VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=101670

Stránka 1 z 1

prosím o kontrolu logu

Napsal: 04 čer 2010 07:09
od GTE
Prosím o kontrolu logu. Brácha mi donesl ntb a je v hrozném stavu-pomalé načítání stránek, sekání systému apod. V logu se nevyznám, ale už na pohled vypadá hodně divně :)

Logfile of random's system information tool 1.07 (written by random/random)
Run by David at 2010-06-04 08:02:51
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 37 GB (66%) free of 55 GB
Total RAM: 1014 MB (43% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-13 88204]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-19 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-07-19 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2006-07-19 69632]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-04-29 766041]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]
"Acer ePresentation HPD"=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-06-07 208896]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
""= []
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-13 118784]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-07-12 438272]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-09-11 2054360]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"sl1000"=C:\DOCUME~1\DAVIDK~1\LOCALS~1\TempImages\sl1000.exe [2009-08-08 65536]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
AVer HID Receiver.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

C:\Documents and Settings\David\Start Menu\Programs\Startup
siszyd32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1)"
"C:\Program Files\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe"="C:\Program Files\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe:*:Enabled:Nero MediaHome (2)"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Free Music Zilla\FMZilla.exe"="C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{365575ae-657a-11dd-8358-0018de473d54}]
shell\AutoRun\command - F:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd2fbae-25c0-11dd-82f1-0018de473d54}]
shell\AutoRun\command - F:\InstallTomTomHOME.exe


======List of files/folders created in the last 1 months======

2010-06-04 08:02:52 ----D---- C:\Program Files\trend micro
2010-06-04 08:02:51 ----D---- C:\rsit
2010-06-04 07:23:03 ----D---- C:\Documents and Settings\David\Application Data\ESET
2010-06-04 07:22:26 ----D---- C:\WINDOWS\LastGood
2010-06-04 07:22:05 ----D---- C:\Program Files\ESET
2010-06-04 07:22:05 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-06-04 07:12:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2010-06-03 22:16:18 ----SHD---- C:\FOUND.020
2010-06-03 22:02:57 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-03 20:53:34 ----SHD---- C:\FOUND.019
2010-06-03 20:48:43 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-06-03 11:55:30 ----D---- C:\Program Files\ICQ6Toolbar
2010-06-03 11:55:21 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2010-06-03 11:54:57 ----D---- C:\Program Files\ICQ7.2
2010-06-03 10:34:40 ----SHD---- C:\FOUND.018
2010-06-02 17:28:59 ----HD---- C:\WINDOWS\$NtUninstallKB981793$
2010-06-02 13:52:31 ----D---- C:\Documents and Settings\All Users\Application Data\AVerTV
2010-06-02 13:51:31 ----R---- C:\WINDOWS\system32\CardID.dll
2010-06-02 13:51:31 ----R---- C:\WINDOWS\system32\AVerIO.dll
2010-06-02 13:51:19 ----R---- C:\WINDOWS\system32\sptlib22.dll
2010-06-02 13:51:19 ----R---- C:\WINDOWS\system32\sptlib21.dll
2010-06-02 13:51:19 ----R---- C:\WINDOWS\system32\sptlib12.dll
2010-06-02 13:51:19 ----R---- C:\WINDOWS\system32\sptlib11.dll
2010-06-02 13:51:19 ----R---- C:\WINDOWS\system32\sptlib03.dll
2010-06-02 13:51:19 ----R---- C:\WINDOWS\system32\sptlib02.dll
2010-06-02 13:51:19 ----R---- C:\WINDOWS\system32\sptlib01.dll
2010-06-02 13:51:19 ----R---- C:\WINDOWS\system32\pthreadVC.dll
2010-06-02 13:51:05 ----D---- C:\Program Files\Common Files\AVerMedia
2010-06-02 13:51:05 ----D---- C:\Program Files\AVerMedia
2010-05-26 18:00:06 ----SHD---- C:\FOUND.017
2010-05-16 22:10:10 ----HD---- C:\WINDOWS\$NtUninstallKB978542$

======List of files/folders modified in the last 1 months======

2010-06-04 07:17:24 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2010-06-03 22:20:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-03 20:27:04 ----A---- C:\WINDOWS\wincmd.ini
2010-06-03 20:25:48 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-09-11 55768]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-03-20 21275]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-09-11 116008]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-09-11 135048]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 9728]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-04-14 13568]
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-13 1124097]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-11-05 879528]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-07-14 16896]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-13 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-19 4304384]
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-01 6144]
R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-29 193056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-04 1429632]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 AF15BDA;AF9015 BDA Filter; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-03-20 300544]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 AVerAF15;AVerMedia A815; C:\WINDOWS\System32\Drivers\AVerAF15.sys [2008-10-24 280576]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-11-05 539576]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-06-29 156392]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-08-27 74656]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 IpwP;IPWireless 3G Network Adapter; C:\WINDOWS\system32\DRIVERS\ipw3gnet.sys [2008-03-27 51040]
S3 lv321av;Logitech USB PC Camera (VC0321); C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 1097728]
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-19 39424]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-11-02 32512]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-06-13 162432]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-06-01 244864]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-03-02 67312]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-09 405504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-11-01 264800]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2006-05-17 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2006-05-17 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2006-05-17 61440]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-09-11 735960]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-04-14 114753]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-06-23 86016]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-04-14 217164]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-04-14 540745]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-09-11 20680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-07-31 720896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-11-02 86016]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-04 306432]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Re: prosím o kontrolu logu

Napsal: 04 čer 2010 07:38
od JaRon
Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

File::
C:\Documents and Settings\David\Start Menu\Programs\Startup\siszyd32.exe
C:\DOCUME~1\DAVIDK~1\LOCALS~1\TempImages\sl1000.exe
uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:

Obrázek

po aplikacii by mal vzniknut dalsi log, ten vloz sem :)

Re: prosím o kontrolu logu

Napsal: 04 čer 2010 09:09
od GTE
ComboFix 10-06-03.01 - David 04.06.2010 9:55.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1033.18.1014.463 [GMT 2:00]
Spuštěný z: c:\documents and settings\David\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\David \Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\David\Application Data\avdrn.dat
c:\documents and settings\David\Start Menu\Programs\Startup\siszyd32.exe
c:\program files\Internet Explorer\SET1A8.tmp
c:\program files\Internet Explorer\SETC8.tmp
c:\program files\Internet Explorer\SETC9.tmp
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2010-05-04 do 2010-06-04 )))))))))))))))))))))))))))))))
.

2010-06-04 06:02 . 2010-06-04 06:02 -------- d-----w- c:\program files\trend micro
2010-06-04 06:02 . 2010-06-04 06:02 -------- d-----w- C:\rsit
2010-06-04 06:00 . 2010-06-04 06:00 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\ESET
2010-06-04 05:23 . 2010-06-04 05:23 -------- d-----w- c:\documents and settings\David\Application Data\ESET
2010-06-04 05:22 . 2010-06-04 05:22 -------- d-----w- c:\program files\ESET
2010-06-04 05:22 . 2010-06-04 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-06-03 20:16 . 2010-06-03 20:16 -------- d-----w- C:\FOUND.020
2010-06-03 20:06 . 2010-06-03 20:06 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-03 20:04 . 2010-06-03 20:04 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-03 18:53 . 2010-06-03 18:53 -------- d-----w- C:\FOUND.019
2010-06-03 18:48 . 2010-06-03 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-03 09:55 . 2010-06-03 09:55 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-03 09:55 . 2010-06-03 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-06-03 09:55 . 2010-06-03 09:55 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\AOL
2010-06-03 09:54 . 2010-06-03 09:54 -------- d-----w- c:\program files\ICQ7.2
2010-06-03 08:34 . 2010-06-03 08:34 -------- d-----w- C:\FOUND.018
2010-06-02 11:52 . 2010-06-02 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVerTV
2010-06-02 11:52 . 2010-06-02 11:52 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\AVerMedia
2010-06-02 11:51 . 2009-05-11 03:58 94208 ------r- c:\windows\system32\CardID.dll
2010-06-02 11:51 . 2007-02-08 13:09 49152 ------r- c:\windows\system32\AVerIO.dll
2010-06-02 11:51 . 2005-04-28 19:08 3456 ------r- c:\windows\system32\AVerIO.sys
2010-06-02 11:51 . 2009-02-04 16:11 565248 ------r- c:\windows\system32\sptlib21.dll
2010-06-02 11:51 . 2008-12-22 11:59 294912 ------r- c:\windows\system32\sptlib11.dll
2010-06-02 11:51 . 2008-12-02 16:03 135168 ------r- c:\windows\system32\sptlib12.dll
2010-06-02 11:51 . 2008-10-07 17:31 290816 ------r- c:\windows\system32\sptlib22.dll
2010-06-02 11:51 . 2008-09-04 18:22 245760 ------r- c:\windows\system32\sptlib03.dll
2010-06-02 11:51 . 2008-09-04 18:22 249856 ------r- c:\windows\system32\sptlib01.dll
2010-06-02 11:51 . 2008-01-08 06:59 241664 ------r- c:\windows\system32\sptlib02.dll
2010-06-02 11:51 . 2010-06-02 11:51 -------- d-----w- c:\program files\Common Files\AVerMedia
2010-06-02 11:51 . 2010-06-02 11:51 -------- d-----w- c:\program files\AVerMedia
2010-05-26 16:00 . 2010-05-26 16:00 -------- d-----w- C:\FOUND.017

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 08:00 . 2006-08-01 15:01 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-04 05:21 . 2010-06-04 05:12 2812 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-25 13:33 . 2008-03-20 21:29 54240 ----a-w- c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-19 11:13 . 2009-03-04 21:08 101616 ----a-w- c:\windows\system32\4GCleanup.exe
2010-03-11 20:25 . 2010-03-11 20:25 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-10 06:15 . 2004-08-04 03:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sl1000"="c:\docume~1\DAVID~1\LOCALS~1\TempImages\sl1000.exe" [2009-08-08 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 88204]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 16248320]
"SkyTel"="SkyTel.EXE" [2006-07-19 2879488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 766041]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 208896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-13 118784]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-12 438272]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-6-29 45056]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-6-2 651264]
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-6-2 159744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" silent loginmode=4
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"LogitechCameraService(E)"=c:\windows\system32\ElkCtrl.exe /automation
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe /idle
"ntiMUI"=c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
"UVS10 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
"NexusServer"="c:\program files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"AzMixerSel"=c:\program files\Realtek\InstallShield\AzMixerSel.exe
"Boot"=c:\acer\Empowering Technology\ePower\Boot.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LogitechCameraAssistant"=c:\program files\Acer\OrbiCam\CameraAssistant.exe
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe"
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"LogitechVideo[inspector]"=c:\program files\Acer\OrbiCam\InstallHelper.exe /inspect
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"LManager"=c:\progra~1\LAUNCH~1\QtZgAcer.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avast5"=c:\progra~1\ALWILS~1\Avast5\avastUI.exe /nogui

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 7:23 108792]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2.3.2010 12:13 67312]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2.6.2010 13:51 344064]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2.6.2010 13:51 405504]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11.9.2009 7:24 735960]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [8.9.2005 0:18 9728]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [3.6.2010 11:55 246520]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [20.6.2006 3:20 1097728]
S3 AVerAF15;AVerMedia A815;c:\windows\system32\drivers\AVerAF15.sys [20.3.2010 12:55 280576]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [4.3.2009 23:08 51040]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - tzfixfx

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-02-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:02]

2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://en.us.acer.yahoo.com/
uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - hxxp://mail.schmitten.at:8889/activex/AMC.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://mail.schmitten.at:8888/activex/AMC.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 10:01
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tzfixfx]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(6944)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\AGRSMMSG.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\DAVID~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Celkový čas: 2010-06-04 10:05:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-04 08:05

Před spuštěním: 38 267 813 888 bytes free
Po spuštění: 38 363 594 752 bytes free

- - End Of File - - 2FF290E19B53AAFF52F4974F899A0C88

Re: prosím o kontrolu logu

Napsal: 04 čer 2010 09:12
od JaRon
to bola slusna uroda :) zopakuj akciu - novy CFS:

Kód: Vybrat vše

Driver::
tzfixfx

Re: prosím o kontrolu logu

Napsal: 04 čer 2010 10:29
od GTE
Tady je ten log:

ComboFix 10-06-03.01 - David 04.06.2010 10:31:51.2.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1033.18.1014.455 [GMT 2:00]
Spuštěný z: c:\documents and settings\David\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\David\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
Tyto soubory byly během aplikování deaktivovány:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TZFIXFX
-------\Service_tzfixfx


((((((((((((((((((((((((( Soubory vytvořené od 2010-05-04 do 2010-06-04 )))))))))))))))))))))))))))))))
.

2010-06-04 06:02 . 2010-06-04 06:02 -------- d-----w- c:\program files\trend micro
2010-06-04 06:02 . 2010-06-04 06:02 -------- d-----w- C:\rsit
2010-06-04 06:00 . 2010-06-04 06:00 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\ESET
2010-06-04 05:23 . 2010-06-04 05:23 -------- d-----w- c:\documents and settings\David\Application Data\ESET
2010-06-04 05:22 . 2010-06-04 05:22 -------- d-----w- c:\program files\ESET
2010-06-04 05:22 . 2010-06-04 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-06-03 20:16 . 2010-06-03 20:16 -------- d-----w- C:\FOUND.020
2010-06-03 20:06 . 2010-06-03 20:06 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-03 20:04 . 2010-06-03 20:04 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-03 18:53 . 2010-06-03 18:53 -------- d-----w- C:\FOUND.019
2010-06-03 18:48 . 2010-06-03 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-03 09:55 . 2010-06-03 09:55 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-03 09:55 . 2010-06-03 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-06-03 09:55 . 2010-06-03 09:55 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\AOL
2010-06-03 09:54 . 2010-06-03 09:54 -------- d-----w- c:\program files\ICQ7.2
2010-06-03 08:34 . 2010-06-03 08:34 -------- d-----w- C:\FOUND.018
2010-06-02 11:52 . 2010-06-02 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVerTV
2010-06-02 11:52 . 2010-06-02 11:52 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\AVerMedia
2010-06-02 11:51 . 2009-05-11 03:58 94208 ------r- c:\windows\system32\CardID.dll
2010-06-02 11:51 . 2007-02-08 13:09 49152 ------r- c:\windows\system32\AVerIO.dll
2010-06-02 11:51 . 2005-04-28 19:08 3456 ------r- c:\windows\system32\AVerIO.sys
2010-06-02 11:51 . 2009-02-04 16:11 565248 ------r- c:\windows\system32\sptlib21.dll
2010-06-02 11:51 . 2008-12-22 11:59 294912 ------r- c:\windows\system32\sptlib11.dll
2010-06-02 11:51 . 2008-12-02 16:03 135168 ------r- c:\windows\system32\sptlib12.dll
2010-06-02 11:51 . 2008-10-07 17:31 290816 ------r- c:\windows\system32\sptlib22.dll
2010-06-02 11:51 . 2008-09-04 18:22 245760 ------r- c:\windows\system32\sptlib03.dll
2010-06-02 11:51 . 2008-09-04 18:22 249856 ------r- c:\windows\system32\sptlib01.dll
2010-06-02 11:51 . 2008-01-08 06:59 241664 ------r- c:\windows\system32\sptlib02.dll
2010-06-02 11:51 . 2010-06-02 11:51 -------- d-----w- c:\program files\Common Files\AVerMedia
2010-06-02 11:51 . 2010-06-02 11:51 -------- d-----w- c:\program files\AVerMedia
2010-05-26 16:00 . 2010-05-26 16:00 -------- d-----w- C:\FOUND.017

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 08:36 . 2009-12-31 07:34 741376 ----a-w- c:\windows\system32\drivers\tzfixfx.sys
2010-06-04 08:36 . 2006-08-01 15:01 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-04 05:21 . 2010-06-04 05:12 2812 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-25 13:33 . 2008-03-20 21:29 54240 ----a-w- c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-19 11:13 . 2009-03-04 21:08 101616 ----a-w- c:\windows\system32\4GCleanup.exe
2010-03-11 20:25 . 2010-03-11 20:25 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-10 06:15 . 2004-08-04 03:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-04_08.01.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-04 08:38 . 2010-06-04 08:38 16384 c:\windows\Temp\Perflib_Perfdata_960.dat
+ 2010-06-04 08:37 . 2010-06-04 08:37 16384 c:\windows\Temp\Perflib_Perfdata_1b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sl1000"="c:\docume~1\DAVIDK~1\LOCALS~1\TempImages\sl1000.exe" [2009-08-08 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 88204]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 16248320]
"SkyTel"="SkyTel.EXE" [2006-07-19 2879488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 766041]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 208896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-13 118784]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-12 438272]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-6-29 45056]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-6-2 651264]
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-6-2 159744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" silent loginmode=4
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"LogitechCameraService(E)"=c:\windows\system32\ElkCtrl.exe /automation
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe /idle
"ntiMUI"=c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
"UVS10 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
"NexusServer"="c:\program files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"AzMixerSel"=c:\program files\Realtek\InstallShield\AzMixerSel.exe
"Boot"=c:\acer\Empowering Technology\ePower\Boot.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LogitechCameraAssistant"=c:\program files\Acer\OrbiCam\CameraAssistant.exe
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe"
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"LogitechVideo[inspector]"=c:\program files\Acer\OrbiCam\InstallHelper.exe /inspect
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"LManager"=c:\progra~1\LAUNCH~1\QtZgAcer.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avast5"=c:\progra~1\ALWILS~1\Avast5\avastUI.exe /nogui

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 7:23 108792]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2.3.2010 12:13 67312]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2.6.2010 13:51 344064]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2.6.2010 13:51 405504]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11.9.2009 7:24 735960]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [8.9.2005 0:18 9728]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [3.6.2010 11:55 246520]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [20.6.2006 3:20 1097728]
S3 AVerAF15;AVerMedia A815;c:\windows\system32\drivers\AVerAF15.sys [20.3.2010 12:55 280576]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [4.3.2009 23:08 51040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-02-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:02]

2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://en.us.acer.yahoo.com/
uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - hxxp://mail.schmitten.at:8889/activex/AMC.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://mail.schmitten.at:8888/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 10:38
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(6640)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\btmmhook.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\AGRSMMSG.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\DAVID~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Celkový čas: 2010-06-04 10:41:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-04 08:41
ComboFix2.txt 2010-06-04 08:05

Před spuštěním: 38 386 434 048 bytes free
Po spuštění: 38 328 860 672 bytes free

- - End Of File - - 533347267CA6066C543F36901A01A67D

Re: prosím o kontrolu logu

Napsal: 04 čer 2010 10:32
od JaRon
otestuj na www.virustotal.com subory:
c:\windows\system32\drivers\tzfixfx.sys
c:\docume~1\DAVIDK~1\LOCALS~1\TempImages\sl1000.exe

Re: prosím o kontrolu logu

Napsal: 04 čer 2010 13:33
od GTE
Mám poslat co to vyhodilo? U prvního 85% a druhý soubor 50%.

Re: prosím o kontrolu logu

Napsal: 04 čer 2010 13:35
od JaRon
oba subory ZMAZ - ak nie su problemy, tak hotovo :)

Re: prosím o kontrolu logu

Napsal: 04 čer 2010 14:28
od GTE
Díky moc. Už je to mnohem lepší. Jdu poslat nějakou tu korunu :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz