
2011-01-26 08:09:14 ----D---- C:\windows\Temp
2011-01-26 08:06:02 ----D---- C:\windows\Prefetch
2011-01-26 08:05:42 ----D---- C:\Program Files
2011-01-26 08:02:21 ----D---- C:\windows\system32\config
2011-01-26 08:01:23 ----D---- C:\Users\Erika\AppData\Roaming\Skype
2011-01-26 07:53:26 ----D---- C:\windows\tracing
2011-01-26 05:48:36 ----D---- C:\Program Files\Ufonuv fofr internet
2011-01-26 00:19:19 ----D---- C:\windows\system32\drivers
2011-01-26 00:19:18 ----HD---- C:\ProgramData
2011-01-25 23:47:26 ----D---- C:\Windows
2011-01-25 23:32:35 ----D---- C:\Users\Erika\AppData\Roaming\Winamp
2011-01-25 23:32:35 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-01-25 23:32:21 ----D---- C:\windows\Minidump
2011-01-25 23:32:21 ----D---- C:\windows\debug
2011-01-25 23:12:07 ----D---- C:\windows\system32\Tasks
2011-01-25 13:16:42 ----SHD---- C:\System Volume Information
2011-01-25 11:36:13 ----D---- C:\windows\Tasks
2011-01-25 11:36:13 ----D---- C:\windows\system32\wfp
2011-01-25 11:36:11 ----D---- C:\windows\system32\wbem
2011-01-25 11:35:20 ----D---- C:\windows\system32\NDF
2011-01-25 11:35:20 ----D---- C:\windows\system32\DriverStore
2011-01-25 11:35:20 ----D---- C:\windows\system32\drivers\etc
2011-01-25 11:35:20 ----D---- C:\windows\system32\catroot2
2011-01-25 11:35:20 ----D---- C:\windows\System32
2011-01-25 11:35:18 ----D---- C:\windows\inf
2011-01-25 11:35:18 ----D---- C:\windows\AppCompat
2011-01-25 11:35:12 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-25 11:35:12 ----D---- C:\Program Files\Stabenfeldt
2011-01-25 11:35:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-01-25 11:35:12 ----D---- C:\Program Files\Common Files\InstallShield
2011-01-25 11:35:10 ----D---- C:\windows\registration
2011-01-21 20:01:45 ----D---- C:\Program Files\SeaMonkey
2011-01-19 17:36:10 ----RSD---- C:\windows\assembly
2011-01-19 09:10:58 ----SHD---- C:\windows\Installer
2011-01-19 09:10:36 ----D---- C:\ProgramData\Alwil Software
2011-01-19 03:17:01 ----D---- C:\ProgramData\Symantec
2011-01-19 03:17:01 ----D---- C:\ProgramData\Norton
2011-01-19 03:16:50 ----D---- C:\Program Files\Java
2011-01-19 03:13:56 ----D---- C:\windows\system32\LogFiles
2011-01-18 22:30:59 ----D---- C:\Program Files\Norton Security Scan
2011-01-18 22:30:58 ----D---- C:\windows\system32\drivers\NSS
2011-01-16 16:27:50 ----D---- C:\ProgramData\NortonInstaller
2011-01-14 18:57:22 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-01-12 15:47:23 ----D---- C:\windows\system32\catroot
2011-01-12 15:47:20 ----D---- C:\windows\winsxs
2011-01-11 23:34:44 ----A---- C:\windows\system32\MRT.exe
2011-01-02 19:52:29 ----D---- C:\Users\Erika\AppData\Roaming\skypePM
2011-01-02 19:22:36 ----D---- C:\Program Files\Lenovo
2010-12-29 08:48:48 ----A---- C:\windows\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\windows\system32\DRIVERS\AtiPcie.sys [2009-08-23 14392]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2009-09-03 21256]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\windows\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 5340160]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 152064]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\windows\system32\DRIVERS\Apfiltr.sys [2009-09-14 217136]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl6.sys [2010-02-02 2707448]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT32.sys [2010-01-18 514104]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
R3 usbfilter;AMD USB Filter Driver; C:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
R3 usbsmi;Lenovo EasyCamera; C:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
R3 wdmirror;wdmirror; C:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 Bridge0;Bridge0; C:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-08-29 86056]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2009-08-29 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-08-29 18472]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-03-12 189984]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys [2008-08-06 128104]
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2010-03-03 172032]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2009-09-04 595232]
R2 LexBceS;LexBce Server; C:\windows\System32\LEXBCES.EXE [2004-01-14 311296]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter; C:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 IGRS;IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2009-11-17 575304]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PS_MDP;ReadyComm Presentation Space Helper Service; C:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-07-23 1343400]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu - podezření na vir
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu - podezření na vir
Je tu někdo? mám podezření na nějaký trojan.win32. Když jsem znova scanovala pc tak jsem si toho souboru všimla, ale čistič advaced system care se na něm nezastavil.
Monoera
Re: Prosím o kontrolu logu - podezření na vir
Zdravim a pekny den preji 
Uvedomte si prosim, ze jste na foru, ktere funguje na bazi dobrovolnosti, radci jsou tu zadarmo ve svem VOLNEM case, Vas dotaz tu neni ani tri hodiny a Vy uz jste nervozni. Jelikoz jste dala dotaz dopoledne a vetsina z radcu ma pracovni\studijni povinnosti, tak se nemuzete divit, ze Vam hned nekdo neodpovi
Pokud potrebujete urgentni pomoc, mela jste se obratit na specializovane servisy, kde jsou odbornici placeni a resi problemy ihned 
Navic kdyz si sama odpovidate, tak se muze stat, ze Vas thread zanikne, jelikoz radci hledaji temata bez odpovedi
Vidim nainstalovany MBAM, delala jste sken, nasel neco 
Advance system care odinstalujte - je to cinsky smejd, ukradnuta databaze haveti, dela spise skodu nez uzitek - tot fakta a zkusenosti Radcu
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Uvedomte si prosim, ze jste na foru, ktere funguje na bazi dobrovolnosti, radci jsou tu zadarmo ve svem VOLNEM case, Vas dotaz tu neni ani tri hodiny a Vy uz jste nervozni. Jelikoz jste dala dotaz dopoledne a vetsina z radcu ma pracovni\studijni povinnosti, tak se nemuzete divit, ze Vam hned nekdo neodpovi Pokud potrebujete urgentni pomoc, mela jste se obratit na specializovane servisy, kde jsou odbornici placeni a resi problemy ihned Navic kdyz si sama odpovidate, tak se muze stat, ze Vas thread zanikne, jelikoz radci hledaji temata bez odpovedi Vidim nainstalovany MBAM, delala jste sken, nasel neco Advance system care odinstalujte - je to cinsky smejd, ukradnuta databaze haveti, dela spise skodu nez uzitek - tot fakta a zkusenosti RadcuPROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu - podezření na vir
Ja vam moc dekuji, ale nebyla jsem si jista, zda ten muj prispevek je zde videt, podarilo se mi ho sem umistit snad zazrakem. Combofix jsem stihla stahnout ale ted uz jsem na ceste do prace, tak o zbytek se pokusim v noci az se vratim. (mobilni internet mam nastesti taky). Moc dekuji a nezlobte se, ja to nechtela uspechat, to byla jen kontrola ze to tady vubec je. M.
Monoera
Re: Prosím o kontrolu logu - podezření na vir
Ja taktez odjizdim na nocni, budu tu v prubehu noci a pak nekdy kolem druhe rano...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu - podezření na vir
tak jsem zde MBAM netuším co by mohlo být (bohužel) a scan s combofixem vkládám níže.ComboFix 11-01-25.03 - Erika 26.01.2011 22:10:41.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.1788.779 [GMT 1:00]
Spuštěný z: d:\dokumenty d\Programy stáhnuté - všechny\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\s.bat
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-26 do 2011-01-26 )))))))))))))))))))))))))))))))
.
2011-01-26 21:28 . 2011-01-26 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-26 10:02 . 2011-01-26 15:30 -------- d-----w- c:\users\Erika\AppData\Roaming\IObit
2011-01-26 10:02 . 2011-01-26 10:02 -------- d-----w- c:\program files\IObit
2011-01-26 07:05 . 2011-01-26 11:14 -------- d-----w- c:\program files\trend micro
2011-01-26 07:05 . 2011-01-26 07:09 -------- d-----w- C:\rsit
2011-01-25 23:19 . 2011-01-25 23:19 -------- d-----w- c:\users\Erika\AppData\Roaming\Malwarebytes
2011-01-25 23:19 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-25 23:19 . 2011-01-25 23:19 -------- d-----w- c:\programdata\Malwarebytes
2011-01-25 23:19 . 2011-01-25 23:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-25 23:19 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 22:30 . 2011-01-25 22:30 -------- d-----w- c:\program files\CCleaner
2011-01-25 11:55 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{335E8750-1844-4EC1-B9BB-0A04DFEF60E6}\mpengine.dll
2011-01-21 13:25 . 2011-01-21 13:25 -------- d-----w- c:\users\Public\CyberLink
2011-01-19 16:36 . 2007-07-19 23:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2011-01-19 16:36 . 2007-07-19 17:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-01-19 16:36 . 2007-07-19 17:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2011-01-19 16:36 . 2007-07-19 23:54 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll
2011-01-19 16:36 . 2007-06-20 19:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2011-01-19 16:36 . 2007-05-16 15:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2011-01-19 16:36 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-01-19 16:36 . 2007-05-16 15:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2011-01-19 08:11 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-19 08:11 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-19 08:11 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-19 08:11 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-19 08:11 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-19 08:10 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-19 08:10 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-18 12:49 . 2011-01-25 10:35 -------- d-----w- c:\program files\Barbie(TM) Dobrodruzstvi s konmi(TM)
2011-01-18 12:49 . 2011-01-18 12:49 -------- d-----w- c:\users\Erika\AppData\Roaming\InstallShield
2011-01-16 15:28 . 2011-01-19 02:17 -------- d-----w- c:\windows\system32\drivers\NSS\0300010.008
2011-01-11 19:33 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-11 19:33 . 2010-11-02 04:35 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-01-11 19:33 . 2010-11-02 04:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-01-11 19:33 . 2010-11-02 04:41 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-11 19:33 . 2010-11-02 04:36 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-01-11 19:33 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 06:04 . 2010-11-27 07:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-01-20 06:11 . 2010-11-24 15:42 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-01-20 06:11 . 2010-11-24 15:41 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-15 05:37 . 2010-11-27 07:16 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-11-04 05:52 . 2010-12-16 04:23 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-16 04:23 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-16 04:23 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-16 04:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-16 04:22 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-16 04:22 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-16 04:22 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-16 04:22 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-16 04:22 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-16 04:22 179712 ----a-w- c:\windows\system32\schtasks.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-09-02 672632]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-10 496184]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"UCam_Menu"="c:\program files\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\Lenovo\YouCam\YouCamTray.exe" [2009-12-22 167008]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-12-17 4114368]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6223808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-11-30 74752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 779600]
c:\users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-9-4 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-11-17 575304]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 189984]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-22 1343400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 172032]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-09-03 21256]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 5340160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 152064]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Obsah adresáře 'Naplánované úlohy'
2011-01-26 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2011-01-26 15:19]
2011-01-21 c:\windows\Tasks\Norton Security Scan for Erika.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-25 09:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\hpjsn837.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=sm&tb_ver=1.1.6&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: 602XML Filler: xmlfiller@software602.cz - c:\program files\Mozilla Firefox\extensions\xmlfiller@software602.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-Locked - (no file)
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-26 22:48:20
ComboFix-quarantined-files.txt 2011-01-26 21:48
Před spuštěním: Volných bajtů: 167 519 862 784
Po spuštění: Volných bajtů: 167 181 770 752
- - End Of File - - 2DE50C5EB6FC81BBEA6C8A7A5A7F774C
Monoera
Re: Prosím o kontrolu logu - podezření na vir
MBAM = Malwarebytes' Anti-Malware - mate jej nainstalovany, delala jste s nim sken Veci od IOBit (Advance System Care) jste odinstalovala "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu - podezření na vir
Anti malwarem jsem to projížděla, nenašel nic a ten advaced system care jsem odinstalovala. (teda ještě to zkontroluju)
Monoera
Re: Prosím o kontrolu logu - podezření na vir
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: RegLock:: [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] DDS:: uStart Page = hxxp://start.icq.com/sm Firefox:: FF - ProfilePath - c:\users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\hpjsn837.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query= FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.6&q= File:: c:\windows\Tasks\AWC Startup.job c:\windows\Tasks\Norton Security Scan for Erika.job Folder:: c:\program files\IObit c:\users\Erika\AppData\Roaming\IObit c:\program files\Norton Security Scan Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=- "WinampAgent"=- "Adobe Reader Speed Launcher"=- "Adobe ARM"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaOviSuite2"=- "SpybotSD TeaTimer"=- Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu - podezření na vir
Po uvedeném postupu dávám log.
ComboFix 11-01-25.03 - Erika 27.01.2011 8:08.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.1788.1028 [GMT 1:00]
Spuštěný z: d:\dokumenty d\Programy stáhnuté - všechny\ComboFix.exe
Použité ovládací přepínače :: c:\users\Erika\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\windows\Tasks\AWC Startup.job"
"c:\windows\Tasks\Norton Security Scan for Erika.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\IObit
c:\program files\IObit\Advanced SystemCare 3\License.dat
c:\program files\IObit\Advanced SystemCare 3\Sut_SoftUninstal.exe
c:\program files\Norton Security Scan
c:\program files\Norton Security Scan\Engine\2.7.3.34\BilBDRes.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\ccL80U.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\ccScanw.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\ccVrTrst.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\dec_abi.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\DefLoad.exe
c:\program files\Norton Security Scan\Engine\2.7.3.34\DefUtDCD.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\diLueCbk.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\ecmldr32.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\HeartBt.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\Instwrap.exe
c:\program files\Norton Security Scan\Engine\2.7.3.34\Microsoft.VC80.CRT.manifest
c:\program files\Norton Security Scan\Engine\2.7.3.34\msl.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\msvcp80.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\msvcr80.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe
c:\program files\Norton Security Scan\Engine\2.7.3.34\patch25d.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\PrdDtRes.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\RevList.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\RptCdRes.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\SAUpdt.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\ScanCore.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\ScanRes.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\ScanText.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\SKUCfg.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\SKURes.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\symbos.exe
c:\program files\Norton Security Scan\Engine\2.7.3.34\SymCCIS.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\SymCCISE.exe
c:\program files\Norton Security Scan\Engine\2.7.3.34\SymHTML.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\SymInstallStub.exe
c:\program files\Norton Security Scan\Engine\3.0.1.8\{2A85E335-7417-424d-AD89-31DED1689794}.dat
c:\program files\Norton Security Scan\Engine\3.0.1.8\{71B3DD3A-BC1F-40cc-A74F-C0C30DFCE7D5}.dat
c:\program files\Norton Security Scan\Engine\3.0.1.8\{F8D07955-00ED-4093-88AA-0A0F69AFD83C}.dat
c:\program files\Norton Security Scan\Engine\3.0.1.8\help.htm
c:\program files\Norton Security Scan\Engine\3.0.1.8\ReputationCacheDB.db
c:\program files\Norton Security Scan\isolate.ini
c:\users\Erika\AppData\Roaming\IObit
c:\users\Erika\AppData\Roaming\IObit\Advanced SystemCare\Backup.ini
c:\users\Erika\AppData\Roaming\IObit\Advanced SystemCare\Backup\rugbcc.reg
c:\users\Erika\AppData\Roaming\IObit\Advanced SystemCare\Backup\vjmflm.reg
c:\users\Erika\AppData\Roaming\IObit\Advanced SystemCare\Backup\vphhkw.reg
c:\users\Erika\AppData\Roaming\IObit\Advanced SystemCare\Fav.ico
c:\users\Erika\AppData\Roaming\IObit\Advanced SystemCare\Ignore.ini
c:\users\Erika\AppData\Roaming\IObit\Advanced SystemCare\Main.ini
c:\users\Erika\AppData\Roaming\IObit\SmartRAM\SmartRAM.ini
c:\windows\Tasks\Norton Security Scan for Erika.job
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-27 do 2011-01-27 )))))))))))))))))))))))))))))))
.
2011-01-27 07:20 . 2011-01-27 07:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-26 07:05 . 2011-01-26 11:14 -------- d-----w- c:\program files\trend micro
2011-01-26 07:05 . 2011-01-26 07:09 -------- d-----w- C:\rsit
2011-01-25 23:19 . 2011-01-25 23:19 -------- d-----w- c:\users\Erika\AppData\Roaming\Malwarebytes
2011-01-25 23:19 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-25 23:19 . 2011-01-25 23:19 -------- d-----w- c:\programdata\Malwarebytes
2011-01-25 23:19 . 2011-01-25 23:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-25 23:19 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 22:30 . 2011-01-25 22:30 -------- d-----w- c:\program files\CCleaner
2011-01-25 11:55 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{335E8750-1844-4EC1-B9BB-0A04DFEF60E6}\mpengine.dll
2011-01-21 13:25 . 2011-01-21 13:25 -------- d-----w- c:\users\Public\CyberLink
2011-01-19 16:36 . 2007-07-19 23:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2011-01-19 16:36 . 2007-07-19 17:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-01-19 16:36 . 2007-07-19 17:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2011-01-19 16:36 . 2007-07-19 23:54 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll
2011-01-19 16:36 . 2007-06-20 19:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2011-01-19 16:36 . 2007-05-16 15:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2011-01-19 16:36 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-01-19 16:36 . 2007-05-16 15:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2011-01-19 08:11 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-19 08:11 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-19 08:11 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-19 08:11 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-19 08:11 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-19 08:10 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-19 08:10 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-18 12:49 . 2011-01-25 10:35 -------- d-----w- c:\program files\Barbie(TM) Dobrodruzstvi s konmi(TM)
2011-01-18 12:49 . 2011-01-18 12:49 -------- d-----w- c:\users\Erika\AppData\Roaming\InstallShield
2011-01-16 15:28 . 2011-01-19 02:17 -------- d-----w- c:\windows\system32\drivers\NSS\0300010.008
2011-01-11 19:33 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-11 19:33 . 2010-11-02 04:35 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-01-11 19:33 . 2010-11-02 04:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-01-11 19:33 . 2010-11-02 04:41 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-11 19:33 . 2010-11-02 04:36 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-01-11 19:33 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 06:04 . 2010-11-27 07:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-01-20 06:11 . 2010-11-24 15:42 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-01-20 06:11 . 2010-11-24 15:41 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-15 05:37 . 2010-11-27 07:16 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-11-04 05:52 . 2010-12-16 04:23 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-16 04:23 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-16 04:23 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-16 04:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-16 04:22 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-16 04:22 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-16 04:22 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-16 04:22 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-16 04:22 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-16 04:22 179712 ----a-w- c:\windows\system32\schtasks.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-10 496184]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"UCam_Menu"="c:\program files\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\Lenovo\YouCam\YouCamTray.exe" [2009-12-22 167008]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-12-17 4114368]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6223808]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 779600]
c:\users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-9-4 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-11-17 575304]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 189984]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-22 1343400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 172032]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-09-03 21256]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 5340160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 152064]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\hpjsn837.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: network.proxy.type - 4
FF - Ext: 602XML Filler: xmlfiller@software602.cz - c:\program files\Mozilla Firefox\extensions\xmlfiller@software602.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-NSS - c:\program files\Norton Security Scan\Engine\2.7.3.34\InstWrap.exe
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(4088)
c:\program files\Lenovo\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\windows\system32\taskhost.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Lenovo\Bluetooth Software\btwdins.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-01-27 08:27:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-27 07:27
ComboFix2.txt 2011-01-26 21:48
Před spuštěním: Volných bajtů: 165 871 788 032
Po spuštění: Volných bajtů: 165 814 788 096
- - End Of File - - 4E263AB301E097180F11477649BD8916
ComboFix 11-01-25.03 - Erika 27.01.2011 8:08.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.1788.1028 [GMT 1:00]
Spuštěný z: d:\dokumenty d\Programy stáhnuté - všechny\ComboFix.exe
Použité ovládací přepínače :: c:\users\Erika\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\windows\Tasks\AWC Startup.job"
"c:\windows\Tasks\Norton Security Scan for Erika.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\IObit
c:\program files\IObit\Advanced SystemCare 3\License.dat
c:\program files\IObit\Advanced SystemCare 3\Sut_SoftUninstal.exe
c:\program files\Norton Security Scan
c:\program files\Norton Security Scan\Engine\2.7.3.34\BilBDRes.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\ccL80U.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\ccScanw.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\ccVrTrst.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\dec_abi.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\DefLoad.exe
c:\program files\Norton Security Scan\Engine\2.7.3.34\DefUtDCD.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\diLueCbk.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\ecmldr32.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\HeartBt.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\Instwrap.exe
c:\program files\Norton Security Scan\Engine\2.7.3.34\Microsoft.VC80.CRT.manifest
c:\program files\Norton Security Scan\Engine\2.7.3.34\msl.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\msvcp80.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\msvcr80.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe
c:\program files\Norton Security Scan\Engine\2.7.3.34\patch25d.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\PrdDtRes.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\RevList.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\RptCdRes.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\SAUpdt.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\ScanCore.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\ScanRes.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\ScanText.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\SKUCfg.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\SKURes.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\symbos.exe
c:\program files\Norton Security Scan\Engine\2.7.3.34\SymCCIS.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\SymCCISE.exe
c:\program files\Norton Security Scan\Engine\2.7.3.34\SymHTML.dll
c:\program files\Norton Security Scan\Engine\2.7.3.34\SymInstallStub.exe
c:\program files\Norton Security Scan\Engine\3.0.1.8\{2A85E335-7417-424d-AD89-31DED1689794}.dat
c:\program files\Norton Security Scan\Engine\3.0.1.8\{71B3DD3A-BC1F-40cc-A74F-C0C30DFCE7D5}.dat
c:\program files\Norton Security Scan\Engine\3.0.1.8\{F8D07955-00ED-4093-88AA-0A0F69AFD83C}.dat
c:\program files\Norton Security Scan\Engine\3.0.1.8\help.htm
c:\program files\Norton Security Scan\Engine\3.0.1.8\ReputationCacheDB.db
c:\program files\Norton Security Scan\isolate.ini
c:\users\Erika\AppData\Roaming\IObit
c:\users\Erika\AppData\Roaming\IObit\Advanced SystemCare\Backup.ini
c:\users\Erika\AppData\Roaming\IObit\Advanced SystemCare\Backup\rugbcc.reg
c:\users\Erika\AppData\Roaming\IObit\Advanced SystemCare\Backup\vjmflm.reg
c:\users\Erika\AppData\Roaming\IObit\Advanced SystemCare\Backup\vphhkw.reg
c:\users\Erika\AppData\Roaming\IObit\Advanced SystemCare\Fav.ico
c:\users\Erika\AppData\Roaming\IObit\Advanced SystemCare\Ignore.ini
c:\users\Erika\AppData\Roaming\IObit\Advanced SystemCare\Main.ini
c:\users\Erika\AppData\Roaming\IObit\SmartRAM\SmartRAM.ini
c:\windows\Tasks\Norton Security Scan for Erika.job
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-27 do 2011-01-27 )))))))))))))))))))))))))))))))
.
2011-01-27 07:20 . 2011-01-27 07:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-26 07:05 . 2011-01-26 11:14 -------- d-----w- c:\program files\trend micro
2011-01-26 07:05 . 2011-01-26 07:09 -------- d-----w- C:\rsit
2011-01-25 23:19 . 2011-01-25 23:19 -------- d-----w- c:\users\Erika\AppData\Roaming\Malwarebytes
2011-01-25 23:19 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-25 23:19 . 2011-01-25 23:19 -------- d-----w- c:\programdata\Malwarebytes
2011-01-25 23:19 . 2011-01-25 23:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-25 23:19 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 22:30 . 2011-01-25 22:30 -------- d-----w- c:\program files\CCleaner
2011-01-25 11:55 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{335E8750-1844-4EC1-B9BB-0A04DFEF60E6}\mpengine.dll
2011-01-21 13:25 . 2011-01-21 13:25 -------- d-----w- c:\users\Public\CyberLink
2011-01-19 16:36 . 2007-07-19 23:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2011-01-19 16:36 . 2007-07-19 17:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-01-19 16:36 . 2007-07-19 17:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2011-01-19 16:36 . 2007-07-19 23:54 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll
2011-01-19 16:36 . 2007-06-20 19:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2011-01-19 16:36 . 2007-05-16 15:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2011-01-19 16:36 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-01-19 16:36 . 2007-05-16 15:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2011-01-19 08:11 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-19 08:11 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-19 08:11 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-19 08:11 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-19 08:11 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-19 08:10 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-19 08:10 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-18 12:49 . 2011-01-25 10:35 -------- d-----w- c:\program files\Barbie(TM) Dobrodruzstvi s konmi(TM)
2011-01-18 12:49 . 2011-01-18 12:49 -------- d-----w- c:\users\Erika\AppData\Roaming\InstallShield
2011-01-16 15:28 . 2011-01-19 02:17 -------- d-----w- c:\windows\system32\drivers\NSS\0300010.008
2011-01-11 19:33 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-11 19:33 . 2010-11-02 04:35 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-01-11 19:33 . 2010-11-02 04:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-01-11 19:33 . 2010-11-02 04:41 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-11 19:33 . 2010-11-02 04:36 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-01-11 19:33 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 06:04 . 2010-11-27 07:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-01-20 06:11 . 2010-11-24 15:42 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-01-20 06:11 . 2010-11-24 15:41 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-15 05:37 . 2010-11-27 07:16 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-11-04 05:52 . 2010-12-16 04:23 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-16 04:23 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-16 04:23 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-16 04:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-16 04:22 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-16 04:22 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-16 04:22 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-16 04:22 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-16 04:22 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-16 04:22 179712 ----a-w- c:\windows\system32\schtasks.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-10 496184]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"UCam_Menu"="c:\program files\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\Lenovo\YouCam\YouCamTray.exe" [2009-12-22 167008]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-12-17 4114368]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6223808]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 779600]
c:\users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-9-4 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-11-17 575304]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 189984]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-22 1343400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 172032]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-09-03 21256]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 5340160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 152064]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\hpjsn837.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: network.proxy.type - 4
FF - Ext: 602XML Filler: xmlfiller@software602.cz - c:\program files\Mozilla Firefox\extensions\xmlfiller@software602.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-NSS - c:\program files\Norton Security Scan\Engine\2.7.3.34\InstWrap.exe
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(4088)
c:\program files\Lenovo\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\windows\system32\taskhost.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Lenovo\Bluetooth Software\btwdins.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2011-01-27 08:27:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-27 07:27
ComboFix2.txt 2011-01-26 21:48
Před spuštěním: Volných bajtů: 165 871 788 032
Po spuštění: Volných bajtů: 165 814 788 096
- - End Of File - - 4E263AB301E097180F11477649BD8916
Monoera
Re: Prosím o kontrolu logu - podezření na vir
Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
- c:\windows\system32\aswBoot.exe
- Kliknete na Prochazet
- Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
- Kliknete na Send File
- Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
- Vysledek analyzy sem vlozte (jako odkaz)
Napiste jak se chova PC Dle meho reinstal, jak jste zminila v PMce, je zbytecny, alespon prozatim"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu - podezření na vir
Reanalyse jsem klikla a vypadlo mi toto:
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
aswBoot.exe
Submission date:
2011-01-27 14:30:20 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 42 (0.0%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.27.01 2011.01.27 -
AntiVir 7.11.2.7 2011.01.27 -
Antiy-AVL 2.0.3.7 2011.01.27 -
Avast 4.8.1351.0 2011.01.27 -
Avast5 5.0.677.0 2011.01.27 -
AVG 10.0.0.1190 2011.01.27 -
BitDefender 7.2 2011.01.27 -
CAT-QuickHeal 11.00 2011.01.27 -
ClamAV 0.96.4.0 2011.01.27 -
Commtouch 5.2.11.5 2011.01.27 -
Comodo 7519 2011.01.27 -
DrWeb 5.0.2.03300 2011.01.27 -
Emsisoft 5.1.0.1 2011.01.27 -
eTrust-Vet 36.1.8122 2011.01.27 -
F-Prot 4.6.2.117 2011.01.26 -
F-Secure 9.0.16160.0 2011.01.27 -
Fortinet 4.2.254.0 2011.01.27 -
GData 21 2011.01.27 -
Ikarus T3.1.1.97.0 2011.01.27 -
Jiangmin 13.0.900 2011.01.27 -
K7AntiVirus 9.78.3650 2011.01.26 -
Kaspersky 7.0.0.125 2011.01.27 -
McAfee 5.400.0.1158 2011.01.27 -
McAfee-GW-Edition 2010.1C 2011.01.27 -
Microsoft 1.6502 2011.01.27 -
NOD32 5824 2011.01.27 -
Norman 6.06.12 2011.01.26 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.3.5 2011.01.26 -
PCTools 7.0.3.5 2011.01.27 -
Prevx 3.0 2011.01.27 -
Rising 23.42.03.06 2011.01.27 -
Sophos 4.61.0 2011.01.27 -
SUPERAntiSpyware 4.40.0.1006 2011.01.27 -
Symantec 20101.3.0.103 2011.01.27 -
TheHacker 6.7.0.1.120 2011.01.26 -
TrendMicro 9.120.0.1004 2011.01.27 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.27 -
VBA32 3.12.14.3 2011.01.26 -
VIPRE 8215 2011.01.27 -
ViRobot 2011.1.27.4278 2011.01.27 -
VirusBuster 13.6.166.0 2011.01.26 -
Additional information
Show all
MD5 : 2818237d7004cb68ae6cebdcbd05186e
SHA1 : e7aa54636438b5f7b1154a0dbbdd6b364edba0b4
SHA256: 0d5467bd813d48dc6481ca8cf3697f0198138dd6552f919a19f155c5595274d1
ssdeep: 3072:vefuBvH3Qb4KbLHLJlrBuw2MazcOnOxtcn27mrbWM9qP5Si78J9mNoL3neVv6m/i:iSYbv
nVlrBuwIzqA27mrd9qRSi78JYOn
File size : 188216 bytes
First seen: 2011-01-13 13:52:12
Last seen : 2011-01-27 14:30:20
TrID:
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: AVAST Software
copyright....: Copyright (c) 2010 AVAST Software
product......: avast_ Antivirus
description..: avast_ start-up scanner
original name: aswBoot.exe
internal name: aswBoot
file version.: 5, 1, 889, 0
comments.....: n/a
signers......: ALWIL Software
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 9:47 AM 1/13/2011
verified.....: -
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x1000
timedatestamp....: 0x4D2EBC03 (Thu Jan 13 08:46:59 2011)
machinetype......: 0x14c (I386)
[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1F04A, 0x1F200, 6.63, b657d2cef9d5c993fc1b5f092aa74abd
.rdata, 0x21000, 0x9F14, 0xA000, 6.81, 35c88240319c2c388507cae7197ee140
.data, 0x2B000, 0x1A70, 0x200, 3.28, a8f0f498f508b7a6439de5b9ac15ae53
.rsrc, 0x2D000, 0x368, 0x400, 2.91, 70cab64ab8085826cf1a6dc5a0ba72de
.reloc, 0x2E000, 0x23DA, 0x2400, 3.99, ac59f84f60b6dfd7ebf2ed217df450c5
[[ 1 import(s) ]]
ntdll.dll: wcschr, _wcsnicmp, NtSetInformationProcess, RtlCreateHeap, RtlAllocateHeap, RtlReAllocateHeap, RtlFreeHeap, NtTerminateProcess, _strnicmp, _ultow, _snwprintf, _ultoa, NtQueryInformationThread, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlDeleteCriticalSection, RtlRaiseException, memset, memcpy, strlen, strcmp, memmove, _allmul, RtlUnwind, wcstoul, wcsrchr, strtoul, wcsstr, wcsncmp, RtlInitUnicodeString, NtCreateFile, NtQueryInformationFile, NtSetInformationFile, NtClose, NtReadFile, NtDelayExecution, NtCreateSection, NtMapViewOfSection, NtDuplicateObject, NtUnmapViewOfSection, NtQueryAttributesFile, NtQueryInformationProcess, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlMultiByteToUnicodeSize, RtlMultiByteToUnicodeN, RtlQueryEnvironmentVariable_U, swprintf, NtQuerySystemInformation, LdrFindEntryForAddress, LdrLoadDll, LdrGetDllHandle, LdrGetProcedureAddress, LdrUnloadDll, NtOpenKey, NtQueryValueKey, NtCreateDirectoryObject, NtAllocateVirtualMemory, NtFreeVirtualMemory, RtlCreateSecurityDescriptor, RtlSetDaclSecurityDescriptor, memchr, _snprintf, strncpy, NtOpenFile, NtDeviceIoControlFile, _alldiv, _aulldiv, _chkstk
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 127488
CompanyName: AVAST Software
EntryPoint: 0x1000
FileDescription: avast! start-up scanner
FileFlagsMask: 0x0017
FileOS: Win32
FileSize: 184 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 5, 1, 889, 0
FileVersionNumber: 5.1.889.0
ImageVersion: 5.0
InitializedDataSize: 58368
InternalName: aswBoot
LanguageCode: Czech
LegalCopyright: Copyright (c) 2010 AVAST Software
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.0
ObjectFileType: Unknown
OriginalFilename: aswBoot.exe
PEType: PE32
ProductName: avast! Antivirus
ProductVersion: 5, 1, 0, 0
ProductVersionNumber: 1.0.0.1
Subsystem: Native
SubsystemVersion: 5.0
TimeStamp: 2011:01:13 09:46:59+01:00
UninitializedDataSize: 0
VT Community
0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
aswBoot.exe
Submission date:
2011-01-27 14:30:20 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 42 (0.0%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.27.01 2011.01.27 -
AntiVir 7.11.2.7 2011.01.27 -
Antiy-AVL 2.0.3.7 2011.01.27 -
Avast 4.8.1351.0 2011.01.27 -
Avast5 5.0.677.0 2011.01.27 -
AVG 10.0.0.1190 2011.01.27 -
BitDefender 7.2 2011.01.27 -
CAT-QuickHeal 11.00 2011.01.27 -
ClamAV 0.96.4.0 2011.01.27 -
Commtouch 5.2.11.5 2011.01.27 -
Comodo 7519 2011.01.27 -
DrWeb 5.0.2.03300 2011.01.27 -
Emsisoft 5.1.0.1 2011.01.27 -
eTrust-Vet 36.1.8122 2011.01.27 -
F-Prot 4.6.2.117 2011.01.26 -
F-Secure 9.0.16160.0 2011.01.27 -
Fortinet 4.2.254.0 2011.01.27 -
GData 21 2011.01.27 -
Ikarus T3.1.1.97.0 2011.01.27 -
Jiangmin 13.0.900 2011.01.27 -
K7AntiVirus 9.78.3650 2011.01.26 -
Kaspersky 7.0.0.125 2011.01.27 -
McAfee 5.400.0.1158 2011.01.27 -
McAfee-GW-Edition 2010.1C 2011.01.27 -
Microsoft 1.6502 2011.01.27 -
NOD32 5824 2011.01.27 -
Norman 6.06.12 2011.01.26 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.3.5 2011.01.26 -
PCTools 7.0.3.5 2011.01.27 -
Prevx 3.0 2011.01.27 -
Rising 23.42.03.06 2011.01.27 -
Sophos 4.61.0 2011.01.27 -
SUPERAntiSpyware 4.40.0.1006 2011.01.27 -
Symantec 20101.3.0.103 2011.01.27 -
TheHacker 6.7.0.1.120 2011.01.26 -
TrendMicro 9.120.0.1004 2011.01.27 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.27 -
VBA32 3.12.14.3 2011.01.26 -
VIPRE 8215 2011.01.27 -
ViRobot 2011.1.27.4278 2011.01.27 -
VirusBuster 13.6.166.0 2011.01.26 -
Additional information
Show all
MD5 : 2818237d7004cb68ae6cebdcbd05186e
SHA1 : e7aa54636438b5f7b1154a0dbbdd6b364edba0b4
SHA256: 0d5467bd813d48dc6481ca8cf3697f0198138dd6552f919a19f155c5595274d1
ssdeep: 3072:vefuBvH3Qb4KbLHLJlrBuw2MazcOnOxtcn27mrbWM9qP5Si78J9mNoL3neVv6m/i:iSYbv
nVlrBuwIzqA27mrd9qRSi78JYOn
File size : 188216 bytes
First seen: 2011-01-13 13:52:12
Last seen : 2011-01-27 14:30:20
TrID:
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: AVAST Software
copyright....: Copyright (c) 2010 AVAST Software
product......: avast_ Antivirus
description..: avast_ start-up scanner
original name: aswBoot.exe
internal name: aswBoot
file version.: 5, 1, 889, 0
comments.....: n/a
signers......: ALWIL Software
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 9:47 AM 1/13/2011
verified.....: -
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x1000
timedatestamp....: 0x4D2EBC03 (Thu Jan 13 08:46:59 2011)
machinetype......: 0x14c (I386)
[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1F04A, 0x1F200, 6.63, b657d2cef9d5c993fc1b5f092aa74abd
.rdata, 0x21000, 0x9F14, 0xA000, 6.81, 35c88240319c2c388507cae7197ee140
.data, 0x2B000, 0x1A70, 0x200, 3.28, a8f0f498f508b7a6439de5b9ac15ae53
.rsrc, 0x2D000, 0x368, 0x400, 2.91, 70cab64ab8085826cf1a6dc5a0ba72de
.reloc, 0x2E000, 0x23DA, 0x2400, 3.99, ac59f84f60b6dfd7ebf2ed217df450c5
[[ 1 import(s) ]]
ntdll.dll: wcschr, _wcsnicmp, NtSetInformationProcess, RtlCreateHeap, RtlAllocateHeap, RtlReAllocateHeap, RtlFreeHeap, NtTerminateProcess, _strnicmp, _ultow, _snwprintf, _ultoa, NtQueryInformationThread, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlDeleteCriticalSection, RtlRaiseException, memset, memcpy, strlen, strcmp, memmove, _allmul, RtlUnwind, wcstoul, wcsrchr, strtoul, wcsstr, wcsncmp, RtlInitUnicodeString, NtCreateFile, NtQueryInformationFile, NtSetInformationFile, NtClose, NtReadFile, NtDelayExecution, NtCreateSection, NtMapViewOfSection, NtDuplicateObject, NtUnmapViewOfSection, NtQueryAttributesFile, NtQueryInformationProcess, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlMultiByteToUnicodeSize, RtlMultiByteToUnicodeN, RtlQueryEnvironmentVariable_U, swprintf, NtQuerySystemInformation, LdrFindEntryForAddress, LdrLoadDll, LdrGetDllHandle, LdrGetProcedureAddress, LdrUnloadDll, NtOpenKey, NtQueryValueKey, NtCreateDirectoryObject, NtAllocateVirtualMemory, NtFreeVirtualMemory, RtlCreateSecurityDescriptor, RtlSetDaclSecurityDescriptor, memchr, _snprintf, strncpy, NtOpenFile, NtDeviceIoControlFile, _alldiv, _aulldiv, _chkstk
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 127488
CompanyName: AVAST Software
EntryPoint: 0x1000
FileDescription: avast! start-up scanner
FileFlagsMask: 0x0017
FileOS: Win32
FileSize: 184 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 5, 1, 889, 0
FileVersionNumber: 5.1.889.0
ImageVersion: 5.0
InitializedDataSize: 58368
InternalName: aswBoot
LanguageCode: Czech
LegalCopyright: Copyright (c) 2010 AVAST Software
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.0
ObjectFileType: Unknown
OriginalFilename: aswBoot.exe
PEType: PE32
ProductName: avast! Antivirus
ProductVersion: 5, 1, 0, 0
ProductVersionNumber: 1.0.0.1
Subsystem: Native
SubsystemVersion: 5.0
TimeStamp: 2011:01:13 09:46:59+01:00
UninitializedDataSize: 0
VT Community
0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Monoera
Re: Prosím o kontrolu logu - podezření na vir
Soubor je v poradku, patri Avastu, overoval jsem jej jen na popud ve Vasi PMce...
Jak se chova PC
Jak se chova PC
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu - podezření na vir
Pc se chová pořád blbě. Když chci aby mi to nepřekakovalo zpět, tak musím volit - otevřít v novém okně. Jinak vždycky riskuji, že mě to odskáče až na počáteční - úvodní stránku. ale s tím souborem avast - skutečně se mi před pár dny jako by "vypařily" jeho soubory. Mohlo dojít k omylu některého z uživatelů (anti talent na pc můj ne-přítel, či již poněkud více počítačově inteligentnější potomstvo).
Monoera
Re: Prosím o kontrolu logu - podezření na vir
Mozne to je...pokud dobre chapu, tak Vam blbnou prohlizece - zkusila jste je preinstalovat
Mate instalacni CD od windows
Mate instalacni CD od windows "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?