Logfile of random's system information tool 1.06 (written by random/random)
Run by shl at 2010-03-06 20:14:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (48%) free of 30 GB
Total RAM: 3036 MB (80% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-29 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-29 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-07-02 2215960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-07-02 2215960]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"AccelerometerSysTrayApplet"=c:\WINDOWS\System32\accelerometerST.exe [2009-01-22 82488]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-11-28 2052096]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-07-23 498744]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-07-27 288312]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-29 1545512]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-07-20 1044480]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2008-07-25 888832]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-04-09 2029640]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-29 149280]
"RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-04-27 87336]
"PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-05-07 75048]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"WTClient"=C:\WINDOWS\system32\WTClient.exe [2007-04-11 40960]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"NodEnabler"=C:\Program Files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe [2009-04-08 357521]
"WinUpdate"=C:\Documents and Settings\shl\Local Settings\Application Data\Windows Update\svchost.exe [2009-04-01 33792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-11-29 4608]
"WinUpdate"=C:\Documents and Settings\shl\Local Settings\Application Data\Windows Update\svchost.exe [2009-04-01 33792]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-03-06 3037696]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\shl\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e515d5f2-27cf-11df-a1c2-0027133989f6}]
shell\AutoRun\command - G:\USBManager.exe
shell\open\command - G:\USBManager.exe
======List of files/folders created in the last 1 months======
2010-03-06 20:14:59 ----D---- C:\rsit
2010-03-06 20:14:59 ----D---- C:\Program Files\trend micro
2010-03-06 19:50:13 ----D---- C:\Documents and Settings\shl\Application Data\Spyware Terminator
2010-03-06 19:50:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-03-06 19:50:10 ----D---- C:\Program Files\Spyware Terminator
======List of files/folders modified in the last 1 months======
2010-03-06 20:14:59 ----RD---- C:\Program Files
2010-03-06 20:13:09 ----A---- C:\Documents and Settings\All Users\Application Data\HPWALog.txt
2010-03-06 19:57:42 ----D---- C:\WINDOWS\system32\config
2010-03-06 19:52:42 ----D---- C:\WINDOWS\Prefetch
2010-03-06 19:52:37 ----D---- C:\WINDOWS\Temp
2010-03-06 19:50:16 ----D---- C:\WINDOWS\system32\drivers
2010-03-06 18:52:17 ----D---- C:\WINDOWS\system32
2010-03-06 18:52:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-06 18:50:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-06 18:48:10 ----D---- C:\WINDOWS
2010-03-06 00:51:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-04 22:24:08 ----SHD---- C:\WINDOWS\Installer
2010-03-04 20:37:14 ----D---- C:\Program Files\SpeedFan
2010-03-04 20:37:02 ----SHD---- C:\WINDOWS\CSC
2010-02-24 10:35:22 ----D---- C:\Program Files\Mozilla Firefox
2010-02-18 00:12:48 ----A---- C:\WINDOWS\win.ini
2010-02-16 19:08:07 ----D---- C:\Program Files\PaintTool SAI English Pack
2010-02-14 13:36:00 ----D---- C:\Program Files\ESET
2010-02-11 14:43:57 ----A---- C:\WINDOWS\NeroDigital.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-04-09 55768]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/29 18:45:39]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-11-29 271360]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-04-09 113960]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-04-09 133000]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-11-29 18048]
R3 5U876UVC;HP Webcam [2 MP series]; C:\WINDOWS\system32\DRIVERS\5U876.sys [2009-06-30 118656]
R3 Accelerometer;HP Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2008-05-23 28592]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2009-07-20 339456]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2009-03-12 112896]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-10-29 1204128]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-04-01 93184]
R3 BCM43XX;Broadcom 802.11 - ovládac sietového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-11-28 1735296]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2009-01-14 534568]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2009-01-14 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-01-14 991656]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2009-01-14 156816]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-01-14 47272]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-04-09 33096]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 PTSimBus;PenTablet Bus Enumerator; C:\WINDOWS\system32\DRIVERS\PTSimBus.sys [2007-06-07 18944]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-07-29 213680]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2009-07-17 297728]
S3 af06tnoc;af06tnoc; C:\WINDOWS\system32\drivers\af06tnoc.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\shl\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PTSimHid;PenTablet Simulated HID MiniDriver; C:\WINDOWS\System32\Drivers\PTSimHid.sys [2007-04-23 10752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys []
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2007-04-23 18432]
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2008-09-08 14848]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 96512]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-12-11 346720]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-29 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-04-27 271760]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-03-06 488960]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2008-06-16 69632]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2009-11-28 25088]
R2 yksvc;Marvell Yukon Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-11-29 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-04-09 20680]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim kontrolu logu, asi nejaky usbmanager.exe
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
tepeyollotl
- Návštěvník
- Příspěvky: 2
- Registrován: 06 bře 2010 20:29
-
Rudy
- Site Admin
- Příspěvky: 119401
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim kontrolu logu, asi nejaky usbmanager.exe
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
tepeyollotl
- Návštěvník
- Příspěvky: 2
- Registrován: 06 bře 2010 20:29
Re: prosim kontrolu logu, asi nejaky usbmanager.exe
ComboFix 10-03-06.07 - shl 07.03.2010 14:37:40.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.2470 [GMT 1:00]
Running from: c:\documents and settings\shl\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.
2010-03-06 19:14 . 2010-03-06 19:15 -------- d-----w- C:\rsit
2010-03-06 19:14 . 2010-03-06 19:14 -------- d-----w- c:\program files\trend micro
2010-03-06 18:50 . 2010-03-06 18:50 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-03-06 18:50 . 2010-03-06 18:50 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-03-06 18:50 . 2010-03-06 18:50 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-06 18:50 . 2010-03-07 13:17 -------- d-----w- c:\documents and settings\shl\Application Data\Spyware Terminator
2010-03-06 18:50 . 2010-03-06 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-03-06 18:50 . 2010-03-06 18:52 -------- d-----w- c:\program files\Spyware Terminator
2010-02-15 17:36 . 2010-02-15 17:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-02-10 15:31 . 2010-03-06 18:16 -------- d-----w- c:\documents and settings\shl\Local Settings\Application Data\Windows Update
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 19:37 . 2010-01-16 15:42 -------- d-----w- c:\program files\SpeedFan
2010-02-16 18:08 . 2010-01-28 19:22 -------- d-----w- c:\program files\PaintTool SAI English Pack
2010-02-14 12:36 . 2009-11-29 17:31 -------- d-----w- c:\program files\ESET
2010-01-28 19:22 . 2010-01-28 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development
2010-01-18 12:07 . 2009-11-29 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-17 13:55 . 2010-01-17 13:55 -------- d-----w- c:\program files\Verdict Free
2010-01-17 11:46 . 2010-01-17 11:43 -------- d-----w- c:\program files\ABC Transdict
2010-01-17 11:30 . 2010-01-17 11:18 -------- d-----w- c:\program files\Softick
2010-01-09 00:31 . 2010-01-08 23:55 -------- d-----w- c:\program files\Kyodai Mahjongg 2006
2009-12-28 17:59 . 2009-11-28 17:51 70024 ----a-w- c:\documents and settings\shl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-26 13:17 . 2009-11-28 17:23 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-26 13:17 . 2009-11-28 17:23 4054 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
.
((((((((((((((((((((((((((((( SnapShot@2010-03-07_13.24.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2010-03-07 13:16 59842 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-03-07 13:25 59842 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-03-07 13:25 395768 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-03-07 13:16 395768 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_P.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-11-29 4608]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-06 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AccelerometerSysTrayApplet"="c:\windows\System32\accelerometerST.exe" [2009-01-22 82488]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-11-28 2052096]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-07-20 1044480]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-29 149280]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NodEnabler"="c:\program files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe" [2009-04-08 357521]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\shl\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 11:14 AM 24064]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/9/2009 3:18 PM 107256]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3/6/2010 7:50 PM 142592]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/29 18:45];c:\program files\CyberLink\PowerDVD9\000.fcl [5/7/2009 9:05 PM 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [4/9/2009 3:19 PM 731840]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11/29/2009 6:52 PM 222968]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [8/23/2001 1:00 PM 14336]
R3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\drivers\5U876.sys [11/28/2009 9:39 PM 118656]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [11/30/2009 8:15 PM 18944]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/29/2009 10:31 PM 716272]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/28/2009 9:40 PM 228408]
S3 cpuz130;cpuz130;\??\c:\docume~1\shl\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\shl\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [11/30/2009 8:15 PM 10752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\shl\Application Data\Mozilla\Firefox\Profiles\b77whx15.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1292428093-1004336348-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BBF8A54B-3BEF-546B-6B7A-57D5ED5250B3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"paicejcfjeblanhfnneljebonckaopii"=hex:6a,61,6e,6b,6b,6c,6a,6d,63,64,6f,66,68,
67,6c,68,61,6e,6c,61,00,00
"oacbggjgbjlgpcoldjbjkfeffjfime"=hex:6a,61,6e,6b,6b,6c,6a,6d,63,64,6f,66,68,67,
6c,68,61,6e,6c,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1552)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-07 14:39:48
ComboFix-quarantined-files.txt 2010-03-07 13:39
ComboFix2.txt 2010-03-07 13:25
Pre-Run: 15 134 457 856 bytes free
Post-Run: 15 113 891 840 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5254D515A9D65B9F2FF0FD94736ED75E
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.2470 [GMT 1:00]
Running from: c:\documents and settings\shl\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.
2010-03-06 19:14 . 2010-03-06 19:15 -------- d-----w- C:\rsit
2010-03-06 19:14 . 2010-03-06 19:14 -------- d-----w- c:\program files\trend micro
2010-03-06 18:50 . 2010-03-06 18:50 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-03-06 18:50 . 2010-03-06 18:50 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-03-06 18:50 . 2010-03-06 18:50 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-06 18:50 . 2010-03-07 13:17 -------- d-----w- c:\documents and settings\shl\Application Data\Spyware Terminator
2010-03-06 18:50 . 2010-03-06 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-03-06 18:50 . 2010-03-06 18:52 -------- d-----w- c:\program files\Spyware Terminator
2010-02-15 17:36 . 2010-02-15 17:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-02-10 15:31 . 2010-03-06 18:16 -------- d-----w- c:\documents and settings\shl\Local Settings\Application Data\Windows Update
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 19:37 . 2010-01-16 15:42 -------- d-----w- c:\program files\SpeedFan
2010-02-16 18:08 . 2010-01-28 19:22 -------- d-----w- c:\program files\PaintTool SAI English Pack
2010-02-14 12:36 . 2009-11-29 17:31 -------- d-----w- c:\program files\ESET
2010-01-28 19:22 . 2010-01-28 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development
2010-01-18 12:07 . 2009-11-29 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-17 13:55 . 2010-01-17 13:55 -------- d-----w- c:\program files\Verdict Free
2010-01-17 11:46 . 2010-01-17 11:43 -------- d-----w- c:\program files\ABC Transdict
2010-01-17 11:30 . 2010-01-17 11:18 -------- d-----w- c:\program files\Softick
2010-01-09 00:31 . 2010-01-08 23:55 -------- d-----w- c:\program files\Kyodai Mahjongg 2006
2009-12-28 17:59 . 2009-11-28 17:51 70024 ----a-w- c:\documents and settings\shl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-26 13:17 . 2009-11-28 17:23 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-26 13:17 . 2009-11-28 17:23 4054 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
.
((((((((((((((((((((((((((((( SnapShot@2010-03-07_13.24.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2010-03-07 13:16 59842 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-03-07 13:25 59842 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-03-07 13:25 395768 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-03-07 13:16 395768 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_P.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-11-29 4608]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-06 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AccelerometerSysTrayApplet"="c:\windows\System32\accelerometerST.exe" [2009-01-22 82488]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-11-28 2052096]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-07-20 1044480]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-29 149280]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NodEnabler"="c:\program files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe" [2009-04-08 357521]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\shl\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 11:14 AM 24064]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/9/2009 3:18 PM 107256]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3/6/2010 7:50 PM 142592]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/29 18:45];c:\program files\CyberLink\PowerDVD9\000.fcl [5/7/2009 9:05 PM 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [4/9/2009 3:19 PM 731840]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11/29/2009 6:52 PM 222968]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [8/23/2001 1:00 PM 14336]
R3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\drivers\5U876.sys [11/28/2009 9:39 PM 118656]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [11/30/2009 8:15 PM 18944]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/29/2009 10:31 PM 716272]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/28/2009 9:40 PM 228408]
S3 cpuz130;cpuz130;\??\c:\docume~1\shl\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\shl\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [11/30/2009 8:15 PM 10752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\shl\Application Data\Mozilla\Firefox\Profiles\b77whx15.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1292428093-1004336348-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BBF8A54B-3BEF-546B-6B7A-57D5ED5250B3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"paicejcfjeblanhfnneljebonckaopii"=hex:6a,61,6e,6b,6b,6c,6a,6d,63,64,6f,66,68,
67,6c,68,61,6e,6c,61,00,00
"oacbggjgbjlgpcoldjbjkfeffjfime"=hex:6a,61,6e,6b,6b,6c,6a,6d,63,64,6f,66,68,67,
6c,68,61,6e,6c,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1552)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-07 14:39:48
ComboFix-quarantined-files.txt 2010-03-07 13:39
ComboFix2.txt 2010-03-07 13:25
Pre-Run: 15 134 457 856 bytes free
Post-Run: 15 113 891 840 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5254D515A9D65B9F2FF0FD94736ED75E
-
Rudy
- Site Admin
- Příspěvky: 119401
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim kontrolu logu, asi nejaky usbmanager.exe
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\program files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NodEnabler"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e515d5f2-27cf-11df-a1c2-0027133989f6}]
Regnull::
[HKEY_USERS\S-1-5-21-1292428093-1004336348-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BBF8A54B-3BEF-546B-6B7A-57D5ED5250B3}*]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?