VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Zkontrolování logu

https://forum.viry.cz:443/viewtopic.php?t=96439

Stránka 1 z 2

Zkontrolování logu

Napsal: 19 led 2010 13:03
od blake
Dobrý den,
i já bych prosil o zkontrolování mého logu. Začalo to tím, že mě můj poskytovatel internetu od něj odpojil, protože prý mám zavirované PC. Už delší dobu mě trápí BSODY (hlavně při vypínání/zapínání PC) viz: http://s2.imgupload.cz/img/--/151208/uoCBA/BSOD.jpg. Počítač jsem projel pomocí programů Nod, Spybot, Secunia Personal Software Inspector. Jako firewall používám Comodo. Internet už opět funguje, jen bych si rád byl jistý, jestli mám opravdu čisté PC.

LOG z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by 123 at 2010-01-19 12:50:07
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 47 GB (23%) free of 201 GB
Total RAM: 8190 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:12, on 19.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe
C:\Program Files (x86)\Media Key\MagicKey.exe
C:\Program Files (x86)\RealTemp 3.00\RealTemp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Media Key\OSD.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\123\Desktop\Programy\RSIT-1.exe
D:\Jirka ALL\MYsweet\Programy\HJT\123.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comodo.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [PopRock] C:\Users\123\AppData\Local\Temp\g.exe
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: RealTemp.exe.lnk = C:\Program Files (x86)\RealTemp 3.00\RealTemp.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files (x86)\Media Key\MagicKey.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí NetXferu - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí Net&Xferu - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files (x86)\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8577 bytes

======Scheduled tasks folder======

C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83B80A9C-D91A-4F22-8DCF-EA7204039F79}]
NXIECatcher Class - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll [2007-08-15 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll [2009-05-04 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll [2009-03-30 1091584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll [2007-07-11 57344]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll [2009-05-04 650752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"=C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"P17RunE"=RunDll32 P17RunE.dll,RunDLLEntry []
"SearchSettings"=C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe [2009-03-30 970240]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2010-01-05 149280]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"=C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
"PopRock"=C:\Users\123\AppData\Local\Temp\g.exe []
"OscarEditor"=C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe [2009-04-27 3330048]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []
"nodenable"=C:\Program Files\eset\nodenable.exe [2008-09-22 803501]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Media Key.lnk - C:\Program Files (x86)\Media Key\MagicKey.exe

C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
RealTemp.exe.lnk - C:\Program Files (x86)\RealTemp 3.00\RealTemp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\Windows\SysWOW64\guard32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-19 12:33:49 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-01-19 12:33:49 ----D---- C:\Program Files (x86)\Adobe
2010-01-19 12:33:29 ----SHD---- C:\Config.Msi
2010-01-19 09:08:57 ----D---- C:\rsit
2010-01-19 08:47:43 ----D---- C:\Program Files (x86)\Ultimate Process Manager
2010-01-19 08:39:58 ----D---- C:\Program Files (x86)\Secunia
2010-01-18 18:54:39 ----A---- C:\Windows\CIS_Setup_3.5.57173.439_XP_Vista_x64.INI
2010-01-18 14:36:35 ----D---- C:\ProgramData\comodo
2010-01-18 14:36:35 ----A---- C:\Windows\system32\guard32.dll
2010-01-16 20:09:37 ----D---- C:\Users\123\AppData\Roaming\Xfire
2010-01-16 20:09:35 ----D---- C:\ProgramData\Xfire
2010-01-16 20:09:33 ----D---- C:\Program Files (x86)\Xfire
2010-01-15 12:48:06 ----D---- C:\ProgramData\comodo(9)
2010-01-15 08:27:38 ----D---- C:\Users\123\AppData\Roaming\Xfire(94)
2010-01-12 23:04:24 ----A---- C:\Windows\system32\t2embed.dll
2010-01-12 23:04:24 ----A---- C:\Windows\system32\fontsub.dll
2010-01-10 23:16:08 ----A---- C:\Windows\matlab.ini
2010-01-10 23:16:07 ----D---- C:\Users\123\AppData\Roaming\MathWorks
2010-01-10 23:00:47 ----D---- C:\Program Files (x86)\MATLAB71
2010-01-09 23:35:27 ----D---- C:\Program Files (x86)\MeadCo Neptune
2010-01-05 23:37:06 ----A---- C:\Windows\system32\javaws.exe
2010-01-05 23:37:06 ----A---- C:\Windows\system32\javaw.exe
2010-01-05 23:37:05 ----A---- C:\Windows\system32\java.exe
2009-12-23 01:03:30 ----A---- C:\Windows\system32\xfcodec.dll
2009-12-20 22:39:58 ----D---- C:\Program Files (x86)\Rockstar Games

======List of files/folders modified in the last 1 months======

2010-01-19 12:50:11 ----D---- C:\Windows\Temp
2010-01-19 12:50:00 ----D---- C:\Users\123\AppData\Roaming\AIMP
2010-01-19 12:34:11 ----SHD---- C:\Windows\Installer
2010-01-19 12:33:53 ----D---- C:\ProgramData\Adobe
2010-01-19 12:33:49 ----D---- C:\Program Files (x86)\Common Files
2010-01-19 12:33:49 ----D---- C:\Program Files (x86)
2010-01-19 12:33:18 ----D---- C:\Windows\SysWOW64
2010-01-19 12:33:09 ----SHD---- C:\System Volume Information
2010-01-19 12:18:52 ----D---- C:\Windows\System32
2010-01-19 12:18:52 ----D---- C:\Windows\inf
2010-01-19 11:49:57 ----RD---- C:\Program Files
2010-01-19 11:27:16 ----D---- C:\Program Files (x86)\AIMP2 Tools
2010-01-19 11:26:43 ----D---- C:\Program Files (x86)\AIMP2
2010-01-19 11:17:12 ----D---- C:\Program Files (x86)\Opera
2010-01-18 19:04:16 ----A---- C:\Windows\NeroDigital.ini
2010-01-18 19:00:08 ----D---- C:\Windows
2010-01-18 18:48:47 ----D---- C:\Windows\Tasks
2010-01-18 18:48:47 ----D---- C:\Users\123\AppData\Roaming\LangSoft
2010-01-18 18:48:46 ----D---- C:\ProgramData\NVIDIA
2010-01-18 18:48:45 ----D---- C:\Windows\registration
2010-01-18 17:50:45 ----D---- C:\Windows\ModemLogs
2010-01-18 14:36:35 ----HD---- C:\ProgramData
2010-01-18 11:21:42 ----D---- C:\Windows\Prefetch
2010-01-17 19:59:53 ----D---- C:\Users\123\AppData\Roaming\Comodo
2010-01-16 20:06:48 ----AD---- C:\ProgramData\Temp
2010-01-15 22:59:50 ----D---- C:\Users\123\AppData\Roaming\IrfanView
2010-01-15 22:59:48 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-01-15 22:59:48 ----D---- C:\Program Files (x86)\Scorpions WinCheater
2010-01-15 22:10:51 ----D---- C:\Users\123\AppData\Roaming\BSplayer PRO
2010-01-12 23:14:13 ----D---- C:\Windows\winsxs
2010-01-12 23:11:13 ----D---- C:\Program Files (x86)\Windows Mail
2010-01-11 22:06:05 ----D---- C:\ProgramData\DVD Shrink
2010-01-05 23:36:56 ----A---- C:\Windows\system32\deploytk.dll
2010-01-02 22:20:51 ----D---- C:\Users\123\AppData\Roaming\Vso
2009-12-29 19:40:27 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-12-24 13:35:27 ----D---- C:\Program Files (x86)\OSCAR Editor

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2007-12-17 14392]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys []
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys []
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys []
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys []
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2008-10-07 32240]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys []
R3 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool64.sys []
R3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys []
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\KBFILTER.SYS []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 P17;SB Live! 24-bit; C:\Windows\system32\drivers\P17.sys []
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys []
R3 RivaTuner64;RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.22\RivaTuner64.sys [2009-01-29 19952]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files (x86)\RealTemp 3.00\WinRing0x64.sys [2008-07-26 14544]
S3 ALSysIO;ALSysIO; \??\C:\Users\123\AppData\Local\Temp\ALSysIO64.sys []
S3 avnkvl74;avnkvl74; C:\Windows\system32\drivers\avnkvl74.sys []
S3 CrystalCpuInfo;CrystalCpuInfo; \??\C:\Users\123\AppData\Local\Temp\CpuInfo64.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys [2004-06-22 5632]
S3 GPU-Z;GPU-Z; \??\C:\Users\123\AppData\Local\Temp\GPU-Z.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys []
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 OSCI_DRVX64;OSCI_DRVX64; \??\C:\Windows\System32\Drivers\OSCI_DRVX64.sys [2009-02-02 8704]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys []
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys []
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys []
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys []
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys []
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys []
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys []
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\drivers\usbser.sys []
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys []
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-18 889080]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2008-08-18 468224]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-06-24 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-06-24 107832]
R2 UserAccess7;SecuROM User Access Service (V7); C:\Windows\system32\UAService7.exe [2009-03-14 221184]
S2 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-08-18 21760]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-30 89920]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-06-12 79360]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 matlabserver;MATLAB Server; C:\Program Files (x86)\MATLAB71\webserver\bin\win32\matlabserver.exe [2005-07-27 536576]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []

-----------------EOF-----------------

Re: Zkontrolování logu

Napsal: 19 led 2010 18:22
od Rudy
Udělejte sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: Zkontrolování logu

Napsal: 19 led 2010 21:44
od blake
Zde je log. Celkem to našlo 12 případů.


Malwarebytes' Anti-Malware 1.44
Verze databáze: 3599
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

19.1.2010 21:41:50
mbam-log-2010-01-19 (21-41-42).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 495737
Uplynulý čas: 1 hour(s), 0 minute(s), 55 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 4
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 6

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Users\123\Desktop\DVD\neww\CamStudio.2.5_BETA1 +CZ\CamStudio_v25_Czech.exe (Trojan.Backdoor) -> No action taken.
D:\Unzipped\Programy\64b\FILMY\BS.Player.Pro.v2.32.975.Multilingual.Incl.Keymaker-CORE\Keygen-CORE\keygen.exe (Trojan.Agent) -> No action taken.
D:\Unzipped\Programy\64b\OC\Benchmarky\super_pi_mod-1.5\super_pi_mod.exe (Malware.Packer.Krunchy) -> No action taken.
D:\Unzipped\Programy\KOMP\CPU\Super PI 1,5 + SSE2,SSE3\super_pi_mod-1.5\super_pi_mod.exe (Malware.Packer.Krunchy) -> No action taken.
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.

Re: Zkontrolování logu

Napsal: 19 led 2010 22:03
od Rudy
Vše smažte.

Re: Zkontrolování logu

Napsal: 20 led 2010 01:22
od blake
Vše jsem smazal a tedy už je to vyřešeno?

Pro jistotu dávám opět log z RCIT.










Logfile of random's system information tool 1.06 (written by random/random)
Run by 123 at 2010-01-20 01:21:07
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 50 GB (25%) free of 201 GB
Total RAM: 8190 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:09, on 20.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe
C:\Program Files (x86)\Media Key\MagicKey.exe
C:\Program Files (x86)\RealTemp 3.00\RealTemp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Media Key\OSD.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Users\123\Desktop\Programy\RSIT-1.exe
D:\Jirka ALL\MYsweet\Programy\HJT\123.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comodo.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: RealTemp.exe.lnk = C:\Program Files (x86)\RealTemp 3.00\RealTemp.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files (x86)\Media Key\MagicKey.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí NetXferu - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí Net&Xferu - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files (x86)\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8393 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83B80A9C-D91A-4F22-8DCF-EA7204039F79}]
NXIECatcher Class - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll [2007-08-15 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll [2009-05-04 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll [2009-03-30 1091584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll [2007-07-11 57344]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll [2009-05-04 650752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"=C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"P17RunE"=RunDll32 P17RunE.dll,RunDLLEntry []
"SearchSettings"=C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe [2009-03-30 970240]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2010-01-05 149280]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"=C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
"OscarEditor"=C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe [2009-04-27 3330048]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []
"nodenable"=C:\Program Files\eset\nodenable.exe [2008-09-22 803501]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Media Key.lnk - C:\Program Files (x86)\Media Key\MagicKey.exe

C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
RealTemp.exe.lnk - C:\Program Files (x86)\RealTemp 3.00\RealTemp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\Windows\SysWOW64\guard32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-19 20:35:44 ----D---- C:\Users\123\AppData\Roaming\Malwarebytes
2010-01-19 20:35:29 ----D---- C:\ProgramData\Malwarebytes
2010-01-19 20:35:27 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-01-19 12:33:49 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-01-19 12:33:49 ----D---- C:\Program Files (x86)\Adobe
2010-01-19 12:33:29 ----SHD---- C:\Config.Msi
2010-01-19 09:08:57 ----D---- C:\rsit
2010-01-19 08:47:43 ----D---- C:\Program Files (x86)\Ultimate Process Manager
2010-01-19 08:39:58 ----D---- C:\Program Files (x86)\Secunia
2010-01-18 18:54:39 ----A---- C:\Windows\CIS_Setup_3.5.57173.439_XP_Vista_x64.INI
2010-01-18 14:36:35 ----D---- C:\ProgramData\comodo
2010-01-18 14:36:35 ----A---- C:\Windows\system32\guard32.dll
2010-01-16 20:09:37 ----D---- C:\Users\123\AppData\Roaming\Xfire
2010-01-16 20:09:35 ----D---- C:\ProgramData\Xfire
2010-01-16 20:09:33 ----D---- C:\Program Files (x86)\Xfire
2010-01-15 12:48:06 ----D---- C:\ProgramData\comodo(9)
2010-01-15 08:27:38 ----D---- C:\Users\123\AppData\Roaming\Xfire(94)
2010-01-12 23:04:24 ----A---- C:\Windows\system32\t2embed.dll
2010-01-12 23:04:24 ----A---- C:\Windows\system32\fontsub.dll
2010-01-10 23:16:08 ----A---- C:\Windows\matlab.ini
2010-01-10 23:16:07 ----D---- C:\Users\123\AppData\Roaming\MathWorks
2010-01-10 23:00:47 ----D---- C:\Program Files (x86)\MATLAB71
2010-01-09 23:35:27 ----D---- C:\Program Files (x86)\MeadCo Neptune
2010-01-05 23:37:06 ----A---- C:\Windows\system32\javaws.exe
2010-01-05 23:37:06 ----A---- C:\Windows\system32\javaw.exe
2010-01-05 23:37:05 ----A---- C:\Windows\system32\java.exe
2009-12-23 01:03:30 ----A---- C:\Windows\system32\xfcodec.dll

======List of files/folders modified in the last 1 months======

2010-01-20 01:21:08 ----D---- C:\Windows\Temp
2010-01-19 22:39:50 ----D---- C:\Windows\System32
2010-01-19 22:39:49 ----D---- C:\Windows\inf
2010-01-19 22:21:15 ----D---- C:\Windows\Tasks
2010-01-19 20:35:31 ----D---- C:\Windows\system32\drivers
2010-01-19 20:35:29 ----HD---- C:\ProgramData
2010-01-19 20:35:27 ----D---- C:\Program Files (x86)
2010-01-19 14:02:26 ----SHD---- C:\System Volume Information
2010-01-19 13:10:22 ----AD---- C:\ProgramData\Temp
2010-01-19 12:50:00 ----D---- C:\Users\123\AppData\Roaming\AIMP
2010-01-19 12:34:11 ----SHD---- C:\Windows\Installer
2010-01-19 12:33:53 ----D---- C:\ProgramData\Adobe
2010-01-19 12:33:49 ----D---- C:\Program Files (x86)\Common Files
2010-01-19 12:33:18 ----D---- C:\Windows\SysWOW64
2010-01-19 11:49:57 ----RD---- C:\Program Files
2010-01-19 11:27:16 ----D---- C:\Program Files (x86)\AIMP2 Tools
2010-01-19 11:26:43 ----D---- C:\Program Files (x86)\AIMP2
2010-01-19 11:17:12 ----D---- C:\Program Files (x86)\Opera
2010-01-18 19:04:16 ----A---- C:\Windows\NeroDigital.ini
2010-01-18 19:00:08 ----D---- C:\Windows
2010-01-18 18:48:47 ----D---- C:\Users\123\AppData\Roaming\LangSoft
2010-01-18 18:48:46 ----D---- C:\ProgramData\NVIDIA
2010-01-18 18:48:45 ----D---- C:\Windows\registration
2010-01-18 17:50:45 ----D---- C:\Windows\ModemLogs
2010-01-18 11:21:42 ----D---- C:\Windows\Prefetch
2010-01-17 19:59:53 ----D---- C:\Users\123\AppData\Roaming\Comodo
2010-01-15 22:59:50 ----D---- C:\Users\123\AppData\Roaming\IrfanView
2010-01-15 22:59:48 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-01-15 22:59:48 ----D---- C:\Program Files (x86)\Scorpions WinCheater
2010-01-15 22:10:51 ----D---- C:\Users\123\AppData\Roaming\BSplayer PRO
2010-01-12 23:14:13 ----D---- C:\Windows\winsxs
2010-01-12 23:11:13 ----D---- C:\Program Files (x86)\Windows Mail
2010-01-11 22:06:05 ----D---- C:\ProgramData\DVD Shrink
2010-01-05 23:36:56 ----A---- C:\Windows\system32\deploytk.dll
2010-01-02 22:20:51 ----D---- C:\Users\123\AppData\Roaming\Vso
2009-12-29 19:40:27 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-12-24 13:35:27 ----D---- C:\Program Files (x86)\OSCAR Editor

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2007-12-17 14392]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys []
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys []
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys []
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys []
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2008-10-07 32240]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys []
R3 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool64.sys []
R3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys []
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\KBFILTER.SYS []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 P17;SB Live! 24-bit; C:\Windows\system32\drivers\P17.sys []
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys []
R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys []
R3 RivaTuner64;RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.22\RivaTuner64.sys [2009-01-29 19952]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files (x86)\RealTemp 3.00\WinRing0x64.sys [2008-07-26 14544]
S3 ALSysIO;ALSysIO; \??\C:\Users\123\AppData\Local\Temp\ALSysIO64.sys []
S3 auwkv3fy;auwkv3fy; C:\Windows\system32\drivers\auwkv3fy.sys []
S3 CrystalCpuInfo;CrystalCpuInfo; \??\C:\Users\123\AppData\Local\Temp\CpuInfo64.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys [2004-06-22 5632]
S3 GPU-Z;GPU-Z; \??\C:\Users\123\AppData\Local\Temp\GPU-Z.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys []
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 OSCI_DRVX64;OSCI_DRVX64; \??\C:\Windows\System32\Drivers\OSCI_DRVX64.sys [2009-02-02 8704]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys []
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys []
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys []
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys []
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys []
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys []
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\drivers\usbser.sys []
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys []
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-18 889080]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2008-08-18 468224]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-06-24 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-06-24 107832]
R2 UserAccess7;SecuROM User Access Service (V7); C:\Windows\system32\UAService7.exe [2009-03-14 221184]
S2 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-08-18 21760]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-30 89920]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-06-12 79360]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 matlabserver;MATLAB Server; C:\Program Files (x86)\MATLAB71\webserver\bin\win32\matlabserver.exe [2005-07-27 536576]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []

-----------------EOF-----------------

Re: Zkontrolování logu

Napsal: 20 led 2010 19:18
od Rudy
Ještě odinstalujte pdfforge Toolbar. Pak bude log čistý.

Re: Zkontrolování logu

Napsal: 21 led 2010 12:37
od blake
Děkuji za rady a pomoc. Pdfforge toolbar odinstalován. Ještě jsem pro jistotu projel Pc pomocí Spy Doctora, který ještě nějakou tu havěť našel. Doufám, že už mám pc čisté.

Re: Zkontrolování logu

Napsal: 21 led 2010 18:19
od Rudy
Podle logu by PC mělo být čisté. Nemáte zač!

Re: Zkontrolování logu

Napsal: 23 led 2010 23:35
od blake
Takže bohužel jsem pořád odpojován od internetu svým providerem.
Prý moje viry útočí na hraniční routery.
Čili se ptám, co bych ještě měl udělat? Rekapitulace: os Vista 64b, firewall Comodo, antivir Nod, další programy - secunia PSI, mbam, spyware Doctor, CCleaner. Měl bych sem dát log např. z combofixu či gmeru? Či doporučení nějakých dalších programů?

Re: Zkontrolování logu

Napsal: 23 led 2010 23:38
od Rudy
Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .

Re: Zkontrolování logu

Napsal: 25 led 2010 09:51
od blake
Ten AVPTool jsem ještě nezkoušel, ale v podporovaných systémech není Vista 64b, a tak se ptám půjde mi ten program spustit?


Edit: tak AVPTool už běží a pak dodám výsledky. Jen jak v návodu bylo napsané zaškrtnout system memory, tak takovou položku jsem tam neměl, a proto jsem ji nemohl zaškrtnout. Už jsem opět při vypínání PC viděl BSOD :-(.


zde je log (jak jsem to tak zkoukl - vše se může klidně vymazat - mám to co zbylo vymazat?):

Autoscan: completed 7 minutes ago (events: 16, objects: 892676, time: 02:11:21)
25.1.2010 14:24:29 Task completed
25.1.2010 14:19:14 Deleted: Backdoor.Win32.IRCBot.hta D:\Unzipped\Češtiny\JIRKA\THPS3_cz.exe
25.1.2010 14:19:14 Detected: Backdoor.Win32.IRCBot.hta D:\Unzipped\Češtiny\JIRKA\THPS3_cz.exe/Skate3.exe
25.1.2010 14:18:54 Deleted: not-a-virus:AdWare.Win32.CommonName.bn D:\Unzipped\Programy\Vypalovací programy\CloneCD\cloneCD registry\SetupCloneCD.exe
25.1.2010 14:18:26 Deleted: not-a-virus:AdWare.Win32.CommonName.bk D:\Unzipped\Programy\Vypalovací programy\CloneCD\cloneCD registry\SetupCloneCDLangPack.exe
25.1.2010 14:17:54 Detected: not-a-virus:AdWare.Win32.CommonName.bk D:\Unzipped\Programy\Vypalovací programy\CloneCD\cloneCD registry\SetupCloneCDLangPack.exe
25.1.2010 14:17:35 Detected: not-a-virus:AdWare.Win32.CommonName.bn D:\Unzipped\Programy\Vypalovací programy\CloneCD\cloneCD registry\SetupCloneCD.exe
25.1.2010 14:12:02 Deleted: Trojan.SymbOS.Blocker.a D:\Jirka ALL\k810i\n70\HRY\+NGAGE-N70\LIBS+TCF taaaaadyyyyy\ostatní\eee Libs\ECOM.DLL
25.1.2010 14:09:53 Detected: Trojan.SymbOS.Blocker.a D:\Jirka ALL\k810i\n70\HRY\+NGAGE-N70\LIBS+TCF taaaaadyyyyy\ostatní\eee Libs\ECOM.DLL
25.1.2010 14:09:52 Detected: Trojan.SymbOS.Blocker.a D:\Jirka ALL\k810i\n70\HRY\+NGAGE-N70\cheaty a libsy\Libs.rar/Libs/ECOM.DLL
25.1.2010 14:05:21 Deleted: Trojan-Clicker.HTML.IFrame.es D:\Jarda ALL\jarda\MAAAJ\HRYYY\TombRaider - Legend_soubory\popunder.htm
25.1.2010 14:04:53 Deleted: Trojan-Clicker.HTML.IFrame.es D:\Jarda ALL\Jarda - Střední\HRYYY\TombRaider - Legend_soubory\popunder.htm
25.1.2010 14:02:41 Detected: Trojan-Clicker.HTML.IFrame.es D:\Jarda ALL\Jarda - Střední\HRYYY\TombRaider - Legend_soubory\popunder.htm
25.1.2010 14:00:34 Detected: Trojan-Clicker.HTML.IFrame.es D:\Jarda ALL\jarda\MAAAJ\HRYYY\TombRaider - Legend_soubory\popunder.htm
25.1.2010 12:13:08 Task started
25.1.2010 14:09:52 Untreated: Trojan.SymbOS.Blocker.a D:\Jirka ALL\k810i\n70\HRY\+NGAGE-N70\cheaty a libsy\Libs.rar/Libs/ECOM.DLL Write not supported

Re: Zkontrolování logu

Napsal: 25 led 2010 19:02
od blake
Ještě bych se rád zeptal na něco ohledně CCleaneru (mám ho v češtině). Jak tam je čistič a v něm Windows, tak je tam mnoho položek nezaškrtlých, a mě by zajímalo, jestli mohu takto vyčistit položku s názvem Hlášení chyb Windows, protože to má velikost skoro 10 GB. Prostě, jestli je bezpečné, když to zaškrtnu a dám analyzovat a následně to CCleanerem pročistim.

Re: Zkontrolování logu

Napsal: 25 led 2010 19:03
od Rudy
System memory není adresář, ale systémová paměť´. Vše, co AVP našel, smažte.

Re: Zkontrolování logu

Napsal: 25 led 2010 19:24
od blake
Rudy píše:System memory není adresář, ale systémová paměť´. Vše, co AVP našel, smažte.
Ať je to cokoliv, já tam takovou položku neměl. A rada ohledně CCleaneru? Je tedy ještě něco, co bych mohl provést. Už mě totiž nebaví přesvědčovat svého providera o tom, že mám čisté PC a může mě opět připojit. Ale jakmile mě připojí, tak zase mě to po chvíli automaticky odpojí (vaše viry napadají...). Díky za rady.

Re: Zkontrolování logu

Napsal: 25 led 2010 19:34
od Rudy
Pokud AVP vše smazal, měl by váš PC být už čistý.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz