Prosím o preventivní kontrolu

Zpráva

Joker93 · #1 Příspěvek od **Joker93** » 02 zář 2014 20:14

Dobrý večer, prosím o preventivní kontrolu PC. Zároveň se zeptám na soubor adbkey.pub, který jsem v PC našel ve složce android a na internetu jsem našel zmínky o viru, takže se raději zeptám tady.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2014-09-02 21:13:00
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 41 GB (68%) free of 60 GB
Total RAM: 3325 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:13:07, on 2.9.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WandouLabs\wandoujia_helper.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\WandouLabs\WDPlatform.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: wandoujia_helper.lnk = C:\Program Files\WandouLabs\wandoujia_helper.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{04FE91B6-1F6F-496E-A9C0-EBABAC64204D}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{04FE91B6-1F6F-496E-A9C0-EBABAC64204D}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

--
End of file - 3719 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\f3tyufdp.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.179 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@cuminas.jp/DjVuPlugin]
"Description"=Document Express DjVu Plug-in
"Path"=C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\f3tyufdp.default\extensions\
abs@avira.com

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2012-06-06 20065936]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-04-05 98304]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2014-08-12 751184]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění
wandoujia_helper.lnk - C:\Program Files\WandouLabs\wandoujia_helper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-04-06 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Knights Of The Temple\Templar.exe"="C:\Program Files\Knights Of The Temple\Templar.exe:*:Enabled:Templar"
"C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe"="C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe:*:Disabled:vietcong"
"C:\Program Files\WandouLabs\wandoujia2.exe"="C:\Program Files\WandouLabs\wandoujia2.exe:*:Enabled:SnapPea"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm

======List of files/folders created in the last 1 month======

2014-09-02 20:49:14 ----D---- C:\Documents and Settings\Admin\Data aplikací\Wandoujia2
2014-09-02 20:49:05 ----D---- C:\Program Files\WandouLabs
2014-09-02 20:04:27 ----D---- C:\WINDOWS\LastGood
2014-09-02 18:06:03 ----HDC---- C:\WINDOWS\$NtUninstallwinusb0200$
2014-09-02 18:05:51 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2014-09-02 18:05:45 ----A---- C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2014-09-02 18:05:45 ----A---- C:\WINDOWS\system32\WdfCoInstaller01009.dll
2014-09-02 18:05:45 ----A---- C:\WINDOWS\system32\USBCoInstaller.dll
2014-09-02 18:03:56 ----D---- C:\Documents and Settings\Admin\Data aplikací\WandoujiaUsbDriver
2014-09-02 15:36:49 ----HDC---- C:\WINDOWS\$NtUninstallwinusb0100$
2014-09-02 15:36:34 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2014-09-02 15:36:31 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2014-09-02 15:35:42 ----A---- C:\WINDOWS\system32\WinUSBCoInstaller.dll
2014-09-02 15:35:42 ----A---- C:\WINDOWS\system32\WdfCoInstaller01007.dll
2014-09-02 15:35:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Samsung
2014-09-02 15:00:58 ----D---- C:\Documents and Settings\Admin\Data aplikací\Samsung
2014-09-02 15:00:57 ----A---- C:\WINDOWS\system32\secman.dll
2014-08-31 19:18:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Trymedia
2014-08-15 20:33:29 ----D---- C:\Program Files\Blitzkrieg 2
2014-08-15 16:04:07 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2014-08-15 16:04:06 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2014-08-15 16:04:06 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2014-08-15 16:04:06 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2014-08-15 16:04:06 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2014-08-15 16:04:06 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2014-08-15 16:04:05 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2014-08-15 16:04:05 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2014-08-15 16:04:05 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2014-08-15 16:04:03 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2014-08-15 16:04:02 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2014-08-15 16:04:02 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2014-08-15 16:04:01 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2014-08-15 16:04:01 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2014-08-15 16:04:00 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2014-08-15 16:04:00 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2014-08-15 16:04:00 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2014-08-15 16:04:00 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2014-08-14 15:36:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Package Cache

======List of files/folders modified in the last 1 month======

2014-09-02 21:13:05 ----D---- C:\WINDOWS\Temp
2014-09-02 21:13:05 ----D---- C:\Program Files\trend micro
2014-09-02 21:12:54 ----D---- C:\WINDOWS\Prefetch
2014-09-02 21:02:18 ----D---- C:\WINDOWS\system32
2014-09-02 21:02:14 ----D---- C:\WINDOWS\system32\ReinstallBackups
2014-09-02 20:49:05 ----RD---- C:\Program Files
2014-09-02 20:04:31 ----D---- C:\WINDOWS
2014-09-02 20:00:15 ----D---- C:\WINDOWS\system32\CatRoot2
2014-09-02 19:54:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-02 19:49:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-09-02 19:41:42 ----HD---- C:\WINDOWS\inf
2014-09-02 18:06:44 ----D---- C:\WINDOWS\system32\CatRoot
2014-09-02 18:06:11 ----D---- C:\WINDOWS\system32\drivers
2014-09-02 18:03:48 ----RSD---- C:\WINDOWS\Fonts
2014-09-02 15:44:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2014-09-02 15:43:53 ----SHD---- C:\WINDOWS\Installer
2014-09-02 15:00:55 ----HD---- C:\Program Files\InstallShield Installation Information
2014-09-02 13:25:11 ----D---- C:\WINDOWS\system32\NtmsData
2014-09-02 13:08:06 ----D---- C:\WINDOWS\Registration
2014-08-31 20:04:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2014-08-23 16:49:59 ----D---- C:\WINDOWS\system32\DirectX
2014-08-18 21:53:14 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-15 16:05:05 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2014-08-15 16:03:58 ----RSD---- C:\WINDOWS\assembly
2014-08-15 09:58:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2014-08-15 09:58:32 ----D---- C:\Program Files\Avira

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-09-03 115680]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2006-03-26 51200]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-03-13 6656]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2014-06-03 136216]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2013-12-09 37352]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2013-12-09 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2014-07-03 97648]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2013-08-25 13120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-04-06 7746048]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-06-19 6141584]
R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2012-04-25 82032]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2011-12-02 4125352]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WinUSB;Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2009-07-13 34944]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2014-08-12 430160]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2014-08-12 430160]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-04-06 647168]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S4 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-08-12 1021008]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 03 zář 2014 01:49

Zdravim

Tohle znate? C:\Program Files\WandouLabs\wandoujia_helper.exe

Najdete ten soubor adbkey.pub a otestujte ho na virustotal a jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846 Vysledky sem zkopirujte, nebo dejte odkaz.

Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ (musite stahnout verzi 1.75, odmitnout upgrade a aktualizovat jen virovou databazi) a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

Joker93 · #3 Příspěvek od **Joker93** » 03 zář 2014 08:12

Dobrý den. Je to složka programu SnapPea pro správu telefonu, který jsem včera instaloval. Není na tyto podobné programy pohlíženo spíše jako na smetí v PC?

https://www.virustotal.com/cs/file/26f1 ... 409728289/

http://virusscan.jotti.org/cs/scanresul ... c00b3ea45f

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.09.03.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: ADMIN [administrátor]

3.9.2014 9:25:09
mbam-log-2014-09-03 (09-25-09).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 299832
Uplynulý čas: 23 minut, 45 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

#4 Příspěvek od **Márty84** » 03 zář 2014 10:14

Joker93 píše:Je to složka programu SnapPea pro správu telefonu, který jsem včera instaloval. Není na tyto podobné programy pohlíženo spíše jako na smetí v PC?

Neni to moc obvykle, takze nevim, jestli to dela i nejake problemy

Jen by se to nemuselo zapinat po spusteni.

MBAM muzete odinstalovat.

Postupujte podle navodu kolegy

vyosek píše: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
Nasledne kliknete na Run Script

PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Joker93 · #5 Příspěvek od **Joker93** » 03 zář 2014 11:23

Zoek.exe v5.0.0.0 Updated 01-September-2014
Tool run by Admin on st 03.09.2014 at 12:13:47,42.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3.9.2014 12:14:08 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Documents and Settings\Admin\.android deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Package Cache deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Trymedia deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [12.05.2013 12:59]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dl ... ar=msnhome"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dl ... ar=msnhome"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=6 folders=5 2483 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Admin\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on st 03.09.2014 at 12:20:50,96 ======================

#6 Příspěvek od **Márty84** » 03 zář 2014 18:34

Dejte novy log z RSIT

Joker93 · #7 Příspěvek od **Joker93** » 03 zář 2014 20:17

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2014-09-03 21:16:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 41 GB (69%) free of 60 GB
Total RAM: 3325 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:16:46, on 3.9.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WandouLabs\wandoujia_helper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\WandouLabs\WDPlatform.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: wandoujia_helper.lnk = C:\Program Files\WandouLabs\wandoujia_helper.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{04FE91B6-1F6F-496E-A9C0-EBABAC64204D}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{04FE91B6-1F6F-496E-A9C0-EBABAC64204D}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

--
End of file - 3673 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\f3tyufdp.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.179 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@cuminas.jp/DjVuPlugin]
"Description"=Document Express DjVu Plug-in
"Path"=C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\f3tyufdp.default\extensions\
abs@avira.com

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2012-06-06 20065936]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-04-05 98304]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2014-08-12 751184]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění
wandoujia_helper.lnk - C:\Program Files\WandouLabs\wandoujia_helper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-04-06 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Knights Of The Temple\Templar.exe"="C:\Program Files\Knights Of The Temple\Templar.exe:*:Enabled:Templar"
"C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe"="C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe:*:Disabled:vietcong"
"C:\Program Files\WandouLabs\wandoujia2.exe"="C:\Program Files\WandouLabs\wandoujia2.exe:*:Enabled:SnapPea"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm

======List of files/folders created in the last 1 month======

2014-09-03 12:17:29 ----D---- C:\WINDOWS\Temp
2014-09-03 12:17:29 ----A---- C:\WINDOWS\zoek-delete.exe
2014-09-03 12:13:37 ----D---- C:\zoek_backup
2014-09-02 20:49:14 ----D---- C:\Documents and Settings\Admin\Data aplikací\Wandoujia2
2014-09-02 20:49:05 ----D---- C:\Program Files\WandouLabs
2014-09-02 18:06:03 ----HDC---- C:\WINDOWS\$NtUninstallwinusb0200$
2014-09-02 18:05:51 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2014-09-02 18:05:45 ----A---- C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2014-09-02 18:05:45 ----A---- C:\WINDOWS\system32\WdfCoInstaller01009.dll
2014-09-02 18:05:45 ----A---- C:\WINDOWS\system32\USBCoInstaller.dll
2014-09-02 18:03:56 ----D---- C:\Documents and Settings\Admin\Data aplikací\WandoujiaUsbDriver
2014-09-02 15:36:49 ----HDC---- C:\WINDOWS\$NtUninstallwinusb0100$
2014-09-02 15:36:34 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2014-09-02 15:36:31 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2014-09-02 15:35:42 ----A---- C:\WINDOWS\system32\WinUSBCoInstaller.dll
2014-09-02 15:35:42 ----A---- C:\WINDOWS\system32\WdfCoInstaller01007.dll
2014-09-02 15:35:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Samsung
2014-09-02 15:00:58 ----D---- C:\Documents and Settings\Admin\Data aplikací\Samsung
2014-09-02 15:00:57 ----A---- C:\WINDOWS\system32\secman.dll
2014-08-15 20:33:29 ----D---- C:\Program Files\Blitzkrieg 2
2014-08-15 16:04:07 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2014-08-15 16:04:06 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2014-08-15 16:04:06 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2014-08-15 16:04:06 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2014-08-15 16:04:06 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2014-08-15 16:04:06 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2014-08-15 16:04:05 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2014-08-15 16:04:05 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2014-08-15 16:04:05 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2014-08-15 16:04:03 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2014-08-15 16:04:02 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2014-08-15 16:04:02 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2014-08-15 16:04:01 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2014-08-15 16:04:01 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2014-08-15 16:04:00 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2014-08-15 16:04:00 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2014-08-15 16:04:00 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2014-08-15 16:04:00 ----A---- C:\WINDOWS\system32\d3dx9_32.dll

======List of files/folders modified in the last 1 month======

2014-09-03 21:16:46 ----D---- C:\Program Files\trend micro
2014-09-03 21:12:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-09-03 21:09:39 ----D---- C:\WINDOWS\Prefetch
2014-09-03 16:30:31 ----D---- C:\WINDOWS\system32
2014-09-03 16:30:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-03 13:08:43 ----D---- C:\WINDOWS\system32\NtmsData
2014-09-03 13:08:09 ----D---- C:\WINDOWS\Registration
2014-09-03 12:21:42 ----D---- C:\WINDOWS
2014-09-03 12:20:45 ----RD---- C:\Program Files
2014-09-03 12:14:11 ----D---- C:\WINDOWS\system32\drivers\etc
2014-09-03 12:10:55 ----D---- C:\WINDOWS\system32\drivers
2014-09-02 23:44:18 ----D---- C:\WINDOWS\system32\CatRoot2
2014-09-02 21:02:14 ----D---- C:\WINDOWS\system32\ReinstallBackups
2014-09-02 19:41:42 ----HD---- C:\WINDOWS\inf
2014-09-02 18:06:44 ----D---- C:\WINDOWS\system32\CatRoot
2014-09-02 18:03:48 ----RSD---- C:\WINDOWS\Fonts
2014-09-02 15:44:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2014-09-02 15:43:53 ----SHD---- C:\WINDOWS\Installer
2014-09-02 15:43:53 ----HD---- C:\Program Files\InstallShield Installation Information
2014-08-31 20:04:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2014-08-23 16:49:59 ----D---- C:\WINDOWS\system32\DirectX
2014-08-18 21:53:14 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-15 16:05:05 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2014-08-15 16:03:58 ----RSD---- C:\WINDOWS\assembly
2014-08-15 09:58:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2014-08-15 09:58:32 ----D---- C:\Program Files\Avira

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-09-03 115680]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2006-03-26 51200]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-03-13 6656]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2014-06-03 136216]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2013-12-09 37352]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2013-12-09 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2014-07-03 97648]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2013-08-25 13120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-04-06 7746048]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-06-19 6141584]
R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2012-04-25 82032]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2011-12-02 4125352]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WinUSB;Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2009-07-13 34944]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2014-08-12 430160]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2014-08-12 430160]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-04-06 647168]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S4 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-08-12 1021008]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#8 Příspěvek od **Márty84** » 04 zář 2014 02:15

1) Otevrte Poznamkovy blok (pokud ho nemate na plose, tak kliknete na Start, pak programy a prislusenstvi)
2) Zkopirujte do nej ten zeleny text

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-

3) Vlevo nahore kliknete na napis Soubor
4) Kliknete na napis Ulozit jako...
5) Napiste spravne ten cerveny nazev oprava.reg a pak vyberte u moznosti Ulozit jako typ : Vsechny soubory
6) Ulozte, nejlepe na plochu
7) Na to, co jste prave ulozil/a, 2x kliknete, ono se to spusti a vy to jen potvrdte
8) Pak ten soubor muzete smazat

Smazte tyto polozky
2014-09-03 12:17:29 ----A---- C:\WINDOWS\zoek-delete.exe
2014-09-03 12:13:37 ----D---- C:\zoek_backup

Pokud s pc neni problem, je to vse

Pokud ano, napiste jaky a podivame se hloubeji

Joker93 · #9 Příspěvek od **Joker93** » 04 zář 2014 08:21

Dobrý den, ne, s PC žádné problémy nejsou.

Pouze mě zajímá jestli si nechávat ten program pro telefon, když se jeho proces spouští po zapnutí PC.

#10 Příspěvek od **Márty84** » 04 zář 2014 14:51

Joker93 píše:Pouze mě zajímá jestli si nechávat ten program pro telefon, když se jeho proces spouští po zapnutí PC.

To zalezi na vas, jestli ho pouzivate, nebo ne. Skodit by nemel

Joker93 · #11 Příspěvek od **Joker93** » 04 zář 2014 15:27

Dobře, děkuji za pomoc, mějte se.

#12 Příspěvek od **Márty84** » 04 zář 2014 15:34

Nemate zac

Taky se mejte a treba zase nekdy

VIRY.CZ

Prosím o preventivní kontrolu

Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu

Re: Prosím o preventivní kontrolu