Prosba o kontrolu logu

Zpráva

maaaca · #1 Příspěvek od **maaaca** » 01 čer 2011 16:31

Logfile of random's system information tool 1.08 (written by random/random)
Run by maaaca at 2011-06-01 17:29:45
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 12 GB (27%) free of 47 GB
Total RAM: 2046 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:30:07, on 1.6.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\snuvcdsm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\maaaca\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\maaaca\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\TweetDeck\TweetDeck.exe
C:\Windows\WindowsMobile\WmdHost.exe
C:\Users\maaaca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maaaca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maaaca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maaaca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\maaaca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maaaca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maaaca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maaaca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maaaca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maaaca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
F:\Program Files\Altap Salamander 2.5\salamand.exe
F:\Download\RSIT.exe
C:\Program Files\trend micro\maaaca.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\maaaca\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\maaaca\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\maaaca\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [svhost] C:\Users\maaaca\AppData\Roaming\svhost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = maaaca\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GladFileMonSvc - Gladinet, INC - C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: QipGuard - QIP.ru - C:\Program Files\QipGuard\QipGuard.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7660 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3676285063-1658118094-2193391741-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3676285063-1658118094-2193391741-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\maaaca\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-11-24 150400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-05-10 819840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"=C:\Windows\PLFSetL.exe [2008-07-03 94208]
"SNUVCDSM"=C:\Windows\snuvcdsm.exe [2009-08-10 27184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-03-06 13605408]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-03-06 92704]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-02-15 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Google Update"=C:\Users\maaaca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-10 136176]
"ShowBatteryBar"=C:\Program Files\BatteryBar\ShowBatteryBar.exe [2009-05-28 90624]
"svhost"=C:\Users\maaaca\AppData\Roaming\svhost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\maaaca\AppData\Roaming\QipGuard\QipGuard.exe [2010-11-24 194944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SugarSync]
C:\Program Files\SugarSync\SugarSyncManager.exe [2011-02-10 15622144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2004-02-03 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Gladinet Cloud Desktop.lnk]
C:\PROGRA~1\Gladinet\GLADIN~1\GLADLA~1.EXE [2011-01-06 87400]

C:\Users\maaaca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\maaaca\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 months======

2011-06-01 17:29:45 ----D---- C:\rsit
2011-06-01 17:29:45 ----D---- C:\Program Files\trend micro
2011-06-01 11:59:47 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-06-01 11:59:46 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-06-01 11:59:22 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-06-01 11:59:21 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-06-01 11:59:17 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-06-01 11:59:10 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-06-01 11:58:16 ----A---- C:\Windows\system32\aswBoot.exe
2011-06-01 11:58:05 ----D---- C:\ProgramData\AVAST Software
2011-06-01 11:58:05 ----D---- C:\Program Files\AVAST Software
2011-06-01 11:55:45 ----SHD---- C:\Config.Msi
2011-05-25 23:06:20 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-05-23 01:10:49 ----D---- C:\Users\maaaca\AppData\Roaming\les-coccinelles
2011-05-19 15:13:56 ----A---- C:\Windows\system32\poqexec.exe
2011-05-11 13:40:45 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2011-05-11 13:40:45 ----A---- C:\Windows\system32\drivers\usbport.sys
2011-05-11 13:40:45 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-05-11 13:40:45 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-05-11 13:40:44 ----A---- C:\Windows\system32\drivers\usbd.sys
2011-05-11 13:40:44 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2011-05-11 13:40:41 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-05-11 13:40:41 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-05-02 19:55:38 ----D---- C:\Users\maaaca\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-05-02 19:55:29 ----D---- C:\Program Files\TweetDeck
2011-05-02 19:55:23 ----D---- C:\Program Files\Common Files\Adobe AIR

======List of files/folders modified in the last 1 months======

2011-06-01 17:30:08 ----D---- C:\Windows\Temp
2011-06-01 17:29:45 ----RD---- C:\Program Files
2011-06-01 16:58:37 ----D---- C:\Users\maaaca\AppData\Roaming\Mozilla
2011-06-01 15:20:16 ----D---- C:\Users\maaaca\AppData\Roaming\Dropbox
2011-06-01 15:19:09 ----D---- C:\Program Files\Common Files\Akamai
2011-06-01 12:42:26 ----D---- C:\Windows\system32\config
2011-06-01 12:33:51 ----D---- C:\Windows\winsxs
2011-06-01 12:19:42 ----HD---- C:\ProgramData
2011-06-01 12:19:42 ----D---- C:\Windows
2011-06-01 12:17:54 ----SHD---- C:\Windows\Installer
2011-06-01 12:17:33 ----D---- C:\ProgramData\Lavasoft
2011-06-01 12:17:30 ----DC---- C:\Windows\system32\DRVSTORE
2011-06-01 12:17:30 ----D---- C:\Windows\system32\drivers
2011-06-01 12:16:53 ----D---- C:\Windows\System32
2011-06-01 12:15:52 ----D---- C:\Program Files\CeRegEditor
2011-06-01 12:15:46 ----D---- C:\Program Files\cGPSmapper
2011-06-01 12:14:47 ----D---- C:\Program Files\Elaborate Bytes
2011-06-01 12:13:49 ----D---- C:\Windows\system32\appmgmt
2011-06-01 12:11:32 ----SHD---- C:\System Volume Information
2011-06-01 12:10:24 ----D---- C:\Windows\system32\Tasks
2011-06-01 12:08:49 ----D---- C:\Program Files\Mozilla Firefox
2011-06-01 11:56:18 ----D---- C:\Windows\inf
2011-06-01 11:55:48 ----HD---- C:\Windows\system32\GroupPolicy
2011-06-01 11:52:20 ----D---- C:\Users\maaaca\AppData\Roaming\Media Player Classic
2011-06-01 11:52:19 ----D---- C:\Windows\debug
2011-05-30 20:58:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-05-25 23:05:03 ----D---- C:\Windows\system32\catroot
2011-05-25 22:58:27 ----D---- C:\Windows\Tasks
2011-05-24 08:54:34 ----D---- C:\Windows\system32\catroot2
2011-05-23 12:35:29 ----D---- C:\Windows\system32\DriverStore
2011-05-15 22:21:00 ----D---- C:\Users\maaaca\AppData\Roaming\EurekaLog
2011-05-14 21:25:39 ----D---- C:\Windows\Prefetch
2011-05-12 15:52:51 ----D---- C:\ProgramData\Microsoft Help
2011-05-12 15:48:59 ----A---- C:\Windows\system32\MRT.exe
2011-05-10 20:17:28 ----D---- C:\Program Files\QIP 2010
2011-05-09 17:33:28 ----D---- C:\Users\maaaca\AppData\Roaming\Adobe
2011-05-09 17:33:28 ----D---- C:\ProgramData\Adobe
2011-05-03 22:44:07 ----D---- C:\Garmin
2011-05-02 19:55:24 ----D---- C:\Program Files\Adobe
2011-05-02 19:55:23 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-01-17 114048]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-14 211456]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2009-04-20 9344]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-09-10 1761280]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
S1 MpKsl05ea17cd;MpKsl05ea17cd; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D4A8654E-DE85-4043-9464-8E65394D2B22}\MpKsl05ea17cd.sys []
S1 MpKsl2bdda70b;MpKsl2bdda70b; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D5350373-1710-4FF1-981F-7A28CFC27CF3}\MpKsl2bdda70b.sys []
S1 MpKsl303827d7;MpKsl303827d7; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D062E374-255D-4AAA-B914-36C182F95BAB}\MpKsl303827d7.sys []
S1 MpKsl36ce7f31;MpKsl36ce7f31; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD573D71-C1EE-44B1-9128-F076DA762A6B}\MpKsl36ce7f31.sys []
S1 MpKsl378c8eee;MpKsl378c8eee; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F13B1DAA-C140-436A-9575-562E07F5B567}\MpKsl378c8eee.sys []
S1 MpKsl4a624fd3;MpKsl4a624fd3; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89DD198B-5BCA-48B0-B353-F6179BD59D57}\MpKsl4a624fd3.sys []
S1 MpKsl56e646e8;MpKsl56e646e8; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0056EDD2-F5A1-4774-8865-12D03BA5F21E}\MpKsl56e646e8.sys []
S1 MpKsl57fa6c8f;MpKsl57fa6c8f; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75A7C4C1-CF27-46A9-A71D-0A4704FD7FB7}\MpKsl57fa6c8f.sys []
S1 MpKsl5be77c9d;MpKsl5be77c9d; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2824C0F8-8116-4B09-8D88-AD0A2A10D806}\MpKsl5be77c9d.sys []
S1 MpKsl5ff3bace;MpKsl5ff3bace; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{660C735C-6173-47D8-A25E-D74D19AA7918}\MpKsl5ff3bace.sys []
S1 MpKsl6355f4e3;MpKsl6355f4e3; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E74F4AF6-53C7-426B-8258-D967E98ECD03}\MpKsl6355f4e3.sys []
S1 MpKsl6dc65e05;MpKsl6dc65e05; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44B404BD-33D8-4EB1-BB3F-B3D4DF50F32C}\MpKsl6dc65e05.sys []
S1 MpKsl736b5e9b;MpKsl736b5e9b; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A8366DF-F25E-46BA-9590-B90D741E88FE}\MpKsl736b5e9b.sys []
S1 MpKsl8b7c5df4;MpKsl8b7c5df4; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5876D6A-E86C-4833-A3C5-16AE40B089F7}\MpKsl8b7c5df4.sys []
S1 MpKsla048eeef;MpKsla048eeef; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{70B4C055-C004-40E8-9FEA-54FDA50C0EF1}\MpKsla048eeef.sys []
S1 MpKslb646bad6;MpKslb646bad6; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C688212D-D23B-4A08-A85B-0049EE400A2E}\MpKslb646bad6.sys []
S1 MpKslbe745d42;MpKslbe745d42; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC908750-8F69-45A7-B63B-033EB3C408BF}\MpKslbe745d42.sys []
S1 MpKsle6615c72;MpKsle6615c72; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B78C8310-B648-4AC3-9E01-EF946AA1395E}\MpKsle6615c72.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-04-29 26112]
S3 Axtmvflt;Axesstel USB Filter Service; C:\Windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\Windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\Windows\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WINUSB;Ovladač WinUsb; C:\Windows\system32\drivers\WinUSB.SYS [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 GladFileMonSvc;GladFileMonSvc; C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [2011-01-06 29032]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-03-06 203296]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 QipGuard;QipGuard; C:\Program Files\QipGuard\QipGuard.exe [2010-11-24 194944]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-03-15 2233400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-27 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-03-14 1045256]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-27 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Danstahr · #2 Příspěvek od **Danstahr** » 01 čer 2011 18:18

Dobrý večer

,

pracuji na tom.

Danstahr · #3 Příspěvek od **Danstahr** » 01 čer 2011 18:32

Ještě jednou dobrý večer,

Stáhněte MBAM a vložte sem jeho log podle návodu zde, při výběru skenu zvolte Úplný sken.

Zatím nic nemažte, MBAM může mít falešné detekce!

maaaca · #4 Příspěvek od **maaaca** » 01 čer 2011 19:19

Dobry vecer, diky za pomoc, log prikladam:

Malwarebytes' Anti-Malware 1.51.0.1200
http://www.malwarebytes.org

Verze databáze: 6746

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

1.6.2011 20:17:36
mbam-log-2011-06-01 (20-17-26).txt

Typ: Rychlá kontrola
Kontrolované objekty: 165859
Uplynulý čas: 7 minut, 3 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svhost (Trojan.Downloader) -> Value: svhost -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Windows\installer\MSIC2A.tmp (HackTool.Hiderun) -> No action taken.
c:\Users\maaaca\AppData\Roaming\data.dat (Stolen.Data) -> No action taken.

Danstahr · #5 Příspěvek od **Danstahr** » 01 čer 2011 19:36

Dobrý večer,

všechny nalezené položky smažte a proveďte prosím kontrolu ještě jednou s Úplným skenem

Obrázek

maaaca · #6 Příspěvek od **maaaca** » 01 čer 2011 21:57

Diky za pomoc.

VIRY.CZ

Prosba o kontrolu logu

Prosba o kontrolu logu

Re: Prosba o kontrolu logu

Re: Prosba o kontrolu logu

Re: Prosba o kontrolu logu

Re: Prosba o kontrolu logu

Re: Prosba o kontrolu logu