problém s ovladačem zobrazení
Napsal: 21 črc 2010 18:50
Omlouvám se, zda to nedělám podle pravidel, známý mi dal odkaz sem,s tím, že mi pomůžete. Dle jeho návodu jsem proskenovala počítač a dle pokynů sem výsledek vkládám, protože si s tím nevím rady. Neustále mi padá ovladač zobrazení Ati2dvag a jelikož jsem tak trochu počítačový negramota,prosím o radu, co s tím. Děkuju.
RSIT log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2010-07-21 12:01:06
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 13 GB (35%) free of 38 GB
Total RAM: 255 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:01:21, on 21.7.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WOKNA\System32\smss.exe
C:\WOKNA\system32\winlogon.exe
C:\WOKNA\system32\services.exe
C:\WOKNA\system32\lsass.exe
C:\WOKNA\system32\svchost.exe
C:\WOKNA\System32\svchost.exe
C:\WOKNA\Explorer.EXE
C:\WOKNA\system32\spoolsv.exe
C:\WOKNA\Temp\wpv431254042811.exe
C:\WOKNA\system32\qttask.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WOKNA\system32\ctfmon.exe
C:\WOKNA\System32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WOKNA\system32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WOKNA\system32\wscntfy.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Owner\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Owner\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [sysgif32] C:\WOKNA\Temp\wpv431254042811.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WOKNA\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WOKNA\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WOKNA\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/533.4_(KHTML,_like_Gecko)_Chrome/5.0.375.99_Safari/533.4" -"http://hry2.1001hry.cz/699bbd6eba34f4b3 ... =1&nobtn=1"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WOKNA\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WOKNA\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WOKNA\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WOKNA\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WOKNA\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WOKNA\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WOKNA\System32\NMSSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WOKNA\System32\TuneUpDefragService.exe
--
End of file - 9315 bytes
======Scheduled tasks folder======
C:\WOKNA\tasks\1-Click Maintenance.job
C:\WOKNA\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1563985344-1801674531-1003Core.job
C:\WOKNA\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1563985344-1801674531-1003UA.job
C:\WOKNA\tasks\Norton Security Scan for Owner.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-09-13 1312040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Owner\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-02-12 119808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2006-10-17 2120768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-20 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2006-10-17 2120768]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-03 339968]
"ATIModeChange"=C:\WOKNA\system32\Ati2mdxx.exe [2002-06-04 28672]
"sysgif32"=C:\WOKNA\Temp\wpv431254042811.exe [2009-09-28 36352]
"QuickTime Task"=C:\WOKNA\system32\qttask.exe [2007-04-21 98304]
"KernelFaultCheck"=C:\WOKNA\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"ctfmon.exe"=C:\WOKNA\system32\ctfmon.exe [2004-08-18 15360]
"Google Update"=C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-09-05 133104]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WOKNA\system32\Adobe\Shockwave 11\SwHelper_1151601.exe [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-01-09 2262352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WOKNA\system32\ctfmon.exe [2004-08-18 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-09-05 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WOKNA\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\WOKNA\system32\qttask.exe [2007-04-21 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-13 68856]
C:\Documents and Settings\Owner\Nabídka Start\Programy\Po spuštění
ikowin32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WOKNA\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Documents and Settings\Owner\Plocha\QIP Infium PafoLitePack\inf.exe"="C:\Documents and Settings\Owner\Plocha\QIP Infium PafoLitePack\inf.exe:*:Enabled:QIP Infium"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WOKNA\Temp\wpv431254042811.exe"="C:\WOKNA\Temp\wpv431254042811.exe:*:Enabled:services"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
======List of files/folders created in the last 1 months======
2010-07-21 12:01:06 ----D---- C:\rsit
======List of files/folders modified in the last 1 months======
2010-07-21 12:01:20 ----D---- C:\Program Files\Trend Micro
2010-07-21 10:59:22 ----D---- C:\WOKNA\Temp
2010-07-21 10:57:08 ----D---- C:\WOKNA
2010-07-21 10:56:03 ----A---- C:\WOKNA\SchedLgU.Txt
2010-07-18 16:05:49 ----D---- C:\WOKNA\Prefetch
2010-07-18 16:05:19 ----D---- C:\WOKNA\system32\CatRoot2
2010-07-18 15:58:20 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-18 01:54:03 ----D---- C:\Documents and Settings\Owner\Data aplikací\OpenOffice.org2
2010-07-17 14:30:29 ----D---- C:\WOKNA\Enfocus Prefs Folder
2010-07-14 15:29:55 ----D---- C:\EDITA
2010-07-14 11:15:15 ----A---- C:\WOKNA\quark.ini
2010-07-10 00:36:10 ----SD---- C:\WOKNA\Downloaded Program Files
2010-07-05 22:28:19 ----D---- C:\Documents and Settings\Owner\Data aplikací\Skype
2010-06-30 18:36:32 ----SHD---- C:\WOKNA\Installer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WOKNA\System32\DRIVERS\agp440.sys [2004-08-04 42368]
R1 intelppm;Řadič procesoru Intel; C:\WOKNA\System32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 omci;OMCI WDM Device Driver; C:\WOKNA\System32\DRIVERS\omci.sys [2002-10-15 17153]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WOKNA\system32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R2 fssfltr;FssFltr; C:\WOKNA\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 aeaudio;aeaudio; C:\WOKNA\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WOKNA\System32\DRIVERS\ati2mtag.sys [2002-06-04 426752]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WOKNA\System32\DRIVERS\e1000325.sys [2002-11-12 99840]
R3 HidUsb;Ovladač třídy standardu HID; C:\WOKNA\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WOKNA\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 smwdm;smwdm; C:\WOKNA\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbprint;Třída USB Printer; C:\WOKNA\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WOKNA\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WOKNA\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WOKNA\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WOKNA\system32\DRIVERS\NetMotCM.sys []
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WOKNA\system32\drivers\NMSCFG.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WOKNA\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WOKNA\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WOKNA\System32\drivers\ws2ifsl.sys [2002-07-10 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WOKNA\system32\svchost.exe [2004-08-18 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 UMWdf;Windows User Mode Driver Framework; C:\WOKNA\system32\wdfmgr.exe [2004-08-10 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WOKNA\System32\svchost.exe [2004-08-18 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-24 72704]
S3 aspnet_state;ASP.NET State Service; C:\WOKNA\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WOKNA\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMSSvc;Intel(R) NMS; C:\WOKNA\System32\NMSSvc.exe [2002-07-30 1118208]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WOKNA\System32\TuneUpDefragService.exe [2008-01-06 306432]
-----------------EOF-----------------
MWAV log:
File C:WOKNATempwpv431254042811.exe infected by "Trojan.Proxy.MSO (DB)" Virus! Action Taken: No Action Taken.
File C:WOKNATempwpv431254042811.exe infected by "Trojan.Proxy.MSO (DB)" Virus! Action Taken: No Action Taken.
File C:Documents and SettingsOwnerNabídka StartProgramyPo spuštěníikowin32.exe infected by "Trojan.Downloader.Bredolab.AR (DB)" Virus! Action Taken: No Action Taken.
Object "look2me Adware" found in File System! Action Taken: No Action Taken.
Object "Conducent FlexPak Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "PersonalAntispy Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
File C:Documents and SettingsOwnerLocal SettingsTemp~TM208.tmp infected by "Trojan.Downloader.Bredolab.AR (DB)" Virus! Action Taken: No Action Taken.
File C:Documents and SettingsOwnerLocal SettingsTemp~TM208.tmp infected by "Trojan.Downloader.Bredolab.AR (DB)" Virus! Action Taken: No Action Taken.
File C:Documents and SettingsOwnerNabídka StartProgramyPo spuštěníikowin32.exe infected by "Trojan.Downloader.Bredolab.AR (DB)" Virus! Action Taken: No Action Taken.
File C:WOKNATempwpv301260802348.exe infected by "Trojan.Generic.3650295 (DB)" Virus! Action Taken: No Action Taken.
File C:WOKNATempwpv431254042811.exe infected by "Trojan.Proxy.MSO (DB)" Virus! Action Taken: No Action Taken.
File C:WOKNATempwpv491253926400.exe infected by "Trojan.Dropper.Kobcka.FH (DB)" Virus! Action Taken: N
MBAM log:
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org
Verze databáze: 4334
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
21.7.2010 14:54:56
mbam-log-2010-07-21 (14-54-56).txt
Typ skenu: Úplný sken (A:\|C:\|D:\|)
Skenované objekty: 299892
Uplynulý čas: 2 hodina(y), 3 minuta(y), 41 sekunda(y)
Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 6
Infikované procesy v paměti:
C:\WOKNA\Temp\wpv431254042811.exe (Trojan.Proxy) -> No action taken.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Proxy) -> No action taken.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WOKNA\Temp\wpv431254042811.exe (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~TM208.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Nabídka Start\Programy\Po spuštění\ikowin32.exe (Trojan.Agent) -> No action taken.
C:\WOKNA\Temp\wpv301260802348.exe (Trojan.Dropper) -> No action taken.
C:\WOKNA\Temp\wpv491253926400.exe (Trojan.Kobcka) -> No action taken.
C:\Documents and Settings\Owner\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
RSIT log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2010-07-21 12:01:06
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 13 GB (35%) free of 38 GB
Total RAM: 255 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:01:21, on 21.7.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WOKNA\System32\smss.exe
C:\WOKNA\system32\winlogon.exe
C:\WOKNA\system32\services.exe
C:\WOKNA\system32\lsass.exe
C:\WOKNA\system32\svchost.exe
C:\WOKNA\System32\svchost.exe
C:\WOKNA\Explorer.EXE
C:\WOKNA\system32\spoolsv.exe
C:\WOKNA\Temp\wpv431254042811.exe
C:\WOKNA\system32\qttask.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WOKNA\system32\ctfmon.exe
C:\WOKNA\System32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WOKNA\system32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WOKNA\system32\wscntfy.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Owner\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Owner\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [sysgif32] C:\WOKNA\Temp\wpv431254042811.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WOKNA\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WOKNA\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WOKNA\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/533.4_(KHTML,_like_Gecko)_Chrome/5.0.375.99_Safari/533.4" -"http://hry2.1001hry.cz/699bbd6eba34f4b3 ... =1&nobtn=1"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WOKNA\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WOKNA\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WOKNA\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WOKNA\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WOKNA\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WOKNA\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WOKNA\System32\NMSSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WOKNA\System32\TuneUpDefragService.exe
--
End of file - 9315 bytes
======Scheduled tasks folder======
C:\WOKNA\tasks\1-Click Maintenance.job
C:\WOKNA\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1563985344-1801674531-1003Core.job
C:\WOKNA\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1563985344-1801674531-1003UA.job
C:\WOKNA\tasks\Norton Security Scan for Owner.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-09-13 1312040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Owner\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-02-12 119808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2006-10-17 2120768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-20 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2006-10-17 2120768]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-03 339968]
"ATIModeChange"=C:\WOKNA\system32\Ati2mdxx.exe [2002-06-04 28672]
"sysgif32"=C:\WOKNA\Temp\wpv431254042811.exe [2009-09-28 36352]
"QuickTime Task"=C:\WOKNA\system32\qttask.exe [2007-04-21 98304]
"KernelFaultCheck"=C:\WOKNA\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"ctfmon.exe"=C:\WOKNA\system32\ctfmon.exe [2004-08-18 15360]
"Google Update"=C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-09-05 133104]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WOKNA\system32\Adobe\Shockwave 11\SwHelper_1151601.exe [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-01-09 2262352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WOKNA\system32\ctfmon.exe [2004-08-18 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-09-05 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WOKNA\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\WOKNA\system32\qttask.exe [2007-04-21 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-13 68856]
C:\Documents and Settings\Owner\Nabídka Start\Programy\Po spuštění
ikowin32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WOKNA\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Documents and Settings\Owner\Plocha\QIP Infium PafoLitePack\inf.exe"="C:\Documents and Settings\Owner\Plocha\QIP Infium PafoLitePack\inf.exe:*:Enabled:QIP Infium"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WOKNA\Temp\wpv431254042811.exe"="C:\WOKNA\Temp\wpv431254042811.exe:*:Enabled:services"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
======List of files/folders created in the last 1 months======
2010-07-21 12:01:06 ----D---- C:\rsit
======List of files/folders modified in the last 1 months======
2010-07-21 12:01:20 ----D---- C:\Program Files\Trend Micro
2010-07-21 10:59:22 ----D---- C:\WOKNA\Temp
2010-07-21 10:57:08 ----D---- C:\WOKNA
2010-07-21 10:56:03 ----A---- C:\WOKNA\SchedLgU.Txt
2010-07-18 16:05:49 ----D---- C:\WOKNA\Prefetch
2010-07-18 16:05:19 ----D---- C:\WOKNA\system32\CatRoot2
2010-07-18 15:58:20 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-18 01:54:03 ----D---- C:\Documents and Settings\Owner\Data aplikací\OpenOffice.org2
2010-07-17 14:30:29 ----D---- C:\WOKNA\Enfocus Prefs Folder
2010-07-14 15:29:55 ----D---- C:\EDITA
2010-07-14 11:15:15 ----A---- C:\WOKNA\quark.ini
2010-07-10 00:36:10 ----SD---- C:\WOKNA\Downloaded Program Files
2010-07-05 22:28:19 ----D---- C:\Documents and Settings\Owner\Data aplikací\Skype
2010-06-30 18:36:32 ----SHD---- C:\WOKNA\Installer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WOKNA\System32\DRIVERS\agp440.sys [2004-08-04 42368]
R1 intelppm;Řadič procesoru Intel; C:\WOKNA\System32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 omci;OMCI WDM Device Driver; C:\WOKNA\System32\DRIVERS\omci.sys [2002-10-15 17153]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WOKNA\system32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R2 fssfltr;FssFltr; C:\WOKNA\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 aeaudio;aeaudio; C:\WOKNA\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WOKNA\System32\DRIVERS\ati2mtag.sys [2002-06-04 426752]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WOKNA\System32\DRIVERS\e1000325.sys [2002-11-12 99840]
R3 HidUsb;Ovladač třídy standardu HID; C:\WOKNA\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WOKNA\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 smwdm;smwdm; C:\WOKNA\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbprint;Třída USB Printer; C:\WOKNA\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WOKNA\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WOKNA\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WOKNA\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WOKNA\system32\DRIVERS\NetMotCM.sys []
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WOKNA\system32\drivers\NMSCFG.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WOKNA\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WOKNA\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WOKNA\System32\drivers\ws2ifsl.sys [2002-07-10 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WOKNA\system32\svchost.exe [2004-08-18 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 UMWdf;Windows User Mode Driver Framework; C:\WOKNA\system32\wdfmgr.exe [2004-08-10 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WOKNA\System32\svchost.exe [2004-08-18 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-24 72704]
S3 aspnet_state;ASP.NET State Service; C:\WOKNA\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WOKNA\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMSSvc;Intel(R) NMS; C:\WOKNA\System32\NMSSvc.exe [2002-07-30 1118208]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WOKNA\System32\TuneUpDefragService.exe [2008-01-06 306432]
-----------------EOF-----------------
MWAV log:
File C:WOKNATempwpv431254042811.exe infected by "Trojan.Proxy.MSO (DB)" Virus! Action Taken: No Action Taken.
File C:WOKNATempwpv431254042811.exe infected by "Trojan.Proxy.MSO (DB)" Virus! Action Taken: No Action Taken.
File C:Documents and SettingsOwnerNabídka StartProgramyPo spuštěníikowin32.exe infected by "Trojan.Downloader.Bredolab.AR (DB)" Virus! Action Taken: No Action Taken.
Object "look2me Adware" found in File System! Action Taken: No Action Taken.
Object "Conducent FlexPak Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "PersonalAntispy Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
File C:Documents and SettingsOwnerLocal SettingsTemp~TM208.tmp infected by "Trojan.Downloader.Bredolab.AR (DB)" Virus! Action Taken: No Action Taken.
File C:Documents and SettingsOwnerLocal SettingsTemp~TM208.tmp infected by "Trojan.Downloader.Bredolab.AR (DB)" Virus! Action Taken: No Action Taken.
File C:Documents and SettingsOwnerNabídka StartProgramyPo spuštěníikowin32.exe infected by "Trojan.Downloader.Bredolab.AR (DB)" Virus! Action Taken: No Action Taken.
File C:WOKNATempwpv301260802348.exe infected by "Trojan.Generic.3650295 (DB)" Virus! Action Taken: No Action Taken.
File C:WOKNATempwpv431254042811.exe infected by "Trojan.Proxy.MSO (DB)" Virus! Action Taken: No Action Taken.
File C:WOKNATempwpv491253926400.exe infected by "Trojan.Dropper.Kobcka.FH (DB)" Virus! Action Taken: N
MBAM log:
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org
Verze databáze: 4334
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
21.7.2010 14:54:56
mbam-log-2010-07-21 (14-54-56).txt
Typ skenu: Úplný sken (A:\|C:\|D:\|)
Skenované objekty: 299892
Uplynulý čas: 2 hodina(y), 3 minuta(y), 41 sekunda(y)
Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 6
Infikované procesy v paměti:
C:\WOKNA\Temp\wpv431254042811.exe (Trojan.Proxy) -> No action taken.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Proxy) -> No action taken.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WOKNA\Temp\wpv431254042811.exe (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~TM208.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Nabídka Start\Programy\Po spuštění\ikowin32.exe (Trojan.Agent) -> No action taken.
C:\WOKNA\Temp\wpv301260802348.exe (Trojan.Dropper) -> No action taken.
C:\WOKNA\Temp\wpv491253926400.exe (Trojan.Kobcka) -> No action taken.
C:\Documents and Settings\Owner\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
Log již vypadá čistý. Pokud by i nadále gr. ovladač vbykazoval chyby, je třeba ho přeinstalovat.