VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=109830

Stránka 1 z 1

Prosím o kontrolu logu

Napsal: 25 úno 2011 21:40
od Petr1893
Zdravím, mohu poprosit o kontrolu logu, posledních pár dnů vyskakují okna Windows Security Alert, několikrát došlo i k pádu a následné modré smrti.
Předem moc děkuji.

Log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Petr at 2011-02-25 20:00:37
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (7%) free of 20 GB
Total RAM: 1280 MB (59% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2011-01-16 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyA1.dll [2011-01-16 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2004-07-19 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-12-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-12-16 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyA1.dll [2011-01-16 3911776]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-21 1018680]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2011-01-16 3911776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe [2010-10-21 232912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]
C:\Program Files\Common Files\soft602\pdfSaver.exe [2005-08-31 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
C:\WINDOWS\system32\Ati2mdxx.exe [2010-11-26 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2010-03-18 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2009-11-25 54672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-11-25 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xmcrrgiu]
C:\DOCUME~1\Petr\LOCALS~1\Temp\ofijxtrif\hjxtwkssika.exe [2011-02-23 335360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-11-26 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-08 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\fc\Far Cry 2\bin\FarCry2.exe"="D:\fc\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\fc\Far Cry 2\bin\FC2Launcher.exe"="D:\fc\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\fc\Far Cry 2\bin\FC2Editor.exe"="D:\fc\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"D:\MOH airbone\UnrealEngine3\Binaries\MOHA.exe"="D:\MOH airbone\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"F:\Fuel war\Binaries\FFOW.exe"="F:\Fuel war\Binaries\FFOW.exe:*:Enabled:Frontlines Game"
"F:\FlatOut Ultimate Carnage\Fouc.exe"="F:\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"F:\CALL4\iw3mp.exe"="F:\CALL4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"G:\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="G:\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"
"G:\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="G:\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"G:\S.T.A.L.K.E.R. - Call of Pripyat\bin\xrEngine.exe"="G:\S.T.A.L.K.E.R. - Call of Pripyat\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Call of Pripyat (CLI)"
"G:\S.T.A.L.K.E.R. - Call of Pripyat\bin\dedicated\xrEngine.exe"="G:\S.T.A.L.K.E.R. - Call of Pripyat\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Call of Pripyat (SRV)"
"G:\Mafia II\pc\Mafia2.exe"="G:\Mafia II\pc\Mafia2.exe:*:Enabled:Mafia II"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2011-02-25 20:00:38 ----D---- C:\Program Files\trend micro
2011-02-25 20:00:37 ----D---- C:\rsit
2011-02-25 18:07:59 ----D---- C:\WINDOWS\CSC
2011-02-25 18:07:52 ----A---- C:\WINDOWS\ntbtlog.txt
2011-02-19 19:47:56 ----D---- C:\WINDOWS\Sun
2011-02-09 19:04:24 ----D---- C:\WINDOWS\Minidump
2011-02-06 20:50:44 ----D---- C:\Program Files\Microsoft Office
2011-02-06 20:50:30 ----D---- C:\Program Files\MSECache
2011-02-03 21:38:25 ----D---- C:\Documents and Settings\Petr\Data aplikací\Software602
2011-01-26 10:45:51 ----A---- C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-00531102}.BAK
2011-01-26 09:37:19 ----D---- C:\Program Files\CCleaner
2011-01-26 09:22:35 ----D---- C:\Program Files\Zrychleni Pocitace
2011-01-26 09:22:17 ----D---- C:\Documents and Settings\Petr\Data aplikací\OpenCandy
2011-01-26 09:22:16 ----D---- C:\Program Files\Tweak Me!
2011-01-26 09:20:16 ----D---- C:\OpenCandy
2011-01-26 09:13:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2011-01-26 09:10:42 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2011-01-26 09:10:41 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2011-01-26 09:10:25 ----D---- C:\Program Files\ATI
2011-01-26 09:06:18 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$

======List of files/folders modified in the last 1 months======

2011-02-25 20:00:38 ----RD---- C:\Program Files
2011-02-25 19:49:56 ----D---- C:\WINDOWS\Prefetch
2011-02-25 19:48:23 ----D---- C:\Documents and Settings\Petr\Data aplikací\ICQ
2011-02-25 19:47:00 ----D---- C:\WINDOWS\Temp
2011-02-25 19:41:59 ----SH---- C:\boot.ini
2011-02-25 19:41:59 ----A---- C:\WINDOWS\win.ini
2011-02-25 19:41:59 ----A---- C:\WINDOWS\system.ini
2011-02-25 18:07:59 ----D---- C:\WINDOWS
2011-02-25 13:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-25 12:58:18 ----D---- C:\Documents and Settings\Petr\Data aplikací\PriceGong
2011-02-24 19:07:39 ----D---- C:\Program Files\ICQ6Toolbar
2011-02-21 21:24:02 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-16 12:27:47 ----SD---- C:\Documents and Settings\Petr\Data aplikací\Microsoft
2011-02-08 21:20:25 ----D---- C:\Documents and Settings\Petr\Data aplikací\vlc
2011-02-06 20:51:14 ----SHD---- C:\WINDOWS\Installer
2011-02-06 20:50:59 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-02-06 20:50:58 ----D---- C:\WINDOWS\WinSxS
2011-02-06 20:50:57 ----RSD---- C:\WINDOWS\Fonts
2011-02-06 20:43:09 ----D---- C:\WINDOWS\system32
2011-02-06 20:43:07 ----D---- C:\Program Files\PDF
2011-02-06 20:42:28 ----D---- C:\Program Files\Common Files\soft602
2011-01-28 19:19:25 ----D---- C:\Program Files\Opera
2011-01-26 09:39:21 ----D---- C:\WINDOWS\Debug
2011-01-26 09:11:24 ----D---- C:\Program Files\ATI Technologies
2011-01-26 09:11:13 ----HD---- C:\WINDOWS\inf
2011-01-26 09:10:53 ----D---- C:\WINDOWS\system32\drivers
2011-01-26 09:10:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-01-26 09:06:33 ----D---- C:\WINDOWS\system32\mui
2011-01-26 09:06:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-26 09:06:01 ----D---- C:\Program Files\Common Files
2011-01-26 08:58:38 ----RSD---- C:\WINDOWS\assembly
2011-01-26 00:20:03 ----D---- C:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\WINDOWS\system32\drivers\aswNdis2.sys [2010-09-07 190416]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-06-06 36528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-10-24 691696]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 viasraid;viasraid; C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 77312]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 aswFW;avast! TDI Firewall driver; C:\WINDOWS\system32\drivers\aswFW.sys [2010-09-07 99792]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2010-09-07 340048]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-12-27 279712]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-12-27 25888]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-11-26 5555712]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2010-03-18 99416]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2010-03-18 511064]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2010-03-18 528472]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2010-03-18 555096]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2010-03-18 14424]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2010-03-18 566360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2010-03-18 157272]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2010-03-18 92760]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2010-03-18 798808]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2010-03-18 127576]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
S3 arbdq6wf;arbdq6wf; C:\WINDOWS\system32\drivers\arbdq6wf.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2010-03-18 99416]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2010-03-18 555096]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2010-03-18 347144]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2010-03-18 100952]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2010-03-18 100952]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2010-03-18 566360]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2010-03-18 162904]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2010-03-18 189528]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 V0260VID;Live! Cam Vista IM; C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 178913]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-08 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-08 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-11-26 614400]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 avast! Firewall;avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2010-02-12 286720]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-12-16 153376]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-01-09 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-19 136176]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-21 79360]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Prosím o kontrolu logu

Napsal: 25 úno 2011 22:30
od Rudy
Restartujte PC do nouz. režimu a dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Re: Prosím o kontrolu logu

Napsal: 25 úno 2011 22:52
od Petr1893
ComboFix zde:

ComboFix 11-02-24.05 - Petr 25.02.2011 22:42:25.1.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1280.1038 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: avast! Internet Security *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\page
c:\documents and settings\All Users\Data aplikací\page\page.ico
c:\documents and settings\All Users\Data aplikací\page\page.URL
c:\documents and settings\Petr\Data aplikací\PriceGong
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Petr\Data aplikací\PriceGong\Data\z.xml
D:\Install.exe
F:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-25 do 2011-02-25 )))))))))))))))))))))))))))))))
.

2011-02-25 19:27 . 2011-02-25 19:27 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Malwarebytes
2011-02-25 19:27 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-25 19:27 . 2011-02-25 19:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-25 19:27 . 2011-02-25 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-25 19:27 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-25 19:00 . 2011-02-25 19:00 -------- d-----w- c:\program files\trend micro
2011-02-25 19:00 . 2011-02-25 19:00 -------- d-----w- C:\rsit
2011-02-19 18:47 . 2011-02-19 18:47 -------- d-----w- c:\windows\Sun
2011-02-16 11:27 . 2011-02-16 11:27 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Identities
2011-02-06 19:50 . 2011-02-06 19:50 -------- d-----w- c:\program files\MSECache
2011-02-03 20:38 . 2011-02-16 11:32 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Software602

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-07 23:30 . 2011-01-07 23:30 1409 ----a-w- c:\windows\QTFont.for
2010-12-27 17:52 . 2010-11-25 21:13 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-27 17:52 . 2010-11-25 21:13 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-12-16 12:47 . 2010-12-16 12:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-16 12:47 . 2010-12-16 12:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

------- Sigcheck -------

[-] 2008-05-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyA1.dll" [2011-01-16 3911776]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-16 16:15 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-16 16:15 3911776 ----a-w- c:\program files\MyAshampoo\tbMyA1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyA1.dll" [2011-01-16 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-16 3911776]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA1.dll" [2011-01-16 3911776]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]
2005-08-31 15:00 49152 ----a-w- c:\program files\Common Files\soft602\pdfSaver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2010-11-26 02:34 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2010-03-18 17:17 19456 ----a-w- c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 54672 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 13:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 15:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2003-05-05 06:57 143360 -c--a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-11-25 20:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\MOH airbone\\UnrealEngine3\\Binaries\\MOHA.exe"=
"f:\\Fuel war\\Binaries\\FFOW.exe"=
"f:\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\S.T.A.L.K.E.R. - Call of Pripyat\\bin\\xrEngine.exe"=
"g:\\S.T.A.L.K.E.R. - Call of Pripyat\\bin\\dedicated\\xrEngine.exe"=

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [3.11.2010 8:58 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [3.11.2010 8:58 190416]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12.12.2003 16:49 77312]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.10.2010 20:02 691696]
S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [3.11.2010 8:59 99792]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.11.2010 8:59 340048]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.11.2010 8:59 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.11.2010 8:59 17744]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [3.11.2010 8:58 119200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.12.2010 12:02 136176]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.11.2010 19:11 246584]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [18.3.2010 19:39 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [18.3.2010 19:39 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [21.10.2010 9:09 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [18.3.2010 19:39 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [18.3.2010 19:39 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [18.3.2010 19:39 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [18.3.2010 19:39 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [18.3.2010 19:39 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [18.3.2010 19:39 566360]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [25.12.2010 10:31 178913]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-19 11:01]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-19 11:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
uInternet Settings,ProxyServer = http=127.0.0.1:18810
uInternet Settings,ProxyOverride = <local>
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-xmcrrgiu - c:\docume~1\Petr\LOCALS~1\Temp\ofijxtrif\hjxtwkssika.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-25 22:46
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1644491937-1606980848-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:31,55,88,bd,53,4b,ce,23,ef,dd,00,7a,14,95,10,49,3e,4c,77,08,c9,e3,0e,
d7,c6,32,6a,41,23,64,39,04,e4,93,3f,2f,78,cb,7c,8f,7f,b7,01,b6,25,68,4a,25,\
"??"=hex:ac,a0,97,ee,25,fb,7c,a0,2f,bd,d3,fe,26,e6,71,1f
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2011-02-25 22:48:24
ComboFix-quarantined-files.txt 2011-02-25 21:48

Před spuštěním: 1 392 447 488
Po spuštění: 1 401 999 360

- - End Of File - - E52AEC96453BD4C102B6A0232FEC07E2

Re: Prosím o kontrolu logu

Napsal: 25 úno 2011 23:12
od Rudy
Několik infikovaných položek CF smazal, zbytek logu vypadá čistý. Nastala nějaká změna?

Re: Prosím o kontrolu logu

Napsal: 25 úno 2011 23:23
od Petr1893
Vše vypadá ok, žádný problém nenastal, po restartování vše naběhlo jak má, prostě paráda.

Velice díky za pomoc a Váš čas.

Re: Prosím o kontrolu logu

Napsal: 26 úno 2011 11:09
od Rudy
Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz