VIRY.CZ

Nejde mi hybernovat PC. Doposud s tím nebyl problém. Prosím o kontrolu. Předem děkuji.

Logfile of random's system information tool 1.07 (written by random/random)
Run by Jakubec at 2010-06-28 08:36:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (23%) free of 38 GB
Total RAM: 1280 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:37:13, on 28.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EMS\DvrTimeSvr.exe
C:\Program Files\EMS\ScheduleService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Jakubec\Plocha\RSIT.exe
C:\Program Files\trend micro\Jakubec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe thxr.wgo nwfdtx
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NUUO Remote Desktop Server] "C:\Program Files\NUUO\SCB_MPEG4_Hybrid\RmtDskServer.exe" -servicehelper
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} (CV781Object Object) - http://192.168.0.152/AVC_AX_DVR.cab
O16 - DPF: {1FBDF235-C5A9-4F21-BD79-9EC0DCF8AC29} (CV781Object Object) - http://192.168.0.237/AVC_AX_DVR.cab
O16 - DPF: {336C9D79-263A-4D75-AA7C-60DAF945AE67} (OvisLink IPCamera Control) - http://192.168.0.153/classes/OvisLinkCamV_H264.cab
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://192.168.0.220/RtspVaPgDec.cab
O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} (RtspVaPgCtrlNew Class) - http://192.168.0.185/RtspVaPgDec.cab
O16 - DPF: {563DF2AD-1EB7-4C84-8DA8-52A0A134E30E} (IcsView Control) - http://www.icantek.com/support/oem/activex/icsview.cab
O16 - DPF: {7B40618E-CC3D-4E7C-800A-E0306DD8BD48} (AMCCtrl Class) - http://192.168.0.150/AVC_AX_757.cab
O16 - DPF: {8214B72E-B0CD-466E-A44D-1D54D926038D} (CV781Object Object) - http://192.168.0.152/AVC_AX_724.cab
O16 - DPF: {C1D592D2-D4F6-4E9C-968D-797449DC0ADC} (WebViewerX Control) - http://www.dvrstation.com/webServer.cab
O16 - DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} (PdvrOcx Class) - http://www.dvrstation.com/pdvratl.php?vendor=0
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} (nvEPLMedia Control) - http://192.168.0.183/nvEPLMedia.cab
O16 - DPF: {DD01C8CA-5DA0-4B01-9603-B7194E561D32} (TVSLiveControl Class) - http://192.168.0.199/rel/webViewer.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://85.13.108.212/activex/AMC.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: DvrTimeServer - Unknown owner - C:\Program Files\EMS\DvrTimeSvr.exe
O23 - Service: Schedule Service (EMSService) - Unknown owner - C:\Program Files\EMS\ScheduleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NUUO Remote Desktop Server - Unknown owner - C:\Program Files\NUUO\SCB_MPEG4_Hybrid\RmtDskServer.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7105 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MainConsole.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"ST7501"= []
"NUUO Remote Desktop Server"=C:\Program Files\NUUO\SCB_MPEG4_Hybrid\RmtDskServer.exe [2010-04-07 352256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EMS\EMS.exe"="C:\Program Files\EMS\EMS.exe:*:Enabled:EMS PROGRAM"
"C:\Program Files\Video Server E\Video Server E.exe"="C:\Program Files\Video Server E\Video Server E.exe:*:Enabled:Video Server E"
"C:\Program Files\VideoViewer\VideoViewer.exe"="C:\Program Files\VideoViewer\VideoViewer.exe:*:Enabled:VideoViewer"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Documents and Settings\kucera\Dokumenty\ICQ\205449255\ReceivedFiles\349353578 Bohosek\bulanci.exe"="C:\Documents and Settings\kucera\Dokumenty\ICQ\205449255\ReceivedFiles\349353578 Bohosek\bulanci.exe:*:Enabled:bulanci"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\NetworkCameraWizard\NetworkCameraWizard.exe"="C:\Program Files\NetworkCameraWizard\NetworkCameraWizard.exe:*:Enabled:NetworkCamera Wizard"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\SJphone 1.65\SJphone.exe"="C:\Program Files\SJphone 1.65\SJphone.exe:*:Enabled:SJphone 1.65"
"C:\Program Files\LG Electronics\Smart Station\mDNSResponder.exe"="C:\Program Files\LG Electronics\Smart Station\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"\\192.168.0.31\Disk_U\WorkData\docasny\technici\CCTV\IP Corder\KNR-412\CD\Tools\Discover\Windows\Discover.exe"="\\192.168.0.31\Disk_U\WorkData\docasny\technici\CCTV\IP Corder\KNR-412\CD\Tools\Discover\Windows\Discover.exe:*:Enabled:IPCorder Discover"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Air Live IP Wizard II\IPWizardII.exe"="C:\Program Files\Air Live IP Wizard II\IPWizardII.exe:*:Enabled:IP Wizard II"
"C:\Program Files\EMS\DvrTimeServer.exe"="C:\Program Files\EMS\DvrTimeServer.exe:*:Enabled:DVR TIME SYNC"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EMS\EMS.exe"="C:\Program Files\EMS\EMS.exe:*:Enabled:EMS PROGRAM"

======List of files/folders created in the last 1 months======

2010-06-28 08:36:59 ----D---- C:\rsit
2010-06-28 08:36:59 ----D---- C:\Program Files\trend micro
2010-06-24 10:03:27 ----D---- C:\Program Files\Mozilla Firefox
2010-06-24 08:12:33 ----SHD---- C:\Config.Msi
2010-06-23 10:25:17 ----D---- C:\backup
2010-06-23 10:11:25 ----D---- C:\Storage
2010-06-23 09:27:56 ----D---- C:\SYS
2010-06-23 09:27:56 ----A---- C:\Initializelog.txt
2010-06-23 09:25:57 ----D---- C:\Program Files\AKR Player
2010-06-23 08:37:14 ----D---- C:\Temp_MicroDVRPlayer
2010-06-22 11:14:56 ----N---- C:\WINDOWS\system32\AVC_AP_SCALE.dll
2010-06-22 11:14:56 ----N---- C:\WINDOWS\system32\AVC_AP_JPEG.dll
2010-06-22 11:14:53 ----N---- C:\WINDOWS\system32\swscale-0.dll
2010-06-22 11:14:53 ----N---- C:\WINDOWS\system32\avutil-50.dll
2010-06-22 11:14:53 ----N---- C:\WINDOWS\system32\avformat-52.dll
2010-06-22 11:14:53 ----N---- C:\WINDOWS\system32\avdevice-52.dll
2010-06-22 11:14:51 ----N---- C:\WINDOWS\system32\Deinterlace.dll
2010-06-22 11:14:51 ----N---- C:\WINDOWS\system32\avcodec-52.dll
2010-06-21 12:30:58 ----D---- C:\_storage
2010-06-17 08:37:22 ----D---- C:\Program Files\WinSCP
2010-06-17 08:32:16 ----A---- C:\WINDOWS\system32\NdUnreg.dll
2010-06-10 13:42:26 ----D---- C:\Program Files\DVR Videoplayer
2010-06-10 08:31:03 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-10 08:30:56 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-10 08:30:45 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-10 08:26:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 08:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-10 08:26:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-08 16:51:33 ----D---- C:\Program Files\Axis Communications
2010-06-08 11:31:21 ----D---- C:\Documents and Settings\Jakubec\Data aplikací\vlc
2010-06-08 11:28:33 ----D---- C:\Program Files\VideoLAN
2010-06-08 09:03:29 ----D---- C:\Program Files\AirLive CamPro Express-server
2010-06-08 08:51:23 ----D---- C:\Documents and Settings\Jakubec\Data aplikací\UniSVR
2010-06-07 16:14:29 ----D---- C:\Program Files\Shutter

======List of files/folders modified in the last 1 months======

2010-06-28 08:36:59 ----RD---- C:\Program Files
2010-06-28 08:28:02 ----A---- C:\WINDOWS\wincmd.ini
2010-06-28 08:24:06 ----A---- C:\WINDOWS\PdvrServer.INI
2010-06-28 08:22:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-28 08:10:36 ----D---- C:\WINDOWS\Temp
2010-06-28 08:10:20 ----D---- C:\WINDOWS\system32
2010-06-25 13:13:37 ----D---- C:\Program Files\SpeedFan
2010-06-25 12:41:27 ----D---- C:\Program Files\EMS
2010-06-25 11:50:49 ----D---- C:\Temp
2010-06-25 11:50:49 ----D---- C:\FOXPOM
2010-06-24 10:04:51 ----D---- C:\Program Files\Mozilla Thunderbird
2010-06-24 08:30:04 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-24 08:30:00 ----RSD---- C:\WINDOWS\assembly
2010-06-24 08:17:29 ----SHD---- C:\WINDOWS\Installer
2010-06-24 08:15:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-24 08:14:40 ----D---- C:\WINDOWS\WinSxS
2010-06-23 14:56:15 ----A---- C:\WINDOWS\VideoDomain.ini
2010-06-23 13:46:27 ----D---- C:\Program Files\Micro D Player
2010-06-23 13:43:41 ----D---- C:\Program Files\VideoViewer
2010-06-23 09:25:56 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-23 08:05:53 ----D---- C:\tempvideo
2010-06-22 15:40:02 ----D---- C:\temppicture
2010-06-22 15:26:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-06-22 11:15:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-22 11:14:59 ----A---- C:\psapi.dll
2010-06-21 14:55:36 ----D---- C:\Program Files\TCMS
2010-06-21 11:34:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-21 11:34:16 ----D---- C:\WINDOWS\Registration
2010-06-21 11:33:47 ----D---- C:\Program Files\ComPlus Applications
2010-06-21 11:30:19 ----D---- C:\WINDOWS
2010-06-17 11:49:15 ----A---- C:\libSRTP_log.txt
2010-06-14 10:59:33 ----AD---- C:\Program Files\MemoCam
2010-06-10 16:32:24 ----D---- C:\Program Files\Internet Explorer
2010-06-10 11:13:39 ----HD---- C:\WINDOWS\inf
2010-06-10 08:31:00 ----A---- C:\WINDOWS\imsins.BAK
2010-06-10 08:30:56 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-08 11:22:43 ----D---- C:\WINDOWS\Help
2010-06-07 13:54:53 ----D---- C:\WINDOWS\system32\NtmsData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2008-09-25 181120]
R1 IfsMount;IfsMount; C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2008-08-28 51072]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 zntport;NTPort Library Driver; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-04-14 701440]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 BT878_01;BT878.G3 Video Capture; C:\WINDOWS\system32\DRIVERS\cxvcap.sys [2010-03-30 72064]
S2 BTAUD01;BT878.G3 Audio Capture; C:\WINDOWS\system32\DRIVERS\cxtscap.sys [2009-11-26 15872]
S3 axx3tevj;axx3tevj; C:\WINDOWS\system32\drivers\axx3tevj.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-03-23 25280]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2003-04-04 30336]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 PV-26xVPRODrv;Wdm Driver for H264 series V2; C:\WINDOWS\System32\Drivers\h264_d1.sys [2010-03-24 27328]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 slockusb;slockusb; \??\C:\WINDOWS\system32\slockusb.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbser;2N PBX VoIP Module Driver; C:\WINDOWS\System32\Drivers\usbser.sys [2010-03-26 24192]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DvrTimeServer;DvrTimeServer; C:\Program Files\EMS\DvrTimeSvr.exe [2008-10-29 49152]
R2 EMSService;Schedule Service; C:\Program Files\EMS\ScheduleService.exe [2010-04-27 1990656]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NUUO Remote Desktop Server;NUUO Remote Desktop Server; C:\Program Files\NUUO\SCB_MPEG4_Hybrid\RmtDskServer.exe [2010-04-07 352256]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2003-04-04 77824]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravím,

Stáhni OTM z odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe nebo
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“
Do své odpovědi vlož obsah zeleného okna
Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\

OTM script

Kód: Vybrat vše

:Processes
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"ST7501"=-

:Files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:Commands
[emptytemp]
[purity]
[Reboot]

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Skener" > Provést rychlý sken > Skenovat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

čekám 2 logy (OTM+MBAM)

ok dímy moc, mrknu na to. Jen ten řádek
"ST7501"=-

bych vypustil jestli můžu, je to software který potřebuju aby se spouštěl po startu.

OTM:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP179.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1FF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP26.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP30.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP49.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4A.tmp folder moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Jakubec
->Temp folder emptied: 673387899 bytes
->Temporary Internet Files folder emptied: 23012786 bytes
->Java cache emptied: 24266672 bytes
->FireFox cache emptied: 60386143 bytes
->Flash cache emptied: 14778 bytes

User: kucera
->Temp folder emptied: 64593973 bytes
->Temporary Internet Files folder emptied: 29719294 bytes
->Java cache emptied: 26147642 bytes
->Flash cache emptied: 9570 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Test
->Temp folder emptied: 15660 bytes
->Temporary Internet Files folder emptied: 52760 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26204844 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 33205668 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 824681 bytes

Total Files Cleaned = 917,00 mb

OTM by OldTimer - Version 3.1.12.2 log created on 06282010_132018

Files moved on Reboot...

Registry entries deleted on Reboot...

MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4249

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28.6.2010 13:38:29
mbam-log-2010-06-28 (13-38-29).txt

Typ skenu: Rychlý sken
Skenované objekty: 134157
Uplynulý čas: 6 minuta(y), 53 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 7

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
C:\Program Files\Mozilla Firefox\rasadhlp.dll (PWS.Chyup) -> No action taken.

Infikované klíče registru:
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Program Files\Mozilla Firefox\rasadhlp.dll (PWS.Chyup) -> No action taken.
C:\Program Files\Internet Explorer\rasadhlp.dll (PWS.Chyup) -> No action taken.
C:\Program Files\Opera\rasadhlp.dll (PWS.Chyup) -> No action taken.
C:\Program Files\outlook Express\rasadhlp.dll (PWS.Chyup) -> No action taken.
C:\WINDOWS\system32\thxr.wgo (Backdoor.Bot) -> No action taken.
C:\Program Files\WinSCP\rasadhlp.dll (Spyware.Passwords) -> No action taken.
C:\WINDOWS\system32\sys32.dll (Trojan.Agent) -> No action taken.

hrasek píše:Jen ten řádek
"ST7501"=-
bych vypustil jestli můžu, je to software který potřebuju aby se spouštěl po startu.

Netušil jsem - v běžících procesech nic takového nevidím a "ST7501"= [] vypadá jako prázdná hodnota v registrech

MBAM spustit znovu - dát Kompletní kontrola
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované soubory:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych taky rád viděl

spusť program C:\Program Files\trend micro\Jakubec.exe
klik na "Do a system scan only" a dej fajfku do čtverečků před řádky "O16"
klik na "Fix Checked" (fixnuté položky jsou uloženy v záloze a lze je snadno obnovit)

stáhneš speciální verzi G-Mer
Special
ulož na plochu a spusť -> proběhne krátký scan
když dostaneš hlášku rootkit activity and asks if you want to run scan>>klikneš NO<<
a nastavíš to takto

>> klikneš scan,<<
na konci scanu >>SAVE<< název dej Gspeclog.txt>>ulož na plochu a obsah logu zkopíruj sem

"když dostaneš hlášku rootkit activity and asks if you want to run scan>>klikneš NO<<
a nastavíš to takto"

To mám nastavit takto jen pokud se objeví ta hláška (neobjevila), nebo vždy?

Tak test proveden bez zaškrtlého "Sections" a "IAT/EAT". Je to tak ok, nebo to mám udělat znova a tyto volby mít zatrhnuté? Hláška "rootkit activity and asks if you want to run scan" mi nevyskočila.

Přikládám požadované logy:

mbam-log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4249

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.6.2010 8:04:53
mbam-log-2010-06-29 (08-04-53).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 222615
Uplynulý čas: 1 hodina(y), 24 minuta(y), 43 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 7

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
C:\Program Files\Mozilla Firefox\rasadhlp.dll (PWS.Chyup) -> Delete on reboot.

Infikované klíče registru:
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Program Files\Mozilla Firefox\rasadhlp.dll (PWS.Chyup) -> Delete on reboot.
C:\Program Files\Opera\rasadhlp.dll (PWS.Chyup) -> Quarantined and deleted successfully.
C:\Program Files\Outlook Express\rasadhlp.dll (PWS.Chyup) -> Quarantined and deleted successfully.
C:\Program Files\WinSCP\rasadhlp.dll (PWS.Chyup) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\rasadhlp.dll (PWS.Chyup) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thxr.wgo (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sys32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Gspeclog:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-29 12:40:01
Windows 5.1.2600 Service Pack 3
Running: 7ynntrg6.exe; Driver: C:\DOCUME~1\Jakubec\LOCALS~1\Temp\axldipow.sys

---- System - GMER 1.0.15 ----

SSDT sppr.sys ZwCreateKey [0xF74440E0]
SSDT sppr.sys ZwEnumerateKey [0xF745CDA4]
SSDT sppr.sys ZwEnumerateValueKey [0xF745D132]
SSDT sppr.sys ZwOpenKey [0xF74440C0]
SSDT sppr.sys ZwQueryKey [0xF745D20A]
SSDT sppr.sys ZwQueryValueKey [0xF745D08A]
SSDT sppr.sys ZwSetValueKey [0xF745D29C]

INT 0x62 ? 8979ABF8
INT 0x82 ? 8979ABF8
INT 0x83 ? 8979CBF8
INT 0xB4 ? 89514F00
INT 0xB4 ? 89514F00
INT 0xB4 ? 89514F00
INT 0xB4 ? 89514F00
INT 0xB4 ? 89514F00
INT 0xB4 ? 89514F00

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8972D1F8
Device \Driver\PCI_PNP0322 \Device\00000040 sppr.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{CE85A902-6792-403A-8B4B-C1F4EE333B42} 893891F8
Device \Driver\sptd \Device\2578769072 sppr.sys
Device \Driver\usbuhci \Device\USBPDO-0 895B01F8
Device \Driver\usbuhci \Device\USBPDO-1 895B01F8
Device \Driver\usbuhci \Device\USBPDO-2 895B01F8
Device \Driver\usbuhci \Device\USBPDO-3 895B01F8
Device \Driver\usbehci \Device\USBPDO-4 895991F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8972F1F8
Device \Driver\USBSTOR \Device\00000064 8938A500
Device \Driver\Cdrom \Device\CdRom0 894D6500
Device \Driver\USBSTOR \Device\00000065 8938A500
Device \Driver\atapi \Device\Ide\IdePort0 [F740BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F740BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\USBSTOR \Device\00000066 8938A500
Device \Driver\USBSTOR \Device\00000067 8938A500
Device \Driver\USBSTOR \Device\00000068 8938A500
Device \Driver\NetBT \Device\NetBt_Wins_Export 893891F8
Device \Driver\NetBT \Device\NetbiosSmb 893891F8
Device \Driver\usbuhci \Device\USBFDO-0 895B01F8
Device \Driver\usbuhci \Device\USBFDO-1 895B01F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8934B1F8
Device \Driver\usbuhci \Device\USBFDO-2 895B01F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8934B1F8
Device \Driver\usbuhci \Device\USBFDO-3 895B01F8
Device \Driver\usbehci \Device\USBFDO-4 895991F8
Device \Driver\Ftdisk \Device\FtControl 8972F1F8
Device \Driver\viasraid \Device\Scsi\viasraid1 8972E1F8
Device \Driver\abf9kszq \Device\Scsi\abf9kszq1Port3Path0Target0Lun0 894DB1F8
Device \Driver\abf9kszq \Device\Scsi\abf9kszq1 894DB1F8
Device \FileSystem\Cdfs \Cdfs 892F5500
Device -> \Driver\atapi \Device\Harddisk0\DR0 893A7EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x19 0x39 0xC3 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x54 0xAB 0x5C 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBC 0xFB 0x27 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x19 0x39 0xC3 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x54 0xAB 0x5C 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBC 0xFB 0x27 0x18 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

provedl jsi to správně.

Vypnout driver sptd.sys takto:
stáhni http://jpshortstuff.247fixes.com/beta/Defogger.exe
spusť - klik "Disable" - potvrď hlášku "Continue" - dej sem log který se vytvoří - samozřejmě nech restartovat PC

stáhni MBR
http://www2.gmer.net/mbr/mbr.exe ulož ho na plochu (jen ulož ale nespouštěj)
klik na hlavním panelu tlačítko "Start" -> "Spustit..." - do příkazového řádku zkopíruj celý červený příkaz
"%userprofile%\plocha\mbr" -t -> OK
na ploše vznikne mbr.log - jeho obsah sem zkopíruj

defogger_disable.log

defogger_disable by jpshortstuff (25.01.10.1)
Log created at 12:16 on 30/06/2010 (Jakubec)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled

-=E.O.F=-

mbr.log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89472EC5]<<
kernel: MBR read successfully
user & kernel MBR OK

Jsou v současnosti nějaké problémy s PC? Podle logů by mohlo být čisto

Pokud používáš nějakou virtuální mechaniku -> v Defoggeru "Re-enable"

A neuteč mi ještě budeme uklízet

Od virů už je PC zdá se čisté. aůe úpřád mám problém, že nejde hybernovat. Při pokusu o hybernaci se zobrazí klasicky obrazovka "příprava na režim spánku" ale potom se opět zobrazí plocha a k hybernaci nedojde.Zkoušel jsem vypnout a znova zapnout podporu hybernace,ale problém přetrvává.
Jinak moc díky zas pomoc!

Tak ještě pro jistotu použijeme CF

Stáhni si ComboFix
a ulož ho na plochu.
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dej nesouhlas s případnou výzvou k instalací Recovery console
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

Mezitím zkusím kontaktovat specialistu na případnou opravu registrů při problému s hibernací

S tím ComboFixem bude problém, při pokusu o spuštění mi tu pokaždé padne ("V aplikaci došlo k problému, je třeba ji zavřít ...").

Tak to nejdřív uklidíme

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

pak použij

Stáhni a spusť T-cleaner http://sweb.cz/Marinus/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Pak proveď nové stažení ComboFixu - při ukládání jej ulož jako zmije.com a pokus se o jeho spuštění.
Při opakování problému proveď spuštění CF v nouzovém režimu.

VIRY.CZ

Prosím o kontrolu - podezření na vir

Prosím o kontrolu - podezření na vir

Re: Prosím o kontrolu - podezření na vir

Re: Prosím o kontrolu - podezření na vir

Re: Prosím o kontrolu - podezření na vir

Re: Prosím o kontrolu - podezření na vir

Re: Prosím o kontrolu - podezření na vir

Re: Prosím o kontrolu - podezření na vir

Re: Prosím o kontrolu - podezření na vir

Re: Prosím o kontrolu - podezření na vir

Re: Prosím o kontrolu - podezření na vir

Re: Prosím o kontrolu - podezření na vir

Re: Prosím o kontrolu - podezření na vir

Re: Prosím o kontrolu - podezření na vir

Re: Prosím o kontrolu - podezření na vir

Re: Prosím o kontrolu - podezření na vir