VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o pomoc, Avast nachází stále Win32:Malware-gen

https://forum.viry.cz:443/viewtopic.php?t=111069

Stránka 1 z 1

Prosím o pomoc, Avast nachází stále Win32:Malware-gen

Napsal: 14 dub 2011 14:00
od jaaydee
Dobrý den,
chtěl bych vás požádat o pomoc při řešení zavirovaného PC.
Zjištění problému nastalo, že nefunguje tisk až do okamžiku její reinstalace.
Při dokončování procesu přidávání nové tiskárny mě avast neustále bombarduje hlášením o nalezení viru Win32:Malware-gen v souboru

C:\WINDOWS\System32\spool\DRIVERS\W32X86\hewlett_packardhp_la99ad\UNIDRV.DLL Infekce: Win32:Malware-gen Soubor byl přesunut do truhly...
a nebo
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\unidrv.dll Infekce: Win32:Malware-gen Soubor byl přesunut do truhly...
v jiných se souborech se tato infekce zatím nenalezla...

Zkusil sem online scanery přímo souboru unidrv.dll
Online scanner Avast infekci také nalezl, ale Kaspersky nikoliv
Online scanner Esset také nic nenalezl.

Děkuji mnohokrát za pomoc.

Nový P.

přikládám log z RSIT:
------------------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by sema at 2011-04-14 14:53:42
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 25 GB (47%) free of 53 GB
Total RAM: 1014 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:53:57, on 14.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\AvAgent.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\svchost.exe
C:\Prenosy\RSIT.exe
C:\Program Files\trend micro\sema.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.kovopb/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = boss.kovopb:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Network -p hpLaserJet1150 -pn "hp LaserJet 1150" -n 0 -l 1029 -sl 120000
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPUsageTracking] "c:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe" "c:\Program Files\Hewlett-Packard\HP UT\"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2311DF65-9D1A-4DDA-94AA-90568D989633} (GDC Class) - http://192.168.1.7:6394/fjs/activex/gdc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 8053549046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8053536281
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe
O23 - Service: avast! NetAgent - ALWIL Software - C:\Program Files\Alwil Software\Avast4\AvAgent.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswWebSv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8573 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SetRefresh"=C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe [2003-11-20 525824]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-09-25 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-09-25 114688]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-09-25 94208]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]
"RoxioDragToDisc"=C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2004-01-09 868352]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"HPLJ Config"=C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe [2003-03-31 28672]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-01-08 68640]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe [2009-05-12 81000]
"hpqSRMon"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"HPUsageTracking"=c:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe [2009-10-06 30264]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-01-24 2289664]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-09-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSecurityTab"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSecurityTab"=1
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\ntvdm.exe"="C:\WINDOWS\system32\ntvdm.exe:*:Enabled:NTVDM.EXE"
"C:\Program Files\FourJs\gdcax\bin\gdc.exe"="C:\Program Files\FourJs\gdcax\bin\gdc.exe:*:Enabled:Genero Desktop Client"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Alwil Software\Avast4\AvAgent.exe"="C:\Program Files\Alwil Software\Avast4\AvAgent.exe:*:Enabled:avast! NetAgent service"
"C:\Program Files\FourJs\gdc\bin\gdc.exe"="C:\Program Files\FourJs\gdc\bin\gdc.exe:*:Enabled:Genero Desktop Client"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint01.exe"="C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe"
"C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint64.exe"="C:\HP_P2055_default_install_v6.1_ww\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe"
"C:\HP_P2055_default_install_v6.1_ww\setup\hppnicifs01.exe"="C:\HP_P2055_default_install_v6.1_ww\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe"
"C:\HP_P2055_default_install_v6.1_ww\setup\hpbtpg.exe"="C:\HP_P2055_default_install_v6.1_ww\setup\hpbtpg.exe:*:Enabled:hpbtpg.exe"
"C:\HP_P2055_default_install_v6.1_ww\setup\LaunchApp.exe"="C:\HP_P2055_default_install_v6.1_ww\setup\LaunchApp.exe:*:Enabled:launchapp.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2011-04-14 14:53:43 ----D---- C:\Program Files\trend micro
2011-04-14 14:53:42 ----D---- C:\rsit
2011-04-14 13:46:52 ----D---- C:\Program Files\ESET
2011-04-14 13:23:28 ----D---- C:\WINDOWS\LastGood
2011-04-14 10:46:56 ----D---- C:\Program Files\Common Files\Java
2011-04-14 10:46:41 ----A---- C:\WINDOWS\system32\javaws.exe
2011-04-14 10:46:41 ----A---- C:\WINDOWS\system32\javaw.exe
2011-04-14 10:46:41 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2011-04-14 14:53:49 ----D---- C:\WINDOWS\Temp
2011-04-14 14:53:43 ----RD---- C:\Program Files
2011-04-14 14:53:14 ----D---- C:\Prenosy
2011-04-14 13:23:28 ----D---- C:\WINDOWS
2011-04-14 13:19:36 ----SD---- C:\WINDOWS\Tasks
2011-04-14 13:18:28 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-14 13:17:45 ----D---- C:\WINDOWS\Prefetch
2011-04-14 13:15:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-04-14 13:09:03 ----D---- C:\WINDOWS\Minidump
2011-04-14 13:09:03 ----D---- C:\WINDOWS\Debug
2011-04-14 10:48:45 ----D---- C:\WINDOWS\system32
2011-04-14 10:46:58 ----SHD---- C:\WINDOWS\Installer
2011-04-14 10:46:57 ----HD---- C:\Config.Msi
2011-04-14 10:46:56 ----D---- C:\Program Files\Common Files
2011-04-14 10:46:38 ----D---- C:\Program Files\Java
2011-04-14 10:44:28 ----A---- C:\WINDOWS\hpntwksetup.ini
2011-04-14 10:43:15 ----D---- C:\HP_P2055_default_install_v6.1_ww
2011-04-14 10:38:40 ----HD---- C:\WINDOWS\inf
2011-04-14 10:35:15 ----D---- C:\Documents and Settings\sema\Data aplikací\ICQ
2011-04-14 06:45:02 ----D---- C:\Documents and Settings\sema\Data aplikací\d3_viewer
2011-04-04 10:00:54 ----D---- C:\scan
2011-04-01 06:20:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-31 09:58:22 ----D---- C:\Program Files\Mozilla Firefox
2011-03-29 10:29:02 ----D---- C:\Program Files\ICQ7.2
2011-03-24 10:00:32 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-22 07:37:24 ----D---- C:\Documents and Settings\sema\Data aplikací\HpUpdate

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-05-13 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-05-13 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-05-13 51376]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-03-08 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-03-08 9464]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2004-01-09 259200]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-01-09 118409]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2004-01-09 213120]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-05-13 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-05-13 94032]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-01-09 21993]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-09-25 1109568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-21 4399104]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-05-13 23152]
S3 DualCoreCenter;DualCoreCenter; \??\C:\BIOSTOOLS\NTGLM7X.sys []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys []
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys []
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-01-09 22745]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 OlyCamComm;OLYMPUS USB Communication Device; C:\WINDOWS\system32\DRIVERS\OlyCamComm.sys [2009-09-14 21648]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\aswServ.exe [2009-05-12 138680]
R2 avast! NetAgent;avast! NetAgent; C:\Program Files\Alwil Software\Avast4\AvAgent.exe [2009-05-12 52160]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-05-13 18752]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe [2009-05-12 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\aswWebSv.exe [2009-05-12 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Prosím o pomoc, Avast nachází stále Win32:Malware-gen

Napsal: 14 dub 2011 14:30
od jaaydee
Tak to vypadá, že je to planý poplach, ale divný je, že u originálnáho unidrv.dll z xp sp3 to avast nedělá, mohl by mě někdo 100% potvrdit že jde o planý poplach?

Děkuji.
Antivirus results
AhnLab-V3 - 2011.04.14.00 - 2011.04.14 - -
AntiVir - 7.11.6.108 - 2011.04.14 - -
Antiy-AVL - 2.0.3.7 - 2011.04.14 - -
Avast - 4.8.1351.0 - 2011.04.14 - -
Avast5 - 5.0.677.0 - 2011.04.14 - -
AVG - 10.0.0.1190 - 2011.04.14 - -
BitDefender - 7.2 - 2011.04.14 - -
CAT-QuickHeal - 11.00 - 2011.04.14 - -
ClamAV - 0.97.0.0 - 2011.04.14 - -
Commtouch - 5.2.11.5 - 2011.04.14 - -
Comodo - 8340 - 2011.04.14 - -
DrWeb - 5.0.2.03300 - 2011.04.14 - -
eSafe - 7.0.17.0 - 2011.04.13 - -
eTrust-Vet - 36.1.8271 - 2011.04.14 - -
F-Prot - 4.6.2.117 - 2011.04.13 - -
Fortinet - 4.2.257.0 - 2011.04.14 - -
GData - 22 - 2011.04.14 - -
Ikarus - T3.1.1.103.0 - 2011.04.14 - -
Jiangmin - 13.0.900 - 2011.04.13 - -
K7AntiVirus - 9.96.4382 - 2011.04.13 - -
Kaspersky - 7.0.0.125 - 2011.04.14 - -
McAfee - 5.400.0.1158 - 2011.04.14 - -
McAfee-GW-Edition - 2010.1D - 2011.04.14 - -
Microsoft - 1.6702 - 2011.04.14 - -
NOD32 - 6040 - 2011.04.14 - -
Norman - 6.07.07 - 2011.04.13 - -
Panda - 10.0.3.5 - 2011.04.14 - -
PCTools - 7.0.3.5 - 2011.04.14 - -
Prevx - 3.0 - 2011.04.14 - -
Rising - 23.53.03.06 - 2011.04.14 - -
Sophos - 4.64.0 - 2011.04.14 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.04.14 - -
Symantec - 20101.3.2.89 - 2011.04.14 - -
TheHacker - 6.7.0.1.173 - 2011.04.13 - -
TrendMicro - 9.200.0.1012 - 2011.04.14 - -
TrendMicro-HouseCall - 9.200.0.1012 - 2011.04.14 - -
VBA32 - 3.12.16.0 - 2011.04.13 - -
VIPRE - 9013 - 2011.04.14 - -
ViRobot - 2011.4.14.4410 - 2011.04.14 - -
VirusBuster - 13.6.304.0 - 2011.04.14 - -
File info:
MD5: 3ed75d2f9140380a6c6ce92c4f398376
SHA1: 693f1069dee693ffcdfe5eff20194ff70c2898e1
SHA256: f384662941a6fc36a28cd5ce41c25c91b447d590944396508ea6b52890c69d3c
File size: 373248 bytes
Scan date: 2011-04-14 13:21:43 (UTC)

Re: Prosím o pomoc, Avast nachází stále Win32:Malware-gen

Napsal: 14 dub 2011 14:41
od cernohous13
Jedná se zřejmě o planý poplach.
Dej ho v Avastu do výjimek (Nastavení -> Výjimky)

Re: Prosím o pomoc, Avast nachází stále Win32:Malware-gen

Napsal: 14 dub 2011 14:53
od cernohous13
I když podle tohoto
http://translate.google.cz/translate?hl ... rmd%3Divns
Velikost souboru: 364.5K 364.5K X86/X64: X86/x64: X86 X86
更新时间: Aktualizováno: 2011-2-22 8:33:07 2011-2-22 8:33:07 文件MD5: Soubor MD5: 3ED75D2F9140380A6C6CE92C4F398376 3ED75D2F9140380A6C6CE92C4F398376
文件版本: Verze souboru: 6.0.6001.22127 (vistasp1_ldr.080302-0124) 6.0.6001.22127 (vistasp1_ldr.080302-0124)
文件描述: Soubor Popis: Unidrv Printer Driver Unidrv ovladače tiskárny
by se mělo jednat o driver pro Visty :o

Re: Prosím o pomoc, Avast nachází stále Win32:Malware-gen

Napsal: 15 dub 2011 06:43
od jaaydee
ok děkuji za pomoc, budu to považovat za planý poplach a dám ty soubory do vyjímek a uvidíme co se bude dít dál :)

Re: Prosím o pomoc, Avast nachází stále Win32:Malware-gen

Napsal: 15 dub 2011 06:55
od cernohous13
VT nic nenašel (ani jeho Avasty) a jestli ti tiskárna normálně funguje, tak snad OK
kdyby byly problémy - víš kde nás najdeš :wink:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz