VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=96744

Stránka 1 z 1

Prosím o kontrolu logu

Napsal: 25 led 2010 17:14
od jindra88
Dobrý den, mohli byste mi prosím zkontrolovat log,antivir mi našel virus,a nějak se ho nemžu zbavit.

Název: TR/Spy.Gen2

Děkuji

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-25 17:04:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 48 GB (31%) free of 153 GB
Total RAM: 2013 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:06, on 25.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Logitech . Registrace produktu.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: winmm.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\..\svchost.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10592 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1255450112.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-23 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-01-23 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-23 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-04-06 33603584]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-02-26 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-02-26 142360]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-02-16 87336]
"PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2008-10-13 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-02-28 75048]
"pdfFactory Pro Dispatcher v3"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2009-03-24 606208]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-02 149280]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-10-10 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-01-23 39408]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
Logitech . Registrace produktu.lnk - C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="winmm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-02-20 206848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-11-07 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-08-08 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInternetIcon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Cyanide\Blood Bowl\BloodB.exe"="C:\Program Files\Cyanide\Blood Bowl\BloodB.exe:*:Enabled:Blood Bowl"
"C:\Documents and Settings\Administrator\Dokumenty\Azureus Downloads\Nová složka\Magic\Manalink.exe"="C:\Documents and Settings\Administrator\Dokumenty\Azureus Downloads\Nová složka\Magic\Manalink.exe:*:Enabled:manalink"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-25 17:05:00 ----D---- C:\Program Files\trend micro
2010-01-25 17:04:59 ----D---- C:\rsit
2010-01-23 13:57:34 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Tropico 3
2010-01-23 13:49:25 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-01-23 13:49:23 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-01-23 13:49:23 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-01-23 13:49:22 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2010-01-23 13:49:22 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2010-01-23 13:49:22 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-01-23 13:49:22 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-01-23 13:49:21 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2010-01-23 13:49:21 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2010-01-23 13:49:21 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2010-01-23 13:49:20 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2010-01-23 13:45:37 ----D---- C:\Program Files\Kalypso
2010-01-23 13:22:51 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Logitech
2010-01-23 13:20:53 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2010-01-23 13:20:19 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2010-01-23 13:20:15 ----A---- C:\WINDOWS\system32\KemXML.dll
2010-01-23 13:20:15 ----A---- C:\WINDOWS\system32\KemWnd.dll
2010-01-23 13:20:15 ----A---- C:\WINDOWS\system32\KemUtil.dll
2010-01-23 13:20:15 ----A---- C:\WINDOWS\system32\kemutb.dll
2010-01-23 13:19:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Logitech
2010-01-23 13:19:51 ----D---- C:\Program Files\Common Files\Logishrd
2010-01-23 13:19:45 ----D---- C:\Program Files\Logitech
2010-01-23 13:19:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogiShrd
2010-01-23 13:18:56 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-01-23 10:04:51 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-23 10:04:34 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-23 09:11:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-22 18:31:43 ----D---- C:\Program Files\Adobe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\zip.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\SWSC.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\SWREG.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\sed.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\PEV.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\MBR.exe
2010-01-22 14:13:19 ----A---- C:\WINDOWS\grep.exe
2010-01-22 14:12:41 ----D---- C:\WINDOWS\ERDNT
2010-01-22 14:11:26 ----SD---- C:\ComboFix
2010-01-22 14:10:27 ----D---- C:\Qoobox
2010-01-22 12:24:34 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Uniblue
2010-01-22 11:23:57 ----D---- C:\Program Files\Ultimate Process Manager
2010-01-22 11:19:24 ----D---- C:\Program Files\Reimage
2010-01-17 20:35:39 ----HDC---- C:\WINDOWS\ie8
2010-01-17 16:49:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-01-17 16:41:03 ----D---- C:\Program Files\CCleaner
2010-01-17 12:22:00 ----D---- C:\WINDOWS\pss
2010-01-01 13:29:33 ----D---- C:\Program Files\Aml Pages
2010-01-01 12:57:39 ----D---- C:\Program Files\Visual Zip Password Recovery

======List of files/folders modified in the last 1 months======

2010-01-25 17:05:00 ----RD---- C:\Program Files
2010-01-25 17:02:42 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2010-01-25 17:02:37 ----D---- C:\WINDOWS\Prefetch
2010-01-25 15:46:56 ----D---- C:\WINDOWS\Temp
2010-01-25 15:46:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-24 14:58:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Temp
2010-01-24 12:09:42 ----D---- C:\Documents and Settings\Administrator\Data aplikací\vlc
2010-01-24 09:33:23 ----D---- C:\WINDOWS
2010-01-23 13:53:25 ----HD---- C:\WINDOWS\inf
2010-01-23 13:49:29 ----D---- C:\WINDOWS\system32\DirectX
2010-01-23 13:49:28 ----D---- C:\WINDOWS\system32
2010-01-23 13:49:02 ----RSD---- C:\WINDOWS\assembly
2010-01-23 13:48:30 ----SHD---- C:\WINDOWS\Installer
2010-01-23 13:45:37 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-23 13:36:25 ----D---- C:\Program Files\Google
2010-01-23 13:21:27 ----D---- C:\WINDOWS\system32\drivers
2010-01-23 13:21:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-23 13:21:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-23 13:19:51 ----D---- C:\Program Files\Common Files
2010-01-23 10:04:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-01-23 09:53:27 ----D---- C:\Program Files\EA Sports
2010-01-22 18:31:52 ----D---- C:\Program Files\Common Files\Adobe
2010-01-22 18:31:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-01-22 14:12:49 ----SHD---- C:\System Volume Information
2010-01-22 14:12:49 ----D---- C:\WINDOWS\system32\Restore
2010-01-22 11:22:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-17 20:38:27 ----D---- C:\WINDOWS\system32\cs-cz
2010-01-17 20:38:27 ----D---- C:\WINDOWS\Media
2010-01-17 20:38:27 ----D---- C:\WINDOWS\Help
2010-01-17 20:38:27 ----D---- C:\Program Files\Internet Explorer
2010-01-17 20:24:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-17 16:49:05 ----SD---- C:\WINDOWS\Tasks
2010-01-17 16:43:25 ----D---- C:\Program Files\Electronic Arts
2010-01-17 16:43:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
2010-01-12 17:38:47 ----D---- C:\Program Files\World of Warcraft
2010-01-04 11:31:10 ----D---- C:\Program Files\ICQ6.5
2010-01-03 10:46:26 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Google
2010-01-02 12:48:32 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/31 12:52:55]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2008-09-26 10384]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-02-20 6312864]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-03-26 1086208]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 afe43mya;afe43mya; C:\WINDOWS\system32\drivers\afe43mya.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-14 272896]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 148168]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-09-26 20240]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-08-08 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-08-08 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-12 258103]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-02 153376]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S2 msupdate;Microsoft security update service; c:\windows\system32\..\svchost.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-23 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-11-07 121360]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Re: Prosím o kontrolu logu

Napsal: 25 led 2010 19:12
od Rudy
22.1. jste dělal sken ComboFix. Dejte z něj log.

Re: Prosím o kontrolu logu

Napsal: 25 led 2010 19:31
od jindra88
Combo Fix jsem spustil,poté mi naběhlo,že nemám v pc nějaký program, a začalo se mi něco stahovat ze stránek Microsoftu,poté jsem to zrušil.
Takže sken neproběhl až dokonce,log tudíž nemám.
Poté co jsem navštívil toto forum jsem zjistil,že preferujete 1.log z programu RSIT.
Mám udělat teď aktuální log z Combofixu?

Re: Prosím o kontrolu logu

Napsal: 25 led 2010 19:39
od Rudy
RSIT je prvotní sken, aby rádce mohl rozhodnout, co dál použít. CF udělejte, ale v nouz. režimu, Konzolu pro zotavení neinstalujte a hlavně: při chodu CF nikam a na nic neklikejte. Mohl by se poškodit systém.

Re: Prosím o kontrolu logu

Napsal: 25 led 2010 20:32
od jindra88
Přikládám log z CF:

ComboFix 10-01-21.07 - Administrator 25.01.2010 20:00:37.1.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2013.1769 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\ICQLRun.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE
-------\Service_msupdate


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.

2010-01-25 18:56 . 2010-01-25 18:57 -------- d-----w- C:\32788R22FWJFW
2010-01-25 16:05 . 2010-01-25 16:05 -------- d-----w- c:\program files\trend micro
2010-01-25 16:04 . 2010-01-25 16:05 -------- d-----w- C:\rsit
2010-01-23 12:49 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2010-01-23 12:49 . 2008-10-15 06:03 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-01-23 12:49 . 2008-10-15 06:03 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-01-23 12:49 . 2008-10-15 06:03 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-01-23 12:49 . 2008-10-15 06:03 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-01-23 12:49 . 2008-07-30 05:20 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-01-23 12:49 . 2008-07-30 05:20 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-01-23 12:49 . 2008-07-30 05:20 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-01-23 12:49 . 2008-07-10 10:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-01-23 12:49 . 2008-07-10 10:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-01-23 12:49 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-01-23 12:45 . 2010-01-23 12:45 -------- d-----w- c:\program files\Kalypso
2010-01-23 12:21 . 2008-09-26 08:52 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-01-23 12:20 . 2008-11-07 15:37 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-23 12:20 . 2008-11-07 15:38 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-23 12:20 . 2008-11-07 15:38 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-23 12:20 . 2008-11-07 15:38 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-23 12:20 . 2008-11-07 15:38 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-23 12:19 . 2010-01-23 12:22 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-23 12:19 . 2010-01-23 12:19 -------- d-----w- c:\program files\Logitech
2010-01-23 12:18 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-01-23 12:18 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-01-23 12:18 . 2008-04-14 06:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-01-23 12:18 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-01-23 09:04 . 2010-01-23 09:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-23 09:04 . 2010-01-23 12:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-22 10:23 . 2010-01-22 10:24 -------- d-----w- c:\program files\Ultimate Process Manager
2010-01-22 10:19 . 2010-01-22 10:21 -------- d-----w- c:\program files\Reimage
2010-01-22 08:33 . 2010-01-22 08:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-22 08:33 . 2010-01-22 08:33 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-01-17 19:43 . 2010-01-17 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-01-17 19:42 . 2010-01-17 19:42 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-17 19:38 . 2010-01-17 19:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-17 19:35 . 2010-01-17 19:37 -------- dc-h--w- c:\windows\ie8
2010-01-17 15:41 . 2010-01-17 15:41 -------- d-----w- c:\program files\CCleaner
2010-01-01 12:29 . 2010-01-01 12:33 -------- d-----w- c:\program files\Aml Pages
2010-01-01 11:57 . 2010-01-01 12:00 -------- d-----w- c:\program files\Visual Zip Password Recovery

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 19:08 . 2009-10-30 22:36 -------- d-----w- c:\program files\ICQ6.5
2010-01-23 12:45 . 2009-08-31 21:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 12:36 . 2009-11-07 17:22 -------- d-----w- c:\program files\Google
2010-01-23 12:21 . 2010-01-23 12:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-23 12:21 . 2010-01-23 12:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-23 12:20 . 2010-01-23 12:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-23 09:04 . 2009-09-02 10:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-23 08:53 . 2009-10-19 17:18 -------- d-----w- c:\program files\EA Sports
2010-01-22 17:31 . 2009-08-31 17:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-17 15:43 . 2009-09-02 11:08 -------- d-----w- c:\program files\Electronic Arts
2010-01-12 16:38 . 2009-09-01 16:06 -------- d-----w- c:\program files\World of Warcraft
2009-12-16 20:48 . 2001-10-25 12:00 76696 ----a-w- c:\windows\system32\perfc005.dat
2009-12-16 20:48 . 2001-10-25 12:00 424356 ----a-w- c:\windows\system32\perfh005.dat
2009-12-07 16:50 . 2009-09-15 19:34 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-02 18:37 . 2009-12-02 18:37 -------- d-----w- c:\program files\WIDCOMM
2009-12-02 14:40 . 2009-12-02 14:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-02 14:40 . 2009-12-01 16:35 -------- d-----w- c:\program files\Java
2009-12-01 16:35 . 2009-12-01 16:35 -------- d-----w- c:\program files\Common Files\Java
2009-11-21 16:45 . 2009-11-21 16:45 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-11-07 17:22 . 2009-10-31 11:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-31 11:51 . 2009-10-31 11:52 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-31 11:51 . 2009-10-31 11:52 29480 ----a-w- c:\windows\system32\msxml3a.dll
.

------- Sigcheck -------

[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\documents and settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-07-14 150768]

[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-14 15:14 150768 ----a-w- c:\documents and settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-04-06 33603584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 142360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-03-24 606208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-02 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech . Registrace produktu.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-23 809488]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2009-11-11 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 15:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=c:\docume~1\ADMINI~1\LOCALS~1\Temp\geih.old 2nHAPKGEHD

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.9.2009 11:50 691696]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/31 12:52];c:\program files\CyberLink\PowerDVD9\000.fcl [28.2.2009 19:40 87536]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15.9.2009 20:34 108289]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23.1.2010 13:21 10384]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [31.8.2009 16:30 1086208]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-13 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4255450112.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 20:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spfy.sys >>UNKNOWN [0x89DC8938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> prosync1.sys @ 0xba5b06c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d12bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d1fa21
SendHandler -> NDIS.sys @ 0xb9cfd87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-776561741-1563985344-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,e1,2b,25,1e,38,03,4c,b8,3d,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,e1,2b,25,1e,38,03,4c,b8,3d,7c,\

[HKEY_USERS\S-1-5-21-776561741-1563985344-1801674531-500\Software\SecuROM\License information*]
"datasecu"=hex:b5,a3,b1,e0,87,4f,46,a4,f0,ae,fb,59,6d,a0,35,70,fb,62,a1,66,59,
f7,09,c5,97,80,fb,9f,22,67,db,28,04,e3,55,13,63,46,13,ee,a9,90,63,2c,39,32,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(592)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\jsproxy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-01-25 20:30:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-25 19:30

Před spuštěním: Volných bajtů: 53 897 084 928
Po spuštění: Volných bajtů: 53 803 053 056

- - End Of File - - 8D0CE833CDB4948C4EAE24DAAF41707E

Re: Prosím o kontrolu logu

Napsal: 25 led 2010 20:46
od Rudy
2 položky smazány, zbytek logu vypadá čistý.

Re: Prosím o kontrolu logu

Napsal: 25 led 2010 21:05
od jindra88
Ještě jsem to pro kontrolu projel antivirakem.
Našlo mi to to stejné, + ještě se objevil nějaký malware.

geih.old - v tomto programu hlásí prve zmíněný virus, po manuálním smazání se tam za pár sekund znovu objeví.

Pro info přikládám log ze scanu:



Avira AntiVir Personal
Report file date: 25. ledna 2010 20:47

Scanning for 1643218 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HOME-COMPIK

Version information:
BUILD.DAT : 9.0.0.418 21723 Bytes 2.12.2009 16:28:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 19.11.2009 17:55:54
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.2.2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.2.2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.2.2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 17:55:54
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 17:55:27
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.1.2010 08:17:03
VBASE003.VDF : 7.10.3.2 2048 Bytes 20.1.2010 08:17:03
VBASE004.VDF : 7.10.3.3 2048 Bytes 20.1.2010 08:17:03
VBASE005.VDF : 7.10.3.4 2048 Bytes 20.1.2010 08:17:03
VBASE006.VDF : 7.10.3.5 2048 Bytes 20.1.2010 08:17:03
VBASE007.VDF : 7.10.3.6 2048 Bytes 20.1.2010 08:17:04
VBASE008.VDF : 7.10.3.7 2048 Bytes 20.1.2010 08:17:04
VBASE009.VDF : 7.10.3.8 2048 Bytes 20.1.2010 08:17:04
VBASE010.VDF : 7.10.3.9 2048 Bytes 20.1.2010 08:17:04
VBASE011.VDF : 7.10.3.10 2048 Bytes 20.1.2010 08:17:04
VBASE012.VDF : 7.10.3.11 2048 Bytes 20.1.2010 08:17:05
VBASE013.VDF : 7.10.3.12 2048 Bytes 20.1.2010 08:17:05
VBASE014.VDF : 7.10.3.45 173568 Bytes 22.1.2010 18:30:18
VBASE015.VDF : 7.10.3.46 2048 Bytes 22.1.2010 18:30:18
VBASE016.VDF : 7.10.3.47 2048 Bytes 22.1.2010 18:30:18
VBASE017.VDF : 7.10.3.48 2048 Bytes 22.1.2010 18:30:18
VBASE018.VDF : 7.10.3.49 2048 Bytes 22.1.2010 18:30:18
VBASE019.VDF : 7.10.3.50 2048 Bytes 22.1.2010 18:30:18
VBASE020.VDF : 7.10.3.51 2048 Bytes 22.1.2010 18:30:18
VBASE021.VDF : 7.10.3.52 2048 Bytes 22.1.2010 18:30:18
VBASE022.VDF : 7.10.3.53 2048 Bytes 22.1.2010 18:30:18
VBASE023.VDF : 7.10.3.54 2048 Bytes 22.1.2010 18:30:19
VBASE024.VDF : 7.10.3.55 2048 Bytes 22.1.2010 18:30:19
VBASE025.VDF : 7.10.3.56 2048 Bytes 22.1.2010 18:30:19
VBASE026.VDF : 7.10.3.57 2048 Bytes 22.1.2010 18:30:19
VBASE027.VDF : 7.10.3.58 2048 Bytes 22.1.2010 18:30:19
VBASE028.VDF : 7.10.3.59 2048 Bytes 22.1.2010 18:30:19
VBASE029.VDF : 7.10.3.60 2048 Bytes 22.1.2010 18:30:19
VBASE030.VDF : 7.10.3.61 2048 Bytes 22.1.2010 18:30:19
VBASE031.VDF : 7.10.3.68 159232 Bytes 25.1.2010 18:30:19
Engineversion : 8.2.1.150
AEVDF.DLL : 8.1.1.3 106868 Bytes 25.1.2010 18:30:20
AESCRIPT.DLL : 8.1.3.12 823675 Bytes 25.1.2010 18:30:20
AESCN.DLL : 8.1.3.1 127348 Bytes 22.1.2010 08:17:28
AESBX.DLL : 8.1.1.1 246132 Bytes 19.11.2009 17:55:54
AERDL.DLL : 8.1.3.4 479605 Bytes 1.12.2009 14:53:49
AEPACK.DLL : 8.2.0.5 422262 Bytes 22.1.2010 08:17:27
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23.7.2009 08:59:39
AEHEUR.DLL : 8.1.0.195 2232695 Bytes 22.1.2010 08:17:25
AEHELP.DLL : 8.1.10.0 237942 Bytes 22.1.2010 08:17:16
AEGEN.DLL : 8.1.1.83 369014 Bytes 22.1.2010 08:17:14
AEEMU.DLL : 8.1.1.0 393587 Bytes 3.10.2009 05:28:01
AECORE.DLL : 8.1.9.5 184693 Bytes 22.1.2010 08:17:11
AEBB.DLL : 8.1.0.3 53618 Bytes 9.10.2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 15.9.2009 19:35:56
AVREP.DLL : 8.0.0.3 155905 Bytes 20.1.2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5.12.2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.3.2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.1.2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.1.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2.2.2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5.12.2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.5.2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 19.11.2009 17:55:53

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Optimised scan......................: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+JOKE,+PFS,+SPR,

Start of the scan: 25. ledna 2010 20:47

Starting search for hidden objects.
'33533' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '67' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Administrator\Dokumenty\Dokumenty\Hudba\MP3\Simple plan\Still Not Getting Any (Limited Edition-2004)\Lyrics\11 - Untitled_soubory\ysb_prompt.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
C:\Documents and Settings\Administrator\Local Settings\temp\geih.old
[DETECTION] Is the TR/Spy.Gen2 Trojan
C:\RECYCLER\S-1-5-21-776561741-1563985344-1801674531-500\Dc1.old
[DETECTION] Is the TR/Spy.Gen2 Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

Beginning disinfection:
C:\Documents and Settings\Administrator\Dokumenty\Dokumenty\Hudba\MP3\Simple plan\Still Not Getting Any (Limited Edition-2004)\Lyrics\11 - Untitled_soubory\ysb_prompt.htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4bbff931.qua'!
C:\Documents and Settings\Administrator\Local Settings\temp\geih.old
[DETECTION] Is the TR/Spy.Gen2 Trojan
[NOTE] The file was moved to '4bc6f924.qua'!
C:\RECYCLER\S-1-5-21-776561741-1563985344-1801674531-500\Dc1.old
[DETECTION] Is the TR/Spy.Gen2 Trojan
[NOTE] The file was moved to '4b8ef922.qua'!


End of the scan: 25. ledna 2010 21:02
Used time: 13:37 Minute(s)

The scan has been done completely.

5003 Scanned directories
207160 Files were scanned
2 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
207155 Files not concerned
1354 Archives were scanned
2 Warnings
4 Notes
33533 Objects were scanned with rootkit scan
0 Hidden objects were found

Re: Prosím o kontrolu logu

Napsal: 25 led 2010 21:10
od Rudy
Ano. AV dal infikované objekty do karantény.

Re: Prosím o kontrolu logu

Napsal: 25 led 2010 21:27
od jindra88
Projel jsem to ještě jednou, AV našel opět ten soubor geih.old. Pak jsem zkusil reset.
Po restartu Pc mi ihned vyběhne asi 3-8 varoných oken s nalezením výšše uvedeného viru.

Re: Prosím o kontrolu logu

Napsal: 25 led 2010 21:31
od Rudy
Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Ten by ho měl sejmout.

Re: Prosím o kontrolu logu

Napsal: 26 led 2010 17:23
od jindra88
Mnohokrát děkuji,problém byl úspěšně vyřešen :) !!

Re: Prosím o kontrolu logu

Napsal: 26 led 2010 19:30
od Rudy
Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz