VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Spouštění instalace při otevření průzkumníka

https://forum.viry.cz:443/viewtopic.php?t=112937

Stránka 1 z 2

Spouštění instalace při otevření průzkumníka

Napsal: 04 črc 2011 16:00
od fisch111
Dobrý den,

mám jeden takový problém, kdykoli když otevřu Tento počítač tak se spustí instalační služba systému windows, nic neudělá,jen se připravuje, pak spadne a opět naskočí a to asi 10x a pak mam 10x hlášku že průzkumnk windows přestal pracovat. Je velmi pravděpodobné že to způsbil jeden .rar soubor který jsem stáhl a když jsem otevřel složku s tím programem tak se spustila instalace, ale přitom soubor byl stále zabalený, po kontrole antivirem byl odhalen jako škodlivý a tak jsem ho smazal, ale teď mi to způsobuje výše zmíněný problém. Prohledával jsem zdejší fórum a dočetl se o programu proti malwaru,a tak jsem ho stáhl a provedl kontrolu, ale bylo u programu napsáno že je někdy paranoidní, tak mi poraďte prosím co smazat,nebo co jiného udělat k vyřešní mého problému.


Zde je log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Verze databáze: 7018

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

4.7.2011 16:48:46
mbam-log-2011-07-04 (16-48-42).txt

Typ: Rychlá kontrola
Kontrolované objekty: 155349
Uplynulý čas: 4 minut, 2 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 8
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Burn4Free Toolbar (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\user\AppData\Roaming\userlog.dat (Malware.Trace) -> No action taken.
c:\Windows\burn4free_toolbar_uninstaller_481.exe (Trojan.Downloader) -> No action taken.
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

Re: Spouštění instalace při otevření průzkumníka

Napsal: 04 črc 2011 18:23
od Rudy
Položky smažte. Pokud se stav nezměnil, dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: Spouštění instalace při otevření průzkumníka

Napsal: 05 črc 2011 10:33
od fisch111
Smazání těch věcí pomocí Antimalwaru nepomohlo, stáhl jsem tedy ten Combofix a spustil,chvíli pracoval, něco vymazal, ale také nepomohl, zde je jeho log:

ComboFix 11-07-03.04 - user 05.07.2011 0:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1625 [GMT 2:00]
Spuštěný z: c:\users\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\user\AppData\Roaming\Desktopicon
c:\users\user\AppData\Roaming\Desktopicon\eBay.ico
c:\users\user\AppData\Roaming\Desktopicon\uninst.exe
c:\windows\system32\jgaw400.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\windows
c:\windows\system32\windows\svchost.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-04 do 2011-07-04 )))))))))))))))))))))))))))))))
.
.
2011-07-04 23:02 . 2011-07-04 23:02 -------- d-----w- c:\users\user\AppData\Local\temp
2011-07-04 23:02 . 2011-07-04 23:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-04 22:40 . 2011-07-04 22:42 -------- d-----w- C:\32788R22FWJFW
2011-07-04 15:17 . 2011-07-04 15:17 1152 ----a-w- c:\windows\system32\windrv.sys
2011-07-04 15:17 . 2011-07-04 15:45 -------- d-----w- c:\program files\SpyNoMore
2011-07-04 14:34 . 2011-07-04 14:34 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2011-07-04 14:33 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-04 14:33 . 2011-07-04 14:33 -------- d-----w- c:\programdata\Malwarebytes
2011-07-04 14:33 . 2011-07-04 14:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-04 14:33 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-03 05:29 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BB816F9-5DA0-4C1F-B0FC-C2056E60847A}\mpengine.dll
2011-07-03 05:28 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-21 21:11 . 2011-06-21 21:11 -------- d-----w- c:\programdata\PDVD
2011-06-21 21:11 . 2011-06-21 21:11 -------- d-----w- c:\users\user\AppData\Local\MediaServer
2011-06-21 21:07 . 2011-06-21 21:15 -------- d-----w- c:\programdata\install_clap
2011-06-16 09:54 . 2011-06-16 09:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-06-16 08:54 . 2011-06-16 08:54 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-06-15 13:27 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 13:27 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 13:27 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 13:27 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 13:27 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 13:25 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-12 18:55 . 2011-06-12 18:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 08:04 . 2011-05-16 07:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 09:55 . 2010-02-28 13:25 125152 ----a-w- c:\programdata\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2011-06-16 09:54 . 2010-02-28 13:25 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-05-29 08:23 . 2009-10-14 13:19 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-29 08:23 . 2009-10-15 19:51 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-29 08:23 . 2009-10-14 13:19 280768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-29 08:21 . 2009-10-14 13:19 270904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-05-24 17:14 . 2009-10-04 18:00 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 16:57 . 2011-05-22 16:57 0 ---ha-w- c:\users\user\AppData\Local\BIT5F88.tmp
2011-05-15 19:21 . 2011-05-15 19:21 44078891 ----a-w- c:\program files\Portal.2.Update.3.exe
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2008-07-08 20:08 . 2007-12-26 20:11 1526576 ----a-w- c:\program files\install_flash_player_active_x.exe
2008-01-25 13:49 . 2008-01-25 13:48 317248 ----a-w- c:\program files\dxwebsetup.exe
2008-01-20 18:20 . 2008-01-20 18:20 4438064 ----a-w- c:\program files\burn4free_setup.exe
2008-01-20 18:14 . 2008-01-20 18:14 4398357 ----a-w- c:\program files\burn4free_setup (2).exe
2008-01-05 21:43 . 2008-01-05 21:42 13413048 ----a-w- c:\program files\Google_Earth_BZXD.exe
2007-06-01 17:31 . 2007-12-24 19:05 802816 ---h--w- c:\program files\AVCaptureVista.exe
2007-06-01 17:28 . 2007-12-24 19:04 802816 ----a-w- c:\program files\AVCapture.exe
2007-05-24 13:18 . 2007-12-24 19:04 143360 ----a-w- c:\program files\DetectTray.exe
2001-11-25 15:05 . 2001-11-25 15:05 334 ----a-w- c:\program files\layout.bin
1997-06-02 11:17 . 1997-06-02 11:17 8192 ----a-w- c:\program files\_ISDEL.EXE
1997-06-02 11:17 . 1997-06-02 11:17 11264 ----a-w- c:\program files\_SETUP.DLL
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\System32\msgsvc.dll
.
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\System32\mspmsnsv.dll
.
[-] 2008-04-14 12:00 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\System32\ntmssvc.dll
[7] 2008-01-19 . A7DFF9642D510BE1EEC6664CD0369953 . 460288 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll
[7] 2006-11-02 . 957CC0F372BB5D79C477363952276859 . 460288 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6000.16386_none_0c076ff411279f33\ntmssvc.dll
.
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\System32\srsvc.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DetectTray"="c:\program files\DetectTray.exe" [2007-05-24 143360]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-08 39408]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"NDSTray.exe"="NDSTray.exe" [BU]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-04-25 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"TV Card Remote Control Device Monitor"="c:\windows\6000RMT.exe" [2008-04-28 516096]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2008-05-30 212992]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-04-05 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-03-09 252704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-05-19 234792]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-12 1067984]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Logitech . Registrace produktu.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\OLYMPUS\DeviceDetector\DevDtct2.exe [2009-1-18 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=c:\windows\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TV Expert Schedule Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TV Expert Schedule Agent.lnk
backup=c:\windows\pss\TV Expert Schedule Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 15:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
2007-06-18 08:51 1507328 ----a-w- c:\program files\IDM\Desktop SMS\DesktopSMS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-15 20:01 133104 ----atw- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 12:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-05-25 15:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
2005-11-29 17:19 40960 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 10:02 79400 ----a-w- c:\program files\Tiskárna\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Služba Acronis Scheduler2]
2009-11-26 16:45 361976 ----a-w- c:\program files\Common Files\Acronis\Plán2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-02-19 14:00 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-11-26 16:44 5129128 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R2 pr2aqagb;Cobra 11 Drivers Auto Removal (pr2aqagb);c:\windows\system32\pr2aqagb.exe svc [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [x]
R3 EC168BDA;TVGo DVB-T02Q MCE;c:\windows\system32\DRIVERS\EC168BDA.sys [2007-05-03 67968]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 PLCMP532;PLCMP532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCMP532.sys [x]
R3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCND532.sys [2007-08-08 26656]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 TridVid;TM6000 TV Service;c:\windows\system32\DRIVERS\TridVid.sys [2007-12-24 230528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-07-09 209408]
S0 pe3aqagb;Cobra 11 Environment Driver (pe3aqagb);c:\windows\system32\drivers\pe3aqagb.sys [2008-01-28 64624]
S0 pf2aqagb;Cobra 11 File System Driver (pf2aqagb);c:\windows\system32\drivers\pf2aqagb.sys [2008-01-28 83568]
S0 ps7aqagb;Cobra 11 Synchronization Driver (ps7aqagb);c:\windows\system32\drivers\ps7aqagb.sys [2008-01-28 68216]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-04 691696]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-11-15 911680]
S1 aswSP;aswSP; [x]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [2010-10-06 34968]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/06/22 11:34];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-20 13:31 77296]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-11-15 2480048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2008-05-30 208896]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 MobaSSH1;MobaSSH;c:\windows\System32\MobaSSH.exe [2009-12-23 5862400]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2011-05-19 71664]
S2 S3DSvc32;S3D Service (Win32);c:\program files\iZ3D Driver\Win32\S3DCService.exe [2010-10-24 360960]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-11-15 160288]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 18:35]
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 18:35]
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-937315426-3473215449-1392677209-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-15 20:01]
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-937315426-3473215449-1392677209-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-15 20:01]
.
2011-06-24 c:\windows\Tasks\Norton Security Scan for user.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-18 03:14]
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{E3FE87A6-0C6D-4418-BA00-3AFA59718B23}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-AdobeBridge - (no file)
AddRemove-Call of Duty - g:\cod1\Uninstall\Unwise.exe
AddRemove-eBay Icon - c:\users\user\AppData\Roaming\Desktopicon\uninst.exe
AddRemove-FreePascal_is1 - g:\fp\unins000.exe
AddRemove-Kalender - c:\windows\Uninstall_tkexe -kalender
AddRemove-Product - E:\Counter Strike 1
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-05 01:02
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-07-05 01:07:24
ComboFix-quarantined-files.txt 2011-07-04 23:07
.
Před spuštěním: Volných bajtů: 178 212 560 896
Po spuštění: Volných bajtů: 178 148 192 256
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 045BFFC61FFFB4FD5599405E39A08987

Re: Spouštění instalace při otevření průzkumníka

Napsal: 05 črc 2011 17:53
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Collect::
c:\windows\system32\windrv.sys
c:\users\user\AppData\Local\BIT5F88.tmp
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Spouštění instalace při otevření průzkumníka

Napsal: 05 črc 2011 18:54
od fisch111
Provedl jsem co jste mi poradil a problém stále trvá, zde je tedy další log z Combofixu:

ComboFix 11-07-05.02 - user 05.07.2011 19:17:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1835 [GMT 2:00]
Spuštěný z: c:\users\user\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\user\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\users\user\AppData\Local\BIT5F88.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\user\AppData\Local\BIT5F88.tmp
c:\users\user\AppData\Roaming\Desktopicon
c:\users\user\AppData\Roaming\Desktopicon\eBay.ico
c:\users\user\AppData\Roaming\Desktopicon\uninst.exe
c:\windows\system32\jgaw400.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\windows
c:\windows\system32\windows\svchost.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-05 do 2011-07-05 )))))))))))))))))))))))))))))))
.
.
2011-07-05 17:34 . 2011-07-05 17:34 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-07-05 17:34 . 2011-07-05 17:34 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-07-05 17:34 . 2011-07-05 17:34 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-07-05 17:34 . 2011-07-05 17:34 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-07-05 17:34 . 2011-07-05 17:34 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-07-05 17:34 . 2011-07-05 17:34 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-07-05 17:34 . 2011-07-05 17:34 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-07-05 17:34 . 2011-07-05 17:34 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-07-05 17:34 . 2011-07-05 17:34 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-07-05 17:34 . 2011-07-05 17:34 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-07-05 17:34 . 2011-07-05 17:34 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-07-05 17:34 . 2011-07-05 17:34 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-07-05 17:33 . 2011-07-05 17:33 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-07-05 17:33 . 2011-07-05 17:33 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-07-05 17:33 . 2011-07-05 17:33 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-07-05 17:33 . 2011-07-05 17:33 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-07-05 17:33 . 2011-07-05 17:33 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-07-05 17:29 . 2011-07-05 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-05 10:28 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37415F54-B76B-4727-A75C-60A1D7F1086B}\mpengine.dll
2011-07-05 10:00 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-05 09:58 . 2011-07-05 17:33 -------- d-----w- c:\windows\system32\wbem\repository
2011-07-04 23:07 . 2011-07-05 09:42 -------- d-----w- c:\users\user\AppData\Local\Temp(46)
2011-07-04 15:17 . 2011-07-04 15:45 -------- d-----w- c:\program files\SpyNoMore
2011-07-04 14:34 . 2011-07-04 14:34 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2011-07-04 14:33 . 2011-07-04 14:33 -------- d-----w- c:\programdata\Malwarebytes
2011-07-04 14:33 . 2011-07-05 09:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-21 21:11 . 2011-06-21 21:11 -------- d-----w- c:\programdata\PDVD
2011-06-21 21:11 . 2011-06-21 21:11 -------- d-----w- c:\users\user\AppData\Local\MediaServer
2011-06-21 21:07 . 2011-06-21 21:15 -------- d-----w- c:\programdata\install_clap
2011-06-16 09:54 . 2011-06-16 09:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-06-16 08:54 . 2011-06-16 08:54 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-06-15 13:27 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 13:27 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 13:27 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 13:27 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 13:27 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 13:25 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-12 18:55 . 2011-06-12 18:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-05 10:05 . 2011-05-16 07:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 09:55 . 2010-02-28 13:25 125152 ----a-w- c:\programdata\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2011-06-16 09:54 . 2010-02-28 13:25 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-05-29 08:23 . 2009-10-14 13:19 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-29 08:23 . 2009-10-15 19:51 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-29 08:23 . 2009-10-14 13:19 280768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-29 08:21 . 2009-10-14 13:19 270904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-05-24 17:14 . 2009-10-04 18:00 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-15 19:21 . 2011-05-15 19:21 44078891 ----a-w- c:\program files\Portal.2.Update.3.exe
2011-05-10 12:10 . 2010-11-14 17:12 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2007-11-10 12:54 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2008-04-06 14:38 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2007-11-10 12:54 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2007-11-10 12:54 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2007-11-10 12:54 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2008-04-06 14:38 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2008-07-08 20:08 . 2007-12-26 20:11 1526576 ----a-w- c:\program files\install_flash_player_active_x.exe
2008-01-25 13:49 . 2008-01-25 13:48 317248 ----a-w- c:\program files\dxwebsetup.exe
2008-01-20 18:20 . 2008-01-20 18:20 4438064 ----a-w- c:\program files\burn4free_setup.exe
2008-01-20 18:14 . 2008-01-20 18:14 4398357 ----a-w- c:\program files\burn4free_setup (2).exe
2008-01-05 21:43 . 2008-01-05 21:42 13413048 ----a-w- c:\program files\Google_Earth_BZXD.exe
2007-06-01 17:31 . 2007-12-24 19:05 802816 ---h--w- c:\program files\AVCaptureVista.exe
2007-06-01 17:28 . 2007-12-24 19:04 802816 ----a-w- c:\program files\AVCapture.exe
2007-05-24 13:18 . 2007-12-24 19:04 143360 ----a-w- c:\program files\DetectTray.exe
2001-11-25 15:05 . 2001-11-25 15:05 334 ----a-w- c:\program files\layout.bin
1997-06-02 11:17 . 1997-06-02 11:17 8192 ----a-w- c:\program files\_ISDEL.EXE
1997-06-02 11:17 . 1997-06-02 11:17 11264 ----a-w- c:\program files\_SETUP.DLL
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 221CD1C815B8A6B79389C3F5D1018DE8 . 33792 . . [5.1.2600.5512] . . c:\windows\System32\msgsvc.dll
.
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\System32\mspmsnsv.dll
.
[-] 2008-04-14 12:00 . 023DD70573D644F3D9C8B1258A7BFD08 . 435712 . . [5.1.2400.5512] . . c:\windows\System32\ntmssvc.dll
[7] 2008-01-19 . A7DFF9642D510BE1EEC6664CD0369953 . 460288 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll
[7] 2006-11-02 . 957CC0F372BB5D79C477363952276859 . 460288 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6000.16386_none_0c076ff411279f33\ntmssvc.dll
.
[-] 2008-04-14 . 35B91147124F64AC8081A2EDB9EA4DEE . 171008 . . [5.1.2600.5512] . . c:\windows\System32\srsvc.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="TOSCDSPD.EXE" [BU]
"DetectTray"="c:\program files\DetectTray.exe" [2007-05-24 143360]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-08 39408]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
"AdobeBridge"="" [BU]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"NDSTray.exe"="NDSTray.exe" [BU]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-04-25 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"TV Card Remote Control Device Monitor"="c:\windows\6000RMT.exe" [2008-04-28 516096]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2008-05-30 212992]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-04-05 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-03-09 252704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-05-19 234792]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Logitech . Registrace produktu.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\OLYMPUS\DeviceDetector\DevDtct2.exe [2009-1-18 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=c:\windows\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TV Expert Schedule Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TV Expert Schedule Agent.lnk
backup=c:\windows\pss\TV Expert Schedule Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 15:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
2007-06-18 08:51 1507328 ----a-w- c:\program files\IDM\Desktop SMS\DesktopSMS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-15 20:01 133104 ----atw- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 12:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-05-25 15:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
2005-11-29 17:19 40960 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 10:02 79400 ----a-w- c:\program files\Tiskárna\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Služba Acronis Scheduler2]
2009-11-26 16:45 361976 ----a-w- c:\program files\Common Files\Acronis\Plán2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-02-19 14:00 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-11-26 16:44 5129128 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R2 pr2aqagb;Cobra 11 Drivers Auto Removal (pr2aqagb);c:\windows\system32\pr2aqagb.exe svc [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [x]
R3 EC168BDA;TVGo DVB-T02Q MCE;c:\windows\system32\DRIVERS\EC168BDA.sys [2007-05-03 67968]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 PLCMP532;PLCMP532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCMP532.sys [x]
R3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCND532.sys [2007-08-08 26656]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 TridVid;TM6000 TV Service;c:\windows\system32\DRIVERS\TridVid.sys [2007-12-24 230528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-07-09 209408]
S0 pe3aqagb;Cobra 11 Environment Driver (pe3aqagb);c:\windows\system32\drivers\pe3aqagb.sys [2008-01-28 64624]
S0 pf2aqagb;Cobra 11 File System Driver (pf2aqagb);c:\windows\system32\drivers\pf2aqagb.sys [2008-01-28 83568]
S0 ps7aqagb;Cobra 11 Synchronization Driver (ps7aqagb);c:\windows\system32\drivers\ps7aqagb.sys [2008-01-28 68216]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-04 691696]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-11-15 911680]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [2010-10-06 34968]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/06/22 11:34];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-20 13:31 77296]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-11-15 2480048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2008-05-30 208896]
S2 MobaSSH1;MobaSSH;c:\windows\System32\MobaSSH.exe [2009-12-23 5862400]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2011-05-19 71664]
S2 S3DSvc32;S3D Service (Win32);c:\program files\iZ3D Driver\Win32\S3DCService.exe [2010-10-24 360960]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-11-15 160288]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ASWSNX
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 18:35]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 18:35]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-937315426-3473215449-1392677209-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-15 20:01]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-937315426-3473215449-1392677209-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-15 20:01]
.
2011-06-24 c:\windows\Tasks\Norton Security Scan for user.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-18 03:14]
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{E3FE87A6-0C6D-4418-BA00-3AFA59718B23}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-05 19:38
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(500)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\System32\SyncCenter.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Acronis\Plán2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\conime.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\bsh\bin\bash.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\bsh\usr\sbin\sshd.exe
c:\windows\system32\bsh\bin\ssh.exe
c:\windows\system32\msiexec.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\RtHDVCpl.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Mouse Driver\KMConfig.exe
c:\program files\Mouse Driver\KMProcess.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2011-07-05 19:50:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-05 17:50
ComboFix2.txt 2011-07-04 23:07
.
Před spuštěním: Volných bajtů: 171 889 332 224
Po spuštění: Volných bajtů: 171 580 989 440
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 432909F83E40E864085286C3A6EA5F04
Nahr nˇ probŘhlo ŁspŘçnŘ

Re: Spouštění instalace při otevření průzkumníka

Napsal: 05 črc 2011 19:36
od Rudy
Log již vypadá OK. Zkuste obnovu systému k datu, kdy korektně fungoval.

Re: Spouštění instalace při otevření průzkumníka

Napsal: 05 črc 2011 19:51
od fisch111
To mne také napadlo a také jsem to udělal, ale ani to bohužel nefungovalo

Re: Spouštění instalace při otevření průzkumníka

Napsal: 05 črc 2011 20:25
od Rudy
Instalace čeho se spouští?

Re: Spouštění instalace při otevření průzkumníka

Napsal: 05 črc 2011 20:46
od fisch111
Ničeho, pouze ta služba se spouští a potom spadne a opět naskočí, musím to vypínat přes správce abych tam neměl 10x že windows explorer neodpovídá.

Re: Spouštění instalace při otevření průzkumníka

Napsal: 05 črc 2011 21:36
od Rudy
OK. Dám konzultaci s kolegy. Mějte strpení.

Re: Spouštění instalace při otevření průzkumníka

Napsal: 06 črc 2011 23:54
od fisch111
Tak už jste něco vykonzultovali??

Re: Spouštění instalace při otevření průzkumníka

Napsal: 07 črc 2011 09:59
od Rudy
fisch111 píše:Tak už jste něco vykonzultovali??
Bohužel se mi nikdo z kolegů neozval. Pátral jsem i přes google a nic. Napadá mne jen oprava systému systému z instal. média, nebo kontaktování podpory MS.

Re: Spouštění instalace při otevření průzkumníka

Napsal: 08 črc 2011 10:18
od Rudy
Přece jen jsem něco od kolegy sehnal. Podle jeho slov to nemusí vyjít, nicméně stojí to za pokus:
1. restart pc do nouzoveho rezimu (instalacni sluzba je zastavena) --> dvojklik na Tento pocitac --> dari se zobrazit okno nebo dojde k chybe?
2. normalni spusteni systemu --> Start --> Spustit... --> services.msc --> vyhledat a zastavit sluzbu "Instalacni sluzba systemu Windows" --> dvojklik na Tento pocitac --> vysledek???
3. znovu zaregistrovat instalacni sluzbu: pod admin uctem spustit prikazovy radek pomoci "Spustit jako spravce" --> postupne zadat:
msiexec.exe /unregister --> enter
msiexec.exe /regserver --> enter

vyzkouset dvojklik na Tento pocitac

4. zkusit opravit instalacni sluzbu:

- spustit Editor registru --> provest zalohu klice [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msiserver]
- vytvorit soubor registru s nasledujicim obsahem, spustit a pridat informace do registru --> restart pc --> dvojklik Tento pocitac

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msiserver]
"DisplayName"="@%SystemRoot%\\system32\\msimsg.dll,-27"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,\
  00,73,00,69,00,65,00,78,00,65,00,63,00,2e,00,65,00,78,00,65,00,20,00,2f,00,\
  56,00,00,00
"Description"="@%SystemRoot%\\system32\\msimsg.dll,-32"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000010
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,\
  74,00,65,00,50,00,61,00,67,00,65,00,66,00,69,00,6c,00,65,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,63,00,\
  6b,00,4d,00,65,00,6d,00,6f,00,72,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,\
  73,00,65,00,42,00,61,00,73,00,65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,\
  00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
  65,00,43,00,72,00,65,00,61,00,74,00,65,00,50,00,65,00,72,00,6d,00,61,00,6e,\
  00,65,00,6e,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,\
  00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,\
  69,00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,\
  66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,\
  00,65,00,50,00,72,00,6f,00,66,00,69,00,6c,00,65,00,53,00,69,00,6e,00,67,00,\
  6c,00,65,00,50,00,72,00,6f,00,63,00,65,00,73,00,73,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,\
  72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,\
  47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\
  72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,\
  73,00,74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,\
  00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,\
  51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,\
  00,65,00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,\
  50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,\
  00,61,00,6b,00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,00,\
  50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,\
  00,6f,00,61,00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,\
  76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
4. pod admin uctem spustit prikazovy radek pomoci "Spustit jako spravce" --> zadat: sfc /scannow --> po dokonceni/restartu pc spustit prikazovy radek --> zadat:
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt --> poslat obsah textoveho souboru z plochy

5. aktualizovat Instalacni sluzbu Windows

Re: Spouštění instalace při otevření průzkumníka

Napsal: 08 črc 2011 13:46
od fisch111
Bohužel teď nebudu několik dní u internetu, a notebook si beru s sebou,takže postup vyzkouším, a modlím se že to vyjde, ale nebudu moci podat ihned zprávu zda to vyšlo.

Re: Spouštění instalace při otevření průzkumníka

Napsal: 08 črc 2011 17:18
od Rudy
Ozvěte se, až budete mít možnost. Jsme tu stále. :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz