Zdravim,
na pc se objevil vir, ktery hned po nabehnuti systemu shodi services.exe a zacne odpocet -1:00 a rr pc.
Tady je log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:31, on 7.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\Temp\wpv021254042811.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Seiko Instruments USA Inc\Smart Label Printer 6.7\slpcap.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\TEMP\CAC2.tmp
C:\WINDOWS\TEMP\CAC2.tmp
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\Temp\wpv021254042811.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Startup: rncsys32.exe
O4 - Global Startup: SmartCapture.lnk = C:\Program Files\Seiko Instruments USA Inc\Smart Label Printer 6.7\slpcap.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\Documents and Settings\All Users\Data aplikací\AOL\ieToolbar\resources\cs-CZ\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {e59eb121-f339-4851-a3ba-fe49c35617c2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {e59eb121-f339-4851-a3ba-fe49c35617c2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=CS_CZ&c=74&bd=smb&pf=desktop
O16 - DPF: {672ee252-d813-4f5e-81bb-5dd163dd4fa5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... b?3,13,3,0
O16 - DPF: {8100d56a-5661-482c-bee8-afece305d968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/4 ... oader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = etxprag.cz
O17 - HKLM\Software\..\Telephony: DomainName = etxprag.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = etxprag.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = etxprag.cz
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: TuneUp Drive Defrag Service (tuneup.defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (tuneup.programstatisticssvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 10106 bytes
Diky za pomoc
Vir --> pada services.exe
Vir --> pada services.exe
Intel Core i7-7700HQ, CPU @2.8 GHz, 16GB RAM, Intel HD Graphics 630, G-Force GTX 1050Ti, SSD 256GB + 1TB, WIN 10 64bit
Re: Vir --> pada services.exe
Ahoj, mas to poriadne zasvinene...
Start -> Spustit -> (napis) shutdown -a
Enter.
Potom:
1) Stiahni ComboFix - NESPUSTAT.
2) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Start -> Spustit -> (napis) shutdown -a
Enter.
Potom:
1) Stiahni ComboFix - NESPUSTAT.
2) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Kód: Vybrat vše
KillAll::
StepDel::Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Vir --> pada services.exe
ComboFix 09-12-06.A3 - mra 07.12.2009 13:12.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1654 [GMT 1:00]
Spuštěný z: c:\documents and settings\mra\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mra\Plocha\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1533311619-2127984236-1632583058-500
C:\LOG.TXT
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\recycler\S-1-5-21-1533311619-2127984236-1632583058-500\desktop.ini
c:\recycler\S-1-5-21-1533311619-2127984236-1632583058-500\INFO2
c:\windows\system32\_id.dat
c:\windows\system32\crypts.dll
c:\windows\system32\drivers\str.sys
c:\windows\system32\servises.exe
c:\windows\system32\update30126562.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-07 do 2009-12-07 )))))))))))))))))))))))))))))))
.
2009-12-07 08:23 . 2009-12-07 08:23 -------- d-----w- c:\program files\Trend Micro
2009-12-07 08:20 . 2009-12-07 08:20 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-07 08:20 . 2009-11-16 11:25 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-07 08:20 . 2009-12-07 08:20 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-04 10:03 . 2009-12-04 10:03 -------- d-----w- c:\program files\Ask.com
2009-12-04 09:59 . 2009-12-04 10:03 -------- d-----w- c:\program files\The KMPlayer
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 12:12 . 2009-05-22 10:01 -------- d-----w- c:\program files\pdfforge Toolbar
2009-12-07 12:08 . 2009-06-17 06:20 0 ----a-w- c:\windows\system32\drivers\6338f7dc.sys
2009-12-07 08:20 . 2009-02-19 07:23 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-11-13 12:11 . 2009-07-15 06:19 -------- d-----w- c:\program files\ICQ6.5
2009-11-03 09:31 . 2009-11-03 09:31 -------- d-----w- c:\program files\Software602
2009-10-25 16:36 . 2006-05-04 15:29 487794 ----a-w- c:\windows\system32\perfh005.dat
2009-10-25 16:36 . 2006-05-04 15:29 101264 ----a-w- c:\windows\system32\perfc005.dat
2009-10-12 06:09 . 2009-10-12 06:09 -------- d-----w- c:\program files\Common Files\NewSoft
2009-10-12 06:08 . 2009-10-12 06:08 -------- d-----w- c:\program files\NewSoft
2009-10-12 06:08 . 2008-06-30 15:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-12 06:07 . 2009-10-12 06:07 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-10-12 06:07 . 2008-06-30 15:52 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-12 06:07 . 2009-10-12 06:07 -------- d-----w- c:\program files\ScanSoft
2009-10-08 06:57 . 2006-05-04 15:16 2998 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-08 06:57 . 2006-05-04 15:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-05-04 14:32 650752 ----a-w- c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4027c7f-154a-4066-a1ad-4243d8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-05-04 650752]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-26 137752]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-03-30 970240]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\mra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ikowin32.exe [2008-4-14 30208]
rncsys32.exe [2008-4-14 20480]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
SmartCapture.lnk - c:\program files\Seiko Instruments USA Inc\Smart Label Printer 6.7\slpcap.exe [2008-4-28 58720]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-515967899-73586283-682003330-1117\Scripts\logon\0\0]
"Script"=printerScript.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-515967899-73586283-682003330-1117\Scripts\logon\1\0]
"Script"=LogonScript.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [13.4.2008 16:12 540184]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1.10.2006 13:37 26624]
S1 6338f7dc;6338f7dc;c:\windows\system32\drivers\6338f7dc.sys [17.6.2009 7:20 0]
S2 qeutggbapzyv;qeutggbapzyv;\??\c:\windows\system32\drivers\aaddzl.sys --> c:\windows\system32\drivers\aaddzl.sys [?]
S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\SMINST\virtdisk.sys [13.4.2008 16:12 57344]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\documents and settings\All Users\Data aplikací\AOL\ieToolbar\resources\cs-CZ\local\search.html
DPF: {672ee252-d813-4f5e-81bb-5dd163dd4fa5} - hxxps://www.mojedatovaschranka.cz/stati ... b?3,13,3,0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-VWS - c:\windows\IsUn0405.exe -fc:\program files\KSR\VWS\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 13:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\system32\wuauclt.exe.wusetup.136640.bak 51224 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.138203.bak 1809944 bytes executable
sken byl úspešně dokončen
skryté soubory: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3248)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
.
**************************************************************************
.
Celkový čas: 2009-12-07 13:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-07 12:19
Před spuštěním: Volných bajtů: 109 572 554 752
Po spuštění: Volných bajtů: 109 857 304 576
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - EC26940DE0D825C77CEB20F56B9CFD91
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1654 [GMT 1:00]
Spuštěný z: c:\documents and settings\mra\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mra\Plocha\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1533311619-2127984236-1632583058-500
C:\LOG.TXT
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\recycler\S-1-5-21-1533311619-2127984236-1632583058-500\desktop.ini
c:\recycler\S-1-5-21-1533311619-2127984236-1632583058-500\INFO2
c:\windows\system32\_id.dat
c:\windows\system32\crypts.dll
c:\windows\system32\drivers\str.sys
c:\windows\system32\servises.exe
c:\windows\system32\update30126562.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-07 do 2009-12-07 )))))))))))))))))))))))))))))))
.
2009-12-07 08:23 . 2009-12-07 08:23 -------- d-----w- c:\program files\Trend Micro
2009-12-07 08:20 . 2009-12-07 08:20 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-07 08:20 . 2009-11-16 11:25 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-07 08:20 . 2009-12-07 08:20 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-04 10:03 . 2009-12-04 10:03 -------- d-----w- c:\program files\Ask.com
2009-12-04 09:59 . 2009-12-04 10:03 -------- d-----w- c:\program files\The KMPlayer
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 12:12 . 2009-05-22 10:01 -------- d-----w- c:\program files\pdfforge Toolbar
2009-12-07 12:08 . 2009-06-17 06:20 0 ----a-w- c:\windows\system32\drivers\6338f7dc.sys
2009-12-07 08:20 . 2009-02-19 07:23 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-11-13 12:11 . 2009-07-15 06:19 -------- d-----w- c:\program files\ICQ6.5
2009-11-03 09:31 . 2009-11-03 09:31 -------- d-----w- c:\program files\Software602
2009-10-25 16:36 . 2006-05-04 15:29 487794 ----a-w- c:\windows\system32\perfh005.dat
2009-10-25 16:36 . 2006-05-04 15:29 101264 ----a-w- c:\windows\system32\perfc005.dat
2009-10-12 06:09 . 2009-10-12 06:09 -------- d-----w- c:\program files\Common Files\NewSoft
2009-10-12 06:08 . 2009-10-12 06:08 -------- d-----w- c:\program files\NewSoft
2009-10-12 06:08 . 2008-06-30 15:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-12 06:07 . 2009-10-12 06:07 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-10-12 06:07 . 2008-06-30 15:52 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-12 06:07 . 2009-10-12 06:07 -------- d-----w- c:\program files\ScanSoft
2009-10-08 06:57 . 2006-05-04 15:16 2998 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-08 06:57 . 2006-05-04 15:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-05-04 14:32 650752 ----a-w- c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4027c7f-154a-4066-a1ad-4243d8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-05-04 650752]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-26 137752]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-03-30 970240]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\mra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ikowin32.exe [2008-4-14 30208]
rncsys32.exe [2008-4-14 20480]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
SmartCapture.lnk - c:\program files\Seiko Instruments USA Inc\Smart Label Printer 6.7\slpcap.exe [2008-4-28 58720]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-515967899-73586283-682003330-1117\Scripts\logon\0\0]
"Script"=printerScript.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-515967899-73586283-682003330-1117\Scripts\logon\1\0]
"Script"=LogonScript.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [13.4.2008 16:12 540184]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1.10.2006 13:37 26624]
S1 6338f7dc;6338f7dc;c:\windows\system32\drivers\6338f7dc.sys [17.6.2009 7:20 0]
S2 qeutggbapzyv;qeutggbapzyv;\??\c:\windows\system32\drivers\aaddzl.sys --> c:\windows\system32\drivers\aaddzl.sys [?]
S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\SMINST\virtdisk.sys [13.4.2008 16:12 57344]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\documents and settings\All Users\Data aplikací\AOL\ieToolbar\resources\cs-CZ\local\search.html
DPF: {672ee252-d813-4f5e-81bb-5dd163dd4fa5} - hxxps://www.mojedatovaschranka.cz/stati ... b?3,13,3,0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-VWS - c:\windows\IsUn0405.exe -fc:\program files\KSR\VWS\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 13:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\system32\wuauclt.exe.wusetup.136640.bak 51224 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.138203.bak 1809944 bytes executable
sken byl úspešně dokončen
skryté soubory: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3248)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
.
**************************************************************************
.
Celkový čas: 2009-12-07 13:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-07 12:19
Před spuštěním: Volných bajtů: 109 572 554 752
Po spuštění: Volných bajtů: 109 857 304 576
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - EC26940DE0D825C77CEB20F56B9CFD91
Intel Core i7-7700HQ, CPU @2.8 GHz, 16GB RAM, Intel HD Graphics 630, G-Force GTX 1050Ti, SSD 256GB + 1TB, WIN 10 64bit
Re: Vir --> pada services.exe
Prosím o pomoc :(
Intel Core i7-7700HQ, CPU @2.8 GHz, 16GB RAM, Intel HD Graphics 630, G-Force GTX 1050Ti, SSD 256GB + 1TB, WIN 10 64bit
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Vir --> pada services.exe
Budeš muset počkat až přijde píťa 
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Vir --> pada services.exe
Je zbytocne pomahat, kym nenainstalujes poriadny antivirus - bordel by bol raz-dva spat. Cize pokial nechces platit a kupit si nieco spickove, nainstaluj Aviru, prescanuj cely PC a potom sa ozvi. Dostanes nove instrukcie 
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Vir --> pada services.exe
nainstalovano,report prikladam :
Avira AntiVir Personal
Report file date: 8. prosince 2009 08:08
Scanning for 1422043 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : P2MRA
Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 29.7.2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21.7.2009 13:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.2.2009 10:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.2.2009 11:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.2.2009 10:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 07:07:19
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 07:07:23
VBASE002.VDF : 7.10.1.1 2048 Bytes 19.11.2009 07:07:23
VBASE003.VDF : 7.10.1.2 2048 Bytes 19.11.2009 07:07:23
VBASE004.VDF : 7.10.1.3 2048 Bytes 19.11.2009 07:07:23
VBASE005.VDF : 7.10.1.4 2048 Bytes 19.11.2009 07:07:23
VBASE006.VDF : 7.10.1.5 2048 Bytes 19.11.2009 07:07:23
VBASE007.VDF : 7.10.1.6 2048 Bytes 19.11.2009 07:07:23
VBASE008.VDF : 7.10.1.7 2048 Bytes 19.11.2009 07:07:23
VBASE009.VDF : 7.10.1.8 2048 Bytes 19.11.2009 07:07:23
VBASE010.VDF : 7.10.1.9 2048 Bytes 19.11.2009 07:07:23
VBASE011.VDF : 7.10.1.10 2048 Bytes 19.11.2009 07:07:23
VBASE012.VDF : 7.10.1.11 2048 Bytes 19.11.2009 07:07:23
VBASE013.VDF : 7.10.1.79 209920 Bytes 25.11.2009 07:07:24
VBASE014.VDF : 7.10.1.128 197632 Bytes 30.11.2009 07:07:25
VBASE015.VDF : 7.10.1.178 195584 Bytes 7.12.2009 07:07:26
VBASE016.VDF : 7.10.1.179 2048 Bytes 7.12.2009 07:07:26
VBASE017.VDF : 7.10.1.180 2048 Bytes 7.12.2009 07:07:26
VBASE018.VDF : 7.10.1.181 2048 Bytes 7.12.2009 07:07:26
VBASE019.VDF : 7.10.1.182 2048 Bytes 7.12.2009 07:07:26
VBASE020.VDF : 7.10.1.183 2048 Bytes 7.12.2009 07:07:26
VBASE021.VDF : 7.10.1.184 2048 Bytes 7.12.2009 07:07:26
VBASE022.VDF : 7.10.1.185 2048 Bytes 7.12.2009 07:07:26
VBASE023.VDF : 7.10.1.186 2048 Bytes 7.12.2009 07:07:26
VBASE024.VDF : 7.10.1.187 2048 Bytes 7.12.2009 07:07:26
VBASE025.VDF : 7.10.1.188 2048 Bytes 7.12.2009 07:07:26
VBASE026.VDF : 7.10.1.189 2048 Bytes 7.12.2009 07:07:26
VBASE027.VDF : 7.10.1.190 2048 Bytes 7.12.2009 07:07:26
VBASE028.VDF : 7.10.1.191 2048 Bytes 7.12.2009 07:07:26
VBASE029.VDF : 7.10.1.192 2048 Bytes 7.12.2009 07:07:26
VBASE030.VDF : 7.10.1.193 2048 Bytes 7.12.2009 07:07:26
VBASE031.VDF : 7.10.1.194 19456 Bytes 7.12.2009 07:07:26
Engineversion : 8.2.1.102
AEVDF.DLL : 8.1.1.2 106867 Bytes 8.12.2009 07:07:34
AESCRIPT.DLL : 8.1.2.45 586108 Bytes 8.12.2009 07:07:34
AESCN.DLL : 8.1.2.5 127346 Bytes 8.12.2009 07:07:34
AESBX.DLL : 8.1.1.1 246132 Bytes 8.12.2009 07:07:35
AERDL.DLL : 8.1.3.4 479605 Bytes 8.12.2009 07:07:33
AEPACK.DLL : 8.2.0.3 422261 Bytes 8.12.2009 07:07:32
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23.7.2009 09:59:39
AEHEUR.DLL : 8.1.0.186 2183544 Bytes 8.12.2009 07:07:31
AEHELP.DLL : 8.1.8.0 237942 Bytes 8.12.2009 07:07:28
AEGEN.DLL : 8.1.1.80 364917 Bytes 8.12.2009 07:07:28
AEEMU.DLL : 8.1.1.0 393587 Bytes 8.12.2009 07:07:27
AECORE.DLL : 8.1.8.5 180598 Bytes 8.12.2009 07:07:27
AEBB.DLL : 8.1.0.3 53618 Bytes 9.10.2008 14:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 08:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 5.12.2008 10:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20.1.2009 14:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5.12.2008 10:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.3.2009 15:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.1.2009 10:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.1.2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2.2.2009 08:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5.12.2008 10:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.5.2009 15:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17.4.2009 10:19:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: 8. prosince 2009 08:08
Starting search for hidden objects.
'46622' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'MRT.exe' - '1' Module(s) have been scanned
Scan process 'mrtstub.exe' - '1' Module(s) have been scanned
Scan process 'windows-kb890830-v3.1.exe' - '1' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slpcap.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'WrtProc.exe' - '1' Module(s) have been scanned
Scan process 'WrtMon.exe' - '1' Module(s) have been scanned
Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned
Scan process 'Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'pdfsty.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'TUProgSt.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'pdfsvc.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
49 processes with 49 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '69' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\mra\Plocha\kbr_autowert_zaloha\00632837.TMP
[0] Archive type: CAB (Microsoft)
--> system.dat
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\kbr\00632837.TMP
[0] Archive type: CAB (Microsoft)
--> system.dat
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Qoobox\Quarantine\C\WINDOWS\system32\crypts.dll.vir
[DETECTION] Is the TR/Dldr.Agent.ORH Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\servises.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\update30126562.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP272\A0032477.dll
[DETECTION] Is the TR/Dldr.Agent.ORH Trojan
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP272\A0032479.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP272\A0032482.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP273\A0032700.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP273\A0032701.exe
[DETECTION] Is the TR/Dldr.Agent.HBR.2 Trojan
Begin scan in 'D:\' <HP_RECOVERY>
Beginning disinfection:
C:\Qoobox\Quarantine\C\WINDOWS\system32\crypts.dll.vir
[DETECTION] Is the TR/Dldr.Agent.ORH Trojan
[NOTE] The file was moved to '4b9704a7.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\servises.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b90049a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\update30126562.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b8204a5.qua'!
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP272\A0032477.dll
[DETECTION] Is the TR/Dldr.Agent.ORH Trojan
[NOTE] The file was moved to '4b4e0466.qua'!
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP272\A0032479.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '48b8fe7f.qua'!
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP272\A0032482.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4a22fd9f.qua'!
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP273\A0032700.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '48b41517.qua'!
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP273\A0032701.exe
[DETECTION] Is the TR/Dldr.Agent.HBR.2 Trojan
[NOTE] The file was moved to '48bfde8f.qua'!
End of the scan: 8. prosince 2009 08:45
Used time: 30:46 Minute(s)
The scan has been done completely.
6281 Scanned directories
332879 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
8 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
332869 Files not concerned
7756 Archives were scanned
6 Warnings
10 Notes
46622 Objects were scanned with rootkit scan
0 Hidden objects were found
Avira AntiVir Personal
Report file date: 8. prosince 2009 08:08
Scanning for 1422043 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : P2MRA
Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 29.7.2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21.7.2009 13:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.2.2009 10:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.2.2009 11:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.2.2009 10:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 07:07:19
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 07:07:23
VBASE002.VDF : 7.10.1.1 2048 Bytes 19.11.2009 07:07:23
VBASE003.VDF : 7.10.1.2 2048 Bytes 19.11.2009 07:07:23
VBASE004.VDF : 7.10.1.3 2048 Bytes 19.11.2009 07:07:23
VBASE005.VDF : 7.10.1.4 2048 Bytes 19.11.2009 07:07:23
VBASE006.VDF : 7.10.1.5 2048 Bytes 19.11.2009 07:07:23
VBASE007.VDF : 7.10.1.6 2048 Bytes 19.11.2009 07:07:23
VBASE008.VDF : 7.10.1.7 2048 Bytes 19.11.2009 07:07:23
VBASE009.VDF : 7.10.1.8 2048 Bytes 19.11.2009 07:07:23
VBASE010.VDF : 7.10.1.9 2048 Bytes 19.11.2009 07:07:23
VBASE011.VDF : 7.10.1.10 2048 Bytes 19.11.2009 07:07:23
VBASE012.VDF : 7.10.1.11 2048 Bytes 19.11.2009 07:07:23
VBASE013.VDF : 7.10.1.79 209920 Bytes 25.11.2009 07:07:24
VBASE014.VDF : 7.10.1.128 197632 Bytes 30.11.2009 07:07:25
VBASE015.VDF : 7.10.1.178 195584 Bytes 7.12.2009 07:07:26
VBASE016.VDF : 7.10.1.179 2048 Bytes 7.12.2009 07:07:26
VBASE017.VDF : 7.10.1.180 2048 Bytes 7.12.2009 07:07:26
VBASE018.VDF : 7.10.1.181 2048 Bytes 7.12.2009 07:07:26
VBASE019.VDF : 7.10.1.182 2048 Bytes 7.12.2009 07:07:26
VBASE020.VDF : 7.10.1.183 2048 Bytes 7.12.2009 07:07:26
VBASE021.VDF : 7.10.1.184 2048 Bytes 7.12.2009 07:07:26
VBASE022.VDF : 7.10.1.185 2048 Bytes 7.12.2009 07:07:26
VBASE023.VDF : 7.10.1.186 2048 Bytes 7.12.2009 07:07:26
VBASE024.VDF : 7.10.1.187 2048 Bytes 7.12.2009 07:07:26
VBASE025.VDF : 7.10.1.188 2048 Bytes 7.12.2009 07:07:26
VBASE026.VDF : 7.10.1.189 2048 Bytes 7.12.2009 07:07:26
VBASE027.VDF : 7.10.1.190 2048 Bytes 7.12.2009 07:07:26
VBASE028.VDF : 7.10.1.191 2048 Bytes 7.12.2009 07:07:26
VBASE029.VDF : 7.10.1.192 2048 Bytes 7.12.2009 07:07:26
VBASE030.VDF : 7.10.1.193 2048 Bytes 7.12.2009 07:07:26
VBASE031.VDF : 7.10.1.194 19456 Bytes 7.12.2009 07:07:26
Engineversion : 8.2.1.102
AEVDF.DLL : 8.1.1.2 106867 Bytes 8.12.2009 07:07:34
AESCRIPT.DLL : 8.1.2.45 586108 Bytes 8.12.2009 07:07:34
AESCN.DLL : 8.1.2.5 127346 Bytes 8.12.2009 07:07:34
AESBX.DLL : 8.1.1.1 246132 Bytes 8.12.2009 07:07:35
AERDL.DLL : 8.1.3.4 479605 Bytes 8.12.2009 07:07:33
AEPACK.DLL : 8.2.0.3 422261 Bytes 8.12.2009 07:07:32
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23.7.2009 09:59:39
AEHEUR.DLL : 8.1.0.186 2183544 Bytes 8.12.2009 07:07:31
AEHELP.DLL : 8.1.8.0 237942 Bytes 8.12.2009 07:07:28
AEGEN.DLL : 8.1.1.80 364917 Bytes 8.12.2009 07:07:28
AEEMU.DLL : 8.1.1.0 393587 Bytes 8.12.2009 07:07:27
AECORE.DLL : 8.1.8.5 180598 Bytes 8.12.2009 07:07:27
AEBB.DLL : 8.1.0.3 53618 Bytes 9.10.2008 14:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 08:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 5.12.2008 10:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20.1.2009 14:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5.12.2008 10:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.3.2009 15:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.1.2009 10:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.1.2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2.2.2009 08:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5.12.2008 10:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.5.2009 15:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17.4.2009 10:19:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: 8. prosince 2009 08:08
Starting search for hidden objects.
'46622' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'MRT.exe' - '1' Module(s) have been scanned
Scan process 'mrtstub.exe' - '1' Module(s) have been scanned
Scan process 'windows-kb890830-v3.1.exe' - '1' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slpcap.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'WrtProc.exe' - '1' Module(s) have been scanned
Scan process 'WrtMon.exe' - '1' Module(s) have been scanned
Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned
Scan process 'Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'pdfsty.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'TUProgSt.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'pdfsvc.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
49 processes with 49 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '69' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\mra\Plocha\kbr_autowert_zaloha\00632837.TMP
[0] Archive type: CAB (Microsoft)
--> system.dat
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\kbr\00632837.TMP
[0] Archive type: CAB (Microsoft)
--> system.dat
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Qoobox\Quarantine\C\WINDOWS\system32\crypts.dll.vir
[DETECTION] Is the TR/Dldr.Agent.ORH Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\servises.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\update30126562.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP272\A0032477.dll
[DETECTION] Is the TR/Dldr.Agent.ORH Trojan
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP272\A0032479.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP272\A0032482.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP273\A0032700.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP273\A0032701.exe
[DETECTION] Is the TR/Dldr.Agent.HBR.2 Trojan
Begin scan in 'D:\' <HP_RECOVERY>
Beginning disinfection:
C:\Qoobox\Quarantine\C\WINDOWS\system32\crypts.dll.vir
[DETECTION] Is the TR/Dldr.Agent.ORH Trojan
[NOTE] The file was moved to '4b9704a7.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\servises.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b90049a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\update30126562.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b8204a5.qua'!
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP272\A0032477.dll
[DETECTION] Is the TR/Dldr.Agent.ORH Trojan
[NOTE] The file was moved to '4b4e0466.qua'!
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP272\A0032479.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '48b8fe7f.qua'!
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP272\A0032482.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4a22fd9f.qua'!
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP273\A0032700.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '48b41517.qua'!
C:\System Volume Information\_restore{EAE0B337-6EFF-4E83-916B-17B10367CCD1}\RP273\A0032701.exe
[DETECTION] Is the TR/Dldr.Agent.HBR.2 Trojan
[NOTE] The file was moved to '48bfde8f.qua'!
End of the scan: 8. prosince 2009 08:45
Used time: 30:46 Minute(s)
The scan has been done completely.
6281 Scanned directories
332879 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
8 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
332869 Files not concerned
7756 Archives were scanned
6 Warnings
10 Notes
46622 Objects were scanned with rootkit scan
0 Hidden objects were found
Intel Core i7-7700HQ, CPU @2.8 GHz, 16GB RAM, Intel HD Graphics 630, G-Force GTX 1050Ti, SSD 256GB + 1TB, WIN 10 64bit
Re: Vir --> pada services.exe
kde to vázne Pííťo ?:P
Intel Core i7-7700HQ, CPU @2.8 GHz, 16GB RAM, Intel HD Graphics 630, G-Force GTX 1050Ti, SSD 256GB + 1TB, WIN 10 64bit
Re: Vir --> pada services.exe
Viazne to u mna, tiez som len clovek...
Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Toto poznas?
Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Kód: Vybrat vše
KillAll::
Folder::
c:\program files\Ask.com
c:\program files\pdfforge Toolbar
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
File::
c:\documents and settings\mra\Nabídka Start\Programy\Po spuštění\ikowin32.exe
c:\documents and settings\mra\Nabídka Start\Programy\Po spuštění\rncsys32.exe
Driver::
6338f7dc
qeutggbapzyv
Rootkit::
c:\windows\system32\drivers\6338f7dc.sys
c:\windows\system32\drivers\aaddzl.sys
DDS::
DPF: {672ee252-d813-4f5e-81bb-5dd163dd4fa5} - hxxps://www.mojedatovaschranka.cz/stati ... b?3,13,3,0Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Toto poznas?
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-515967899-73586283-682003330-1117\Scripts\logon\0\0]
"Script"=printerScript.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-515967899-73586283-682003330-1117\Scripts\logon\1\0]
"Script"=LogonScript.bat
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 29 hostů