VIRY.CZ

Minuly tyden po aktualizaci Skypu prestalo fungovat prihlasovani do Skype site. Skype se pokousi cca pul hodiny neuspesne prihlasit, behem teto operace nejde korektne ukoncit (pouze nasilnym ukoncenim sluzby). Provedl jsem vycisteni registru, smazani Skype uzivatelskeho profilu a kompletne reinstaloval Skype... Skype stale nefungoval. Cca po 3 dnech zacal nahodne padat flash player pri prehravani nekterych videi, situace se stale zhorsovala. Dnes jiz nelze prehrat s flashem ani zadny klip z Youtube. Flash kompletne preinstalovan, vysledek stejny. Firefoxx se velmi vyrazne zpomalil...Projel jsem PC Avastem a Spybotem, nenalezena zadna infekce. Chovani PC je ovsem krajne divne, nikdy takto nestabilni nebylo. Zde je log z RSIT...

Dekuji za rady....

*****************************************

Logfile of random's system information tool 1.08 (written by random/random)
Run by Tom at 2011-02-01 20:30:07
Microsoft Windows 7 Professional N
System drive C: has 39 GB (46%) free of 84 GB
Total RAM: 2015 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:30:44, on 1.2.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Visual Studio 10.0\VC\vcpackages\VCPkgSrv.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft Visual Studio 10.0\Common7\ide\mspdbsrv.exe
C:\Program Files\Microsoft Visual Studio 10.0\VC\vcpackages\VCPkgSrv.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Tomas\Install\RSIT.exe
C:\Program Files\trend micro\Tomas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.natur.cuni.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tomas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcGIS License Manager - Macrovision Corporation - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BlackfishSQL - CodeGear - C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\Windows\system32\hasplms.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

--
End of file - 6742 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3670292235-2929916707-459100698-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3670292235-2929916707-459100698-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDA57003-0068-4ed2-9D32-4D1EC707D94D}]
Microsoft Web Test Recorder 10.0 Helper - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19 61360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-01-03 15028104]
"Google Update"=C:\Users\Tomas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-17 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2011-02-01 20:30:08 ----D---- C:\Program Files\trend micro
2011-02-01 20:30:07 ----D---- C:\rsit
2011-01-31 22:13:26 ----D---- C:\Users\Tomas\AppData\Roaming\vlc
2011-01-31 21:00:36 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-01-31 21:00:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-01-29 20:11:07 ----D---- C:\Users\Tomas\AppData\Roaming\skypePM
2011-01-29 16:14:37 ----D---- C:\Program Files\Common Files\Skype
2011-01-29 16:14:32 ----D---- C:\Users\Tomas\AppData\Roaming\Skype
2011-01-12 18:14:31 ----A---- C:\Windows\system32\odbc32.dll

======List of files/folders modified in the last 1 months======

2011-02-01 20:30:31 ----D---- C:\Windows\Temp
2011-02-01 20:30:20 ----D---- C:\Windows\Prefetch
2011-02-01 20:30:08 ----RD---- C:\Program Files
2011-02-01 15:44:23 ----D---- C:\Windows\system32\config
2011-02-01 15:34:02 ----SHD---- C:\System Volume Information
2011-02-01 09:45:29 ----D---- C:\Windows
2011-01-31 23:29:53 ----D---- C:\Windows\debug
2011-01-31 23:20:07 ----D---- C:\Windows\Tasks
2011-01-31 23:20:07 ----D---- C:\Windows\system32\Tasks
2011-01-31 22:59:54 ----D---- C:\Users\Tomas\AppData\Roaming\Nokia
2011-01-31 21:00:36 ----HD---- C:\ProgramData
2011-01-31 19:34:45 ----D---- C:\Users\Tomas\AppData\Roaming\AIMP
2011-01-30 10:08:13 ----SHD---- C:\Config.Msi
2011-01-29 23:07:01 ----SHD---- C:\Windows\Installer
2011-01-29 16:14:50 ----RD---- C:\Program Files\Skype
2011-01-29 16:14:37 ----D---- C:\Program Files\Common Files
2011-01-29 16:11:09 ----D---- C:\Windows\System32
2011-01-26 21:36:30 ----D---- C:\ProgramData\Skype
2011-01-26 00:04:25 ----D---- C:\Qt
2011-01-25 20:48:18 ----D---- C:\ProgramData\Microsoft Help
2011-01-22 22:46:05 ----D---- C:\ProgramData\Embarcadero
2011-01-21 22:38:24 ----D---- C:\Windows\system32\catroot2
2011-01-21 22:38:24 ----D---- C:\Windows\system32\catroot
2011-01-21 22:38:22 ----D---- C:\Windows\winsxs
2011-01-17 23:32:02 ----D---- C:\Windows\system32\NDF
2011-01-13 09:47:32 ----A---- C:\Windows\system32\aswBoot.exe
2011-01-13 00:42:11 ----A---- C:\Windows\system32\MRT.exe
2011-01-09 11:36:46 ----D---- C:\Program Files\Opera
2011-01-06 00:27:17 ----D---- C:\Users\Tomas\AppData\Roaming\codeblocks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-01-14 691696]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 aksfridge;HASP Fridge; C:\Windows\system32\DRIVERS\aksfridge.sys [2009-01-16 352256]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2009-07-09 587776]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2008-07-26 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2008-07-26 2570520]
R3 SNTNLUSB;SafeNet USB SuperPro/UltraPro; C:\Windows\system32\DRIVERS\SNTNLUSB.SYS [2006-03-14 28216]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 ak6qlzo9;ak6qlzo9; C:\Windows\system32\drivers\ak6qlzo9.sys []
S3 akshasp;Aladdin HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2009-03-13 238208]
S3 akshhl;Aladdin HASP HL Key; C:\Windows\system32\DRIVERS\akshhl.sys [2007-07-23 46336]
S3 aksusb;Aladdin USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2009-06-22 16384]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 VSPerfDrv100;Performance Tools Driver 10.0; \??\C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ArcGIS License Manager;ArcGIS License Manager; C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe [2008-01-11 1372160]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 BlackfishSQL;BlackfishSQL; C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [2009-11-18 65536]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 hasplms;HASP License Manager; C:\Windows\system32\hasplms.exe [2009-04-21 2869760]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-17 135664]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-15 655624]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-04 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

A po skonceni testu prestal fungovat zvuk pri prehravani videa

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Temer Kompletní test (Dalsi disk zitra). Neco nasel...

alwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5655

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1.2.2011 23:39:12
mbam-log-2011-02-01 (23-38-47).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 476553
Uplynulý čas: 2 hodin, 8 minut, 15 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\Tomas\documents\netbeansprojects\cppapplication_1\dist\Debug\mingw-windows\cppapplication_1.exe (Trojan.Oficla) -> No action taken.
c:\Users\Tomas\documents\netbeansprojects\cppapplication_2\dist\Debug\mingw-windows\cppapplication_2.exe (Trojan.Oficla) -> No action taken.
d:\Tomas\ac-gsk61.kkk.jpg (Extension.Mismatch) -> No action taken.

justik píše:Kompletní test:

Hlavně potřebuji vědět, co obsahuje.

Kompletni sken systemu:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 5655

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2.2.2011 22:50:14
mbam-log-2011-02-02 (22-50-14).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 711792
Uplynulý čas: 2 hodin, 29 minut, 19 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 5

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
d:\To\dline.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
d:\To\dline.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
d:\To\k3.exe (Trojan.Oficla) -> Quarantined and deleted successfully.
d:\HTML\HTML\HTML\nfoviewer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\To\Install\\gen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Skype porad nefunguje, Flash stale pada...

OK. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Po hodine a pul cinnosti ComboFixu jsem musel restartovat PC. Opakovano 2x se stejnym vysledkem.... Co delat dal?

Je normalni takto dlouha doba programu ComboFix? Manual uvadi 10-20 minut...

Zkuste to v nouz. režimu.

Stejný výsledek. Po hodine jsem musel PC nasilne vypnout... Dioda HDD obcas problikne (1x za 2s). Onen combo fix je pomerne zvlastni kus SW. Nelze minimalizovat, ukoncit, sestrelit v task baru. Programatorsky dost zvlastni reseni.

justik píše:Stejný výsledek. Po hodine jsem musel PC nasilne vypnout... Dioda HDD obcas problikne (1x za 2s). Onen combo fix je pomerne zvlastni kus SW. Nelze minimalizovat, ukoncit, sestrelit v task baru. Programatorsky dost zvlastni reseni.

Je takto programován úmyslně, jde o odvirovací utilitu se zvláštním režimem, která při odstřelení za chodu může způsobit znefunkčnění systému. Ve vašem případě je buď poškozený systém, nebo se tam skrývá něco, co znemožňuje chod CF. Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

Nemuze jeho beh ovlivnit nainstalovany Spybot? V kazdem pripade mi pouzivani ComboFix neprijde 2x bezpecne... Po nasilnem ukonceni nastaly problemy s nabootovani, stalo me to trochu usili...

Nemuze jeho beh ovlivnit nainstalovany Spybot?

Teoreticky ano. Také by mohlo jiít o nepovedenou aktualizaci.

V kazdem pripade mi pouzivani ComboFix neprijde 2x bezpecne...

Každé odvirování nese sebou jisté riziko pádu systému. V podpisu mám na to upozornění. ComboFix dokáže ze systému dostat nákazu, které se nelze jiným způsobem zbavit.

Log Kaspersky...
Flash zacal fungovat, Skype stale nefunguje

Automatická kontrola: dokončeno před 15 min. (události: 32, objekty: 3833944, čas: 1 den 06:10:10)
4.2.2011 9:07:13 Úloha byla spuštěna
4.2.2011 18:52:21 Zjištěno: http://www.viruslist.com/cz/advisories/39036 C:\Program Files\IrfanView\i_view32.exe
4.2.2011 18:52:56 Zjištěno: http://www.viruslist.com/cz/advisories/41791 C:\Program Files\Java\jdk1.6.0_17\bin\javac.exe
4.2.2011 19:39:13 Zjištěno: http://www.viruslist.com/cz/advisories/43023 C:\Program Files\Opera\opera.exe
4.2.2011 19:39:46 Zjištěno: http://www.viruslist.com/cz/advisories/41197 C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
5.2.2011 11:23:15 Zjištěno: Trojan.Win32.Genome.qghq D:\Install\TextAloud_v2.292.rar.part/TextAloud v2.292/KG/keygen.exe
5.2.2011 11:24:53 Odstraněno: Trojan.Win32.Genome.qghq D:\Install\TextAloud_v2.292.rar.part
5.2.2011 11:31:11 Zjištěno: http://www.viruslist.com/cz/advisories/41435 D:\Install\Acrobat\Adobe Acrobat 8.0\CZ\Acrobat\ExLang32.CZE
5.2.2011 13:53:00 Zjištěno: Trojan-Downloader.Win32.Agent.cnh D:\Posta\Local Folders\Inbox/[From "Josue Mansfield" <happy.davie@ks-elteknik.dk>][Date 29 Aug 2007 13:29:38][Subj Hot pictures]/game.zip/game.exe
5.2.2011 13:53:20 Zjištěno: Packed.Win32.Krap.x D:\Posta\Local Folders\Junk/[From <canaanrb@seaviewgroup.org>][Date 8 Jan 2010 01:41:58][Subj MySpace Password Reset Confirmation!]/MySpace_document_45354.zip/MySpace_document_45354.exe
5.2.2011 13:53:48 Zjištěno: Trojan-Downloader.Win32.Agent.cnh D:\Posta\Inbox/[From "Josue Mansfield" <happy.davie@ks-elteknik.dk>][Date 29 Aug 2007 13:29:38][Subj Hot pictures]/game.zip/game.exe
5.2.2011 14:31:19 Zjištěno: Trojan-Downloader.Win32.Agent.cnh D:\Posta\Local Folders\Inbox/[From "Vernon Gary" <pavla.davie@manoir-victoria.com>][Date 29 Aug 2007 13:29:38][Subj Something hot]/game.zip/game.exe
5.2.2011 14:32:41 Zjištěno: Trojan-Downloader.Win32.Agent.cnh D:\Posta\Inbox/[From "Vernon Gary" <pavla.davie@manoir-victoria.com>][Date 29 Aug 2007 13:29:38][Subj Something hot]/game.zip Podle hodnoty hash
5.2.2011 14:33:11 Odstraněno: Packed.Win32.Krap.x D:\Posta\Local Folders\Junk
5.2.2011 14:34:01 Zjištěno: Trojan-Downloader.Win32.Agent.hzc D:\Posta\Local Folders\Inbox/[From "Ernesto Mccann" <nikita.danby@zid.tuwien.ac.at>][Date 25 Jan 2008 21:14:44][Subj Sensation]/video.zip/video.scr
5.2.2011 14:34:01 Zjištěno: Trojan-Downloader.Win32.Agent.hzc D:\Posta\Local Folders\Inbox/[From "Berta Figueroa" <tahlia.davidson@jcblik.dk>][Date 25 Jan 2008 21:15:08][Subj Sensation]/video.zip Podle hodnoty hash
5.2.2011 14:36:35 Zjištěno: Trojan-Downloader.Win32.Agent.hzc D:\Posta\Inbox/[From "Ernesto Mccann" <nikita.danby@zid.tuwien.ac.at>][Date 25 Jan 2008 21:14:44][Subj Sensation]/video.zip/video.scr
5.2.2011 14:36:49 Zjištěno: Trojan-Downloader.Win32.Agent.hzc D:\Posta\Inbox/[From "Berta Figueroa" <tahlia.davidson@jcblik.dk>][Date 25 Jan 2008 21:15:08][Subj Sensation]/video.zip Podle hodnoty hash
5.2.2011 14:38:32 Zjištěno: Trojan-Dropper.Win32.Agent.slh D:\Posta\Local Folders\Inbox/[From "Ora Slaughter" <glorinda.davie@kotzian.de>][Date 9 Jun 2008 11:10:15][Subj Paris Hilton]/xcard.zip/xcard.scr
5.2.2011 14:38:48 Zjištěno: Packed.Win32.PolyCrypt.m D:\Posta\Local Folders\Inbox/[From "Lottchen peuker " <mkwwq@boleyandmckellar.com>][Date 23 Jun 2008 21:49:22][Subj Lastschrift]/Rechnung.rar/Rechnung.exe/QuickPack/PE_Patch.PECompact/PecBundle/PECompact
5.2.2011 14:39:05 Zjištěno: Packed.Win32.Katusha.a D:\Posta\Local Folders\Inbox/[From "Faustino Lake" <hkwoxuta@bonaschina.com>][Date 4 Aug 2008 08:29:16][Subj N 87172925 Rechnung]/REC719271.zip/REC719271.exe
5.2.2011 14:39:43 Odstraněno: Trojan-Downloader.Win32.Agent.hzc D:\Posta\Inbox
5.2.2011 14:41:11 Zjištěno: Trojan-Spy.Win32.Goldun.ayt D:\Posta\Local Folders\Inbox/[From "123greetings.com" <overton@esolutioncenter.net>][Date 18 Sep 2008 10:44:33][Subj You have received an eCard]/e-card.zip/e-card.exe
5.2.2011 15:00:54 Zjištěno: Packed.Win32.Krap.x D:\Posta\Local Folders\Inbox/[From <canaanrb@seaviewgroup.org>][Date 8 Jan 2010 01:41:58][Subj MySpace Password Reset Confirmation!]/MySpace_document_45354.zip/MySpace_document_45354.exe
5.2.2011 15:02:24 Zjištěno: Trojan.Win32.FraudPack.amxs D:\Posta\Local Folders\Inbox/][Date 1 Mar 2010 10:09:01][Subj A new settings file for the has just be]/settings.zip/settings.exe
5.2.2011 15:02:24 Zjištěno: Trojan.Win32.FraudPack.amxs D:\Posta\Local Folders\Inbox/[][Date 1 Mar 2010 12:02:06][Subj A new settings file for the ]/settings.zip Podle hodnoty hash
5.2.2011 15:02:58 Zjištěno: Trojan.Win32.FraudPack.aown D:\Posta\Local Folders\Inbox/[][Date 20 Mar 2010 11:33:12][Subj A new settings file for the ]/settings.zip/settings.exe
5.2.2011 15:08:03 Odstraněno: Trojan.Win32.FraudPack.aown D:\Posta\Local Folders\Inbox
5.2.2011 15:15:54 Zjištěno: http://www.viruslist.com/cz/advisories/43023 C:\Program Files\Opera\opera.exe
5.2.2011 15:15:59 Zjištěno: http://www.viruslist.com/cz/advisories/39036 C:\Program Files\IrfanView\i_view32.exe
5.2.2011 15:16:02 Zjištěno: http://www.viruslist.com/cz/advisories/41197 C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
5.2.2011 15:17:24 Úloha byla dokončena

AVP smazal, co mohl. Zkuste Skype reinstalovat.