VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Kontrola logu

https://forum.viry.cz:443/viewtopic.php?t=116888

Stránka 1 z 1

Kontrola logu

Napsal: 09 lis 2011 23:31
od djspa
Zdravím, noťas je už nějakou dobu pěkně zasekanej. Nejde nainstalovat ani AVG. Když se o to pokouším, tak těsně před dokončením instalace se PC zrestartuje, naběhne nouzový režim asi na 5sekund a pak se zase zrestartuje do normálního režimu. Tak fakt nevím .. Přikládám log.
Windows Vista SP 2 (build 6002)
Boot Mode: Normal
Microsoft files verification: Yes
Whitelist: Yes
Internet Explorer v9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
Log generated:9.11.2011 23:26:23
================================================================

Running processes
================================================================

C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\STWRT.INF_AE0B52E0\STACSV.EXE
(rootkit?) audiodg.exe
C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\STWRT.INF_AE0B52E0\AESTSRV.EXE
C:\WINDOWS\UPDATE.7.1\SVCHOSTDRIVER.EXE
C:\PROGRAM FILES\INTEL\INTEL MATRIX STORAGE MANAGER\IAANTMON.EXE
C:\WINDOWS\UPDATE.5.0\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\WLTRAY.EXE
C:\PROGRAM FILES\IDT\WDM\STTRAY.EXE
C:\WINDOWS\UPDATE.2\SVCHOST.EXE
C:\WINDOWS\UPDATE.5.0\SVCHOST.EXE
C:\WINDOWS\SYSDRIVER32.EXE
C:\WINDOWS\UPDATE.1\SVCHOST.EXE
C:\WINDOWS\UPDATE.2\SVCHOST.EXE
C:\WINDOWS\UPDATE.2\SVCHOST.EXE
C:\WINDOWS\UPDATE.2\SVCHOST.EXE
C:\WINDOWS\UPDATE.2\SVCHOST.EXE
C:\WINDOWS\UPDATE.2\SVCHOST.EXE
C:\WINDOWS\UPDATE.7.1\SVCHOSTDRIVER.EXE

Scanner
================================================================
[S] svchost.exe
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]

[S] svchost.exe
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]

[S] svchost.exe
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]

[S] svchost.exe
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]

[S] svchost.exe
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]

[?] stacsv.exe
Non Microsoft in System32:
EntryPoint in section: .RSRC
|_ Section count: 4
No window
File 70%

[?] audiodg.exe
Open Process failed
ROOTKIT? Hidden path
Startup entry HKCU Run [Meebo Notifier]
Can not open
No window

[S] svchost.exe
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]

[S] SLsvc.exe
EntryPoint in section: .TEXT
|_ Section count: 5

[S] svchost.exe
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]

[S] svchost.exe
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]

[?] WLTRYSVC.EXE
Without manufacturer in System32
EntryPoint in section: .RSRC
|_ Section count: 4
No window
File 100%

[?] BCMWLTRY.EXE
Non Microsoft in System32:
EntryPoint in section:
|_ Section count: 5
Module faked path: (03F70000) [DLL] ?
No window
File 70%

[S] svchost.exe
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]

[?] AEstSrv.exe
Non Microsoft in System32:
EntryPoint in section: .RSRC
|_ Section count: 4
No window
File 70%

[S] svchost.exe
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]

[?] svchostdriver.exe
Without manufacturer
EntryPoint in section: .RSRC
|_ Section count: 3
No window
File 100%

[?] IAANTmon.exe
EntryPoint in section: .RSRC
|_ Section count: 4
No window
File 70%

[S] svchost.exe
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]

[?] svchost.exe
Without manufacturer
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]
EntryPoint in section: .RSRC
|_ Section count: 3
No window
File 100%

[S] explorer.exe
Startup entry HKLM Winlogon [Shell]

[R] SynTPEnh.exe
Startup entry HKLM Run [SynTPEnh]

[R] IAAnotif.exe
Startup entry HKLM Run [IAAnotif]

[?] WLTRAY.EXE
Non Microsoft in System32:
Startup entry HKLM Run [Broadcom Wireless Manager UI]
EntryPoint in section:
|_ Section count: 5
Module faked path: (04760000) [DLL] ?
File 14%

[?] sttray.exe
Startup entry HKLM Run [SysTrayApp]

[R] hkcmd.exe
Startup entry HKLM Run [HotKeysCmds]

[?] svchost.exe
Without manufacturer
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]
EntryPoint in section: .RSRC
|_ Section count: 3
No window
File 100%

[R] igfxpers.exe
Startup entry HKLM Run [Persistence]

[?] svchost.exe
Without manufacturer
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]
EntryPoint in section: .RSRC
|_ Section count: 3
No window
File 100%

[?] sysdriver32.exe
Without manufacturer
Startup entry HKLM Run [sysdriver32.exe]
EntryPoint in section: .RSRC
|_ Section count: 3
No window
File 100%

[S] svchost.exe
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]

[S] svchost.exe
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]

[?] svchost.exe
Without manufacturer
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]
EntryPoint in section: CODE
|_ Section count: 8
No window
File 100%

[?] svchost.exe
Without manufacturer
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]
EntryPoint in section: .RSRC
|_ Section count: 3
No window
File 100%

[S] conime.exe
EXE path hidden:

[?] svchost.exe
Without manufacturer
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]
EntryPoint in section: .RSRC
|_ Section count: 3
No window
File 100%

[?] svchost.exe
Without manufacturer
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]
EntryPoint in section: .RSRC
|_ Section count: 3
No window
File 100%

[S] svchost.exe
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]

[?] svchost.exe
Without manufacturer
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]
EntryPoint in section: .RSRC
|_ Section count: 3
No window
File 100%

[?] svchost.exe
Without manufacturer
Same names, different path: SVCHOST.EXE X SVCHOST.EXE
Startup entry HKLM Run [tray_ico0]
EntryPoint in section: .RSRC
|_ Section count: 3
No window
File 100%

[?] svchostdriver.exe
Without manufacturer
EntryPoint in section: .RSRC
|_ Section count: 3
No window
File 100%


Startup
================================================================

HKCU Run
|_ (File not found)
|_ [R][Meebo Notifier] C:\Users\Terezka\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe /startup

HKLM Run
|_ [?][Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
|_ [?][SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
|_ [?][NetSoftware] C:\Program Files\NetSoftware\Starter.exe /path=C:\Program Files\NetSoftware
|_ [X][wxpdrv] C:\Windows\services32.exe (File not found)
|_ [X][tray_ico] (File not found)
|_ [X][tray_ico3] (File not found)
|_ [X][tray_ico4] (File not found)
|_ [X][sysdriver32.exe] C:\Windows\sysdriver32.exe rezerv
|_ [X][sysdriver32_.exe] C:\Windows\sysdriver32_.exe rezerv
|_ [X][systemup] C:\Windows\systemup.exe stand
|_ [X][AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (File not found)
|_ [X][vProt] C:\Program Files\AVG Secure Search\vprot.exe (File not found)
|_ [X][tray_ico0] C:\Windows\update.tray-12-0\svchost.exe
|_ [X][tray_ico1] C:\Windows\update.tray-15-0\svchost.exe
|_ [X][tray_ico2] C:\Windows\update.tray-7-0\svchost.exe

HKLM ShellServiceObjectDelayLoad
|_ [X][WebCheck] (File not found)

HKLM IC
|_ [X][>{8EC60D16-B729-440C-8461-B2CC7B05CD48}] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (File not found)
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll

HKCU Winlogon
|_ [X][Shell] C:\Users\Terezka\AppData\Local\871d7eb0\X (File not found)

HKLM Winlogon Notify
|_ [?][igfxcui] C:\Windows\system32\igfxdev.dll


HKLM BHO
|_ [X][{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] C:\Program Files\AVG\AVG2012\avgssie.dll (File not found)
|_ [X][{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (File not found)
|_ [X][{95B7759C-8C7F-4BF1-B163-73684A933233}] C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll (File not found)

HKCU IE WebBrowser Toolbar
|_ [X][{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}] (File not found)

HKLM IE Toolbar
|_ [X][{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (File not found)
|_ [X][{95B7759C-8C7F-4BF1-B163-73684A933233}] C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll (File not found)

Services (Display running: True, Display stopped: False, Display safe: False)
================================================================
[!] Andrea ST Filters Service
|_ Path: C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
| |_ Manufacturer: Andrea Electronics Corporation
| |_ Description: Andrea filters APO access service (32-bit)
| |_ MD5: B6F50874603195D489A19BDA8F76B77E
|
|_ Name: AESTFilters
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:

[X] AVGIDSAgent
|_ Path: C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
| |_ Manufacturer:
| |_ Description:
| |_ MD5:
|
|_ Name: AVGIDSAgent
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Stopped
|_ Type: Win32 Own Process
|_ Dependency: AVGIDSDriver

[X] AVG WatchDog
|_ Path: C:\Program Files\AVG\AVG2012\avgwdsvc.exe
| |_ Manufacturer:
| |_ Description:
| |_ MD5:
|
|_ Name: avgwd
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Stopped
|_ Type: Win32 Own Process
|_ Dependency:

[X] ddservice
|_ Path: C:\Windows\update.7.1\svchostdriver.exe
| |_ Manufacturer:
| |_ Description:
| |_ MD5: B1281CF39FCF53039D50E2A6DF6A92B1
|
|_ Name: ddservice
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:

[X] Intel(R) PROSet/Wireless Event Log
|_ Path: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
| |_ Manufacturer:
| |_ Description:
| |_ MD5:
|
|_ Name: EvtEng
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Stopped
|_ Type: Win32 Own Process
|_ Dependency: RPCSS

[!] Intel(R) Matrix Storage Event Monitor
|_ Path: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
| |_ Manufacturer: Intel Corporation
| |_ Description: RAID Monitor
| |_ MD5: BDCF736CFD6FC6A1626534B2DD6A8A3A
|
|_ Name: IAANTMON
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:

[X] Intel(R) PROSet/Wireless Registry Service
|_ Path: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
| |_ Manufacturer:
| |_ Description:
| |_ MD5:
|
|_ Name: RegSrvc
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Stopped
|_ Type: Win32 Own Process
|_ Dependency: RPCSS

[X] srvbtcclient
|_ Path: C:\Windows\update.5.0\svchost.exe
| |_ Manufacturer:
| |_ Description:
| |_ MD5: 7239EC83623A79E68BC1D89AB248A40E
|
|_ Name: srvbtcclient
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:

[X] srviecheck
|_ Path: C:\Windows\update.2\svchost.exe
| |_ Manufacturer:
| |_ Description:
| |_ MD5: CBA6EB6664D48FF24CBF718F96A8CDF0
|
|_ Name: srviecheck
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:

[X] srvsysdriver32
|_ Path: C:\Windows\sysdriver32.exe
| |_ Manufacturer:
| |_ Description:
| |_ MD5: D73F6E768141D5F5F30B9D1FA83750C1
|
|_ Name: srvsysdriver32
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:

[!] Audio Service
|_ Path: C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
| |_ Manufacturer: IDT, Inc.
| |_ Description: IDT PC Audio
| |_ MD5: 90BE96FB2EEB68DA94A406715520FF68
|
|_ Name: STacSV
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:

[!] Vodafone Mobile Connect Service
|_ Path: C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
| |_ Manufacturer: Vodafone
| |_ Description: VMCService
| |_ MD5: 462C318A91BF08DBD95F5F3186EE2E1C
|
|_ Name: VMCService
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Stopped
|_ Type: Win32 Own Process
|_ Dependency: winmgmt

[X] vToolbarUpdater
|_ Path: C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
| |_ Manufacturer:
| |_ Description:
| |_ MD5:
|
|_ Name: vToolbarUpdater
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Stopped
|_ Type: Win32 Own Process
|_ Dependency:

[X] Dell Wireless WLAN Tray Service
|_ Path: C:\Windows\System32\WLTRYSVC.EXE
| |_ Manufacturer:
| |_ Description:
| |_ MD5: 1EC64DC56FCABFAEFB497DFABACA463C
|
|_ Name: wltrysvc
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:

[X] wxpdrivers
|_ Path: C:\Windows\update.1\svchost.exe
| |_ Manufacturer:
| |_ Description:
| |_ MD5: 4A845D9540177143D8243B177DEA6829
|
|_ Name: wxpdrivers
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:


Drivers (Display running: True, Display stopped: False, Display safe: False)
================================================================
[?] Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
|_ Path: C:\Windows\system32\DRIVERS\b57nd60x.sys
| |_ Manufacturer: Broadcom Corporation
| |_ Description: Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver.
| |_ MD5: F17463EDDB3B6A988F939FF403E067C3
|
|_ Name: b57nd60x
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[!] CD-ROM Driver
|_ Path: C:\Windows\system32\DRIVERS\cdrom.sys
| |_ Manufacturer:
| |_ Description:
| |_ MD5: 1B4E9826DF5C96335D0CA465EDA33EDA
|
|_ Name: cdrom
|_ StartName:
|_ Startup type: System Start
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] igfx
|_ Path: C:\Windows\system32\DRIVERS\igdkmd32.sys
| |_ Manufacturer: Intel Corporation
| |_ Description: Intel Graphics Kernel Mode Driver
| |_ MD5: 9378D57E2B96C0A185D844770AD49948
|
|_ Name: igfx
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] Creative Camera OEM002 Driver
|_ Path: C:\Windows\system32\DRIVERS\OEM02Dev.sys
| |_ Manufacturer: Creative Technology Ltd.
| |_ Description: Video Capture Device Driver
| |_ MD5: 19CAC780B858822055F46C58A111723C
|
|_ Name: OEM02Dev
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] Creative Camera OEM002 Video VFX Driver
|_ Path: C:\Windows\system32\DRIVERS\OEM02Vfx.sys
| |_ Manufacturer: EyePower Games Pte. Ltd.
| |_ Description: Advanced Video FX Filter
Driver (Win2K based)
| |_ MD5: 86326062A90494BDD79CE383511D7D69
|
|_ Name: OEM02Vfx
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] rimmptsk
|_ Path: C:\Windows\system32\DRIVERS\rimmptsk.sys
| |_ Manufacturer: REDC
| |_ Description: RICOH SD Driver
| |_ MD5: C2EF513BBE069F0D4EE0938A76F975D3
|
|_ Name: rimmptsk
|_ StartName:
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] rimsptsk
|_ Path: C:\Windows\system32\DRIVERS\rimsptsk.sys
| |_ Manufacturer: REDC
| |_ Description: RICOH MS Driver
| |_ MD5: C398BCA91216755B098679A8DA8A2300
|
|_ Name: rimsptsk
|_ StartName:
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] Ricoh xD-Picture Card Driver
|_ Path: C:\Windows\system32\DRIVERS\rixdptsk.sys
| |_ Manufacturer: REDC
| |_ Description: RICOH XD SM Driver
| |_ MD5: 6C1F93C0760C9F79A1869D07233DF39D
|
|_ Name: rismxdp
|_ StartName:
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] IDT High Definition Audio CODEC
|_ Path: C:\Windows\system32\DRIVERS\stwrt.sys
| |_ Manufacturer: IDT, Inc.
| |_ Description: IDT PC Audio
| |_ MD5: 14A9AD287FDA70A06463E09C4328C1F2
|
|_ Name: STHDA
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:


Modules (Display safe: False, Only without manufacturer: True, Display registered: False)
================================================================
[?] wltrynt.dll
|_ Path: C:\Windows\System32\wltrynt.dll
|_ MD5: 766DDBD42E50735A95378784E9A01C35
|_ Manufacturer: Broadcom Corporation
|_ Processes
|_ BCMWLTRY.EXE (1672)

[?] bcmwlrmt.dll
|_ Path: C:\Windows\System32\bcmwlrmt.dll
|_ MD5: 74E77B2B636E1325BF094CA139E0E307
|_ Manufacturer:
|_ Processes
|_ BCMWLTRY.EXE (1672)
|_ BCMWLTRY.EXE (1672)
|_ WLTRAY.EXE (2464)

[?] wltray.exe
|_ Path: C:\Windows\System32\WLTRAY.EXE
|_ MD5: C1C4C28E23AC934F49C2F60BD8D5BF63
|_ Manufacturer: Dell Inc.
|_ Processes
|_ BCMWLTRY.EXE (1672)

[?] atl80.dll
|_ Path: C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.dll
|_ MD5: D5E459BED3DB9CF7FC6CC1455F177D2D
|_ Manufacturer: Microsoft Corporation
|_ Processes
|_ BCMWLTRY.EXE (1672)

[?] msvcm80.dll
|_ Path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll
|_ MD5: 1D109ED0D660654EA7FF1574558031C4
|_ Manufacturer: Microsoft Corporation
|_ Processes
|_ BCMWLTRY.EXE (1672)
|_ WLTRAY.EXE (2464)

[?] mfc80.dll
|_ Path: C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
|_ MD5: 1F5AFD468EB5E09E9ED75A087529EAB5
|_ Manufacturer: Microsoft Corporation
|_ Processes
|_ BCMWLTRY.EXE (1672)
|_ WLTRAY.EXE (2464)

[?] isdi.dll
|_ Path: C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
|_ MD5: E9E95E7B9527F9899E6DEDEAD894C574
|_ Manufacturer: Intel Corporation
|_ Processes
|_ IAANTmon.exe (1992)
|_ IAAnotif.exe (2456)

[?] 7-zip.dll
|_ Path: C:\Program Files\7-Zip\7-zip.dll
|_ MD5: 20B2C339361E82A6707533BAC481FCE4
|_ Manufacturer: Igor Pavlov
|_ Processes
|_ explorer.exe (2332)

[?] phonebrowser.dll
|_ Path: C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
|_ MD5: 7A99BDC6F5D81D3634369AA90BCFDA8B
|_ Manufacturer: Nokia
|_ Processes
|_ explorer.exe (2332)

[?] ngscm.dll
|_ Path: C:\Program Files\Nokia\Nokia PC Suite 7\NGSCM.dll
|_ MD5: AA9C2D8AF8D0B0A3BE1B64A934152A0C
|_ Manufacturer: Nokia
|_ Processes
|_ explorer.exe (2332)

[?] btncopy.dll
|_ Path: C:\Windows\System32\BTNCopy.dll
|_ MD5: F79FA009F7F34388CD850C62E9BEBB00
|_ Manufacturer: Broadcom Corporation.
|_ Processes
|_ explorer.exe (2332)

[?] mdatastoreph.dll
|_ Path: C:\Program Files\Common Files\Nokia\MPlatform\MDatastorePH.dll
|_ MD5: 6C211E1AFF7705A5D866B06EC9CC075E
|_ Manufacturer: Nokia
|_ Processes
|_ SearchProtocolHost.exe (2748)



================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ] - Not Registered =(

Re: Kontrola logu

Napsal: 10 lis 2011 05:02
od cernohous13
Vítám tě u nás Obrázek
:arrow: stáhni a spusť http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
dej volbu 2 - vytvořený log sem zkopíruj

opakuj s volbou 3 a 4 (logy mi dej)
:arrow: Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych rád viděl :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz