trojak Asta-killer

[Lucie Knoblochová]

Ahoj, již nějakou dobu mi Spybot nachází cosi, co označuje jako trojáka a jmenuje se to Asta-Killer (možná se to píše jinak). Přestože to vždycky nechám odstranit, najde mi to znovu. Mohli byste mi pomoci to odstranit? Posílám log z RSITu.

Díky moc,
Lucka

P.S. Žádné jiné programy jako MBAM, CCleaner, Superantipyware, Spyware Terminator nic nanacházejí.



Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-04 18:24:03
Microsoft Windows XP Professional Service Pack 3
System drive F: has 7 GB (5%) free of 131 GB
Total RAM: 255 MB (11% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
F:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-12-02 1192960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - F:\Program Files\AVG\AVG8\avgssie.dll [2009-12-14 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - F:\PROGRA~1\ICQTOO~1\toolbaru.dll []
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - F:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-12-02 1192960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=F:\WINDOWS\SOUNDMAN.EXE [2002-06-18 46592]
"AtiPTA"=F:\WINDOWS\system32\atiptaxx.exe [2002-07-25 290816]
"WinFast Schedule"=F:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2002-09-05 147456]
"WinampAgent"=F:\Program Files\Winamp\winampa.exe [2006-06-21 35328]
"HP Software Update"=F:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"NeroFilterCheck"=F:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=F:\WINDOWS\system32\qttask.exe [2008-02-18 28672]
"GrooveMonitor"=F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SSBkgdUpdate"=F:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=F:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"AVG8_TRAY"=F:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-14 2043160]
"KernelFaultCheck"=F:\WINDOWS\system32\dumprep 0 -k []
"SpywareTerminator"=F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-09-21 2171904]
"WinFastDTV"=F:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2008-07-11 90112]
"ArcSoft Connection Service"=F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264]
"DWQueuedReporting"=F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2008-11-04 435096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=F:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"SpywareTerminatorUpdate"=F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-09-21 3055616]
"WinFast Schedule"=F:\Program Files\WinFast\WFDTV\WFWIZ.exe [2008-06-20 2887680]
"SUPERAntiSpyware"=F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2007-06-21 1318912]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup
Firewall Engine.lnk - F:\WINDOWS\system32\net.exe
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office10\OSA.EXE
SALAMAND.lnk - F:\Program Files\SALAMAND.EXE

F:\Documents and Settings\Administrator\Start Menu\Programs\Startup
OpenOffice.org 2.3.lnk - F:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
F:\WINDOWS\system32\avgrsstx.dll [2009-09-04 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
F:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\ICQLite\ICQLite.exe"="F:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"F:\Program Files\ICQ6\ICQ.exe"="F:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"F:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="F:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"F:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="F:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"F:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="F:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\Program Files\AVG\AVG8\avgupd.exe"="F:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"F:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe"="F:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe:*:Disabled:Sunbelt Kerio Personal Firewall 4 - GUI"
"F:\Program Files\Skype\Phone\Skype.exe"="F:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be91fbc6-0648-11de-8387-0020edb5044d}]
shell\AutoRun\command - opgde.exe
shell\open\command - opgde.exe


======List of files/folders created in the last 3 months======

2010-01-04 18:24:11 ----D---- F:\Program Files\trend micro
2010-01-04 18:24:03 ----D---- F:\rsit
2010-01-03 15:11:44 ----D---- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-03 15:09:46 ----D---- F:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-01-03 15:08:18 ----D---- F:\Program Files\Common Files\Wise Installation Wizard
2009-12-29 20:52:31 ----A---- F:\Program Files\RSIT.exe
2009-12-25 20:27:56 ----D---- F:\Comodo
2009-12-20 23:56:46 ----D---- F:\ab3b0497cee347c7670139bf
2009-12-16 17:52:02 ----D---- F:\Fotoalbum_Norbert
2009-12-13 15:17:15 ----D---- F:\Pohadky
2009-12-13 15:16:08 ----D---- F:\dieta - lepek
2009-12-12 18:32:01 ----D---- F:\Program Files\CCleaner
2009-12-12 18:17:01 ----A---- F:\Program Files\ccsetup226.exe
2009-12-09 19:44:06 ----HDC---- F:\WINDOWS\$NtUninstallKB970430$
2009-12-09 19:43:29 ----HDC---- F:\WINDOWS\$NtUninstallKB974318$
2009-12-09 19:36:41 ----HDC---- F:\WINDOWS\$NtUninstallKB973904$
2009-12-09 19:32:17 ----HDC---- F:\WINDOWS\$NtUninstallKB974392$
2009-12-09 19:31:50 ----HDC---- F:\WINDOWS\$NtUninstallKB971737$
2009-12-06 19:00:50 ----D---- F:\c27bbb9877a6143440b928
2009-12-02 19:00:47 ----D---- F:\68da2f040b2d6591f3
2009-11-29 19:00:53 ----D---- F:\70d4d4b2b13ebb3acc
2009-11-28 21:23:54 ----HDC---- F:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-28 21:21:47 ----HDC---- F:\WINDOWS\$NtUninstallKB973687$
2009-11-18 19:00:40 ----D---- F:\77aecc06d3fc1fd41a9fc1830b3c848b
2009-11-14 19:00:48 ----D---- F:\862d100794816d10fa45672d40bd76
2009-11-11 22:49:56 ----D---- F:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-11-11 22:49:32 ----D---- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-11 22:49:30 ----D---- F:\Program Files\Malwarebytes' Anti-Malware
2009-11-11 22:47:43 ----D---- F:\Program Files\SuperAntispyware
2009-11-11 22:47:30 ----D---- F:\Program Files\RSIT
2009-11-11 22:47:00 ----D---- F:\Program Files\MBAM
2009-11-11 00:01:24 ----HDC---- F:\WINDOWS\$NtUninstallKB969947$
2009-11-01 17:58:07 ----D---- F:\% fotky - dovolená 2008, 2009 Vláďa Kubát
2009-11-01 17:48:58 ----D---- F:\% fotky - album NKN
2009-10-31 18:45:51 ----N---- F:\WINDOWS\system32\SSRemove.Exe
2009-10-31 18:45:45 ----A---- F:\WINDOWS\system32\XRXS1LMK.DLL
2009-10-31 18:45:35 ----A---- F:\WINDOWS\system32\SSCoInst.exe
2009-10-31 18:45:34 ----A---- F:\WINDOWS\system32\SSCoInst.dll
2009-10-31 18:44:50 ----D---- F:\WINDOWS\Xerox
2009-10-22 00:46:48 ----D---- F:\Documents and Settings\Administrator\Application Data\CoSoSys
2009-10-20 19:59:43 ----A---- F:\WINDOWS\system32\ptpusb.dll
2009-10-20 19:59:41 ----A---- F:\WINDOWS\system32\ptpusd.dll
2009-10-17 21:17:32 ----D---- F:\493a100964db0199ace3
2009-10-16 06:38:17 ----HDC---- F:\WINDOWS\$NtUninstallKB969059$
2009-10-16 06:38:07 ----HDC---- F:\WINDOWS\$NtUninstallKB974112$
2009-10-16 06:37:59 ----HDC---- F:\WINDOWS\$NtUninstallKB975025$
2009-10-15 18:08:24 ----HDC---- F:\WINDOWS\$NtUninstallKB958869$
2009-10-15 18:07:23 ----HDC---- F:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 18:07:00 ----HDC---- F:\WINDOWS\$NtUninstallKB974571$
2009-10-15 18:02:00 ----HDC---- F:\WINDOWS\$NtUninstallKB975467$
2009-10-14 21:45:07 ----HDC---- F:\WINDOWS\$NtUninstallKB971486$
2009-10-13 22:15:22 ----D---- F:\9f620a992423cf13393a887ec3606431
2009-10-13 22:06:59 ----HDC---- F:\WINDOWS\$NtUninstallKB973525$
2009-10-13 20:41:50 ----D---- F:\Program Files\IrfanView42
2009-10-10 18:10:22 ----D---- F:\SW - DBVT dongl - ještě nepřekopírované na WDD
2009-10-10 18:09:39 ----A---- F:\WINDOWS\WFD_DrvVer.ini
2009-10-10 18:09:38 ----A---- F:\WINDOWS\WFD_FindDevID.ini
2009-10-10 18:09:37 ----A---- F:\WINDOWS\WFD_FindMceDev.ini
2009-10-10 18:08:34 ----A---- F:\WINDOWS\system32\Dvbpws.dll
2009-10-10 16:33:54 ----D---- F:\Documents and Settings\All Users\Application Data\ArcSoft
2009-10-10 16:33:43 ----A---- F:\WINDOWS\system32\unicows.dll
2009-10-10 16:33:42 ----D---- F:\Program Files\Common Files\ArcSoft
2009-10-10 16:32:37 ----D---- F:\Program Files\Common Files\Ulead Systems
2009-10-10 16:28:13 ----A---- F:\WINDOWS\system32\PsisDecd.dll
2009-10-10 16:09:22 ----D---- F:\WINDOWS\system32\WinFast
2009-10-10 16:09:17 ----D---- F:\Program Files\Leadtek Research Inc
2009-10-10 16:09:04 ----D---- F:\Documents and Settings\Administrator\Application Data\InstallShield

======List of files/folders modified in the last 3 months======

2010-01-04 18:24:11 ----RD---- F:\Program Files
2010-01-04 18:23:54 ----D---- F:\WINDOWS\Prefetch
2010-01-04 18:23:34 ----A---- F:\WINDOWS\WINCMD.INI
2010-01-04 17:54:11 ----D---- F:\Program Files\Mozilla Firefox
2010-01-04 17:52:35 ----D---- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-04 17:52:25 ----D---- F:\WINDOWS
2010-01-04 17:50:09 ----D---- F:\WINDOWS\Temp
2010-01-04 17:47:03 ----D---- F:\Program Files\Spyware Terminator
2010-01-04 17:47:03 ----D---- F:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-01-04 17:01:08 ----D---- F:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2010-01-04 16:08:02 ----D---- F:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2010-01-03 21:27:23 ----D---- F:\% Lucka na F
2010-01-03 18:41:43 ----N---- F:\WINDOWS\SchedLgU.Txt
2010-01-03 18:25:13 ----D---- F:\WINDOWS\system
2010-01-03 17:42:37 ----D---- F:\WINDOWS\system32\CatRoot2
2010-01-03 15:10:28 ----SHD---- F:\WINDOWS\Installer
2010-01-03 15:10:25 ----HD---- F:\Config.Msi
2010-01-03 15:08:18 ----D---- F:\Program Files\Common Files
2009-12-28 18:56:08 ----D---- F:\Documents and Settings\Administrator\Application Data\Skype
2009-12-28 17:23:14 ----D---- F:\Documents and Settings\Administrator\Application Data\skypePM
2009-12-25 21:30:05 ----D---- F:\_ vystup z FREEDOWNLOAD
2009-12-25 20:22:01 ----D---- F:\NKN
2009-12-24 12:11:48 ----A---- F:\WINDOWS\_ WDICT32.INI
2009-12-23 18:45:09 ----D---- F:\Documents and Settings\Administrator\Application Data\dvdcss
2009-12-22 11:36:46 ----D---- F:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-12-21 20:33:21 ----D---- F:\% Sandy na F
2009-12-13 10:10:48 ----D---- F:\WINDOWS\Debug
2009-12-13 10:10:40 ----D---- F:\WINDOWS\Minidump
2009-12-13 09:11:34 ----A---- F:\WINDOWS\CSTBox.INI
2009-12-10 20:25:21 ----D---- F:\Documents and Settings\Administrator\Application Data\gtk-2.0
2009-12-09 20:15:17 ----D---- F:\WINDOWS\system32
2009-12-09 20:01:16 ----D---- F:\WINDOWS\system32\drivers
2009-12-09 19:44:11 ----HD---- F:\WINDOWS\inf
2009-12-09 19:44:09 ----RSHDC---- F:\WINDOWS\system32\dllcache
2009-12-09 19:42:24 ----D---- F:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-12-09 19:36:35 ----HD---- F:\WINDOWS\$hf_mig$
2009-12-09 19:35:48 ----D---- F:\WINDOWS\system32\en-US
2009-12-09 19:35:48 ----D---- F:\Program Files\Internet Explorer
2009-12-09 19:35:31 ----D---- F:\WINDOWS\ie7updates
2009-12-01 21:06:19 ----A---- F:\WINDOWS\system32\MRT.exe
2009-11-28 21:17:17 ----D---- F:\WINDOWS\WinSxS
2009-11-06 17:37:29 ----D---- F:\WINDOWS\Help
2009-11-01 19:11:08 ----D---- F:\My Recorded Files - nexus radio
2009-10-31 20:35:47 ----D---- F:\WINDOWS\system32\CatRoot
2009-10-31 18:23:44 ----D---- F:\Program Files\xerox
2009-10-29 19:42:14 ----D---- F:\% fotky z Albanie 2009 vsechny
2009-10-29 08:46:59 ----A---- F:\WINDOWS\system32\wininet.dll
2009-10-29 08:46:59 ----A---- F:\WINDOWS\system32\webcheck.dll
2009-10-29 08:46:58 ----A---- F:\WINDOWS\system32\urlmon.dll
2009-10-29 08:46:58 ----A---- F:\WINDOWS\system32\url.dll
2009-10-29 08:46:58 ----A---- F:\WINDOWS\system32\pngfilt.dll
2009-10-29 08:46:58 ----A---- F:\WINDOWS\system32\occache.dll
2009-10-29 08:46:58 ----A---- F:\WINDOWS\system32\mstime.dll
2009-10-29 08:46:58 ----A---- F:\WINDOWS\system32\msrating.dll
2009-10-29 08:46:57 ----A---- F:\WINDOWS\system32\mshtmled.dll
2009-10-29 08:46:57 ----A---- F:\WINDOWS\system32\mshtml.dll
2009-10-29 08:46:55 ----A---- F:\WINDOWS\system32\msfeedsbs.dll
2009-10-29 08:46:55 ----A---- F:\WINDOWS\system32\msfeeds.dll
2009-10-29 08:46:55 ----A---- F:\WINDOWS\system32\jsproxy.dll
2009-10-29 08:46:54 ----A---- F:\WINDOWS\system32\iertutil.dll
2009-10-29 08:46:54 ----A---- F:\WINDOWS\system32\iernonce.dll
2009-10-29 08:46:54 ----A---- F:\WINDOWS\system32\ieframe.dll
2009-10-29 08:46:52 ----A---- F:\WINDOWS\system32\ieencode.dll
2009-10-29 08:46:52 ----A---- F:\WINDOWS\system32\iedkcs32.dll
2009-10-29 08:46:51 ----A---- F:\WINDOWS\system32\ieapfltr.dll
2009-10-29 08:46:51 ----A---- F:\WINDOWS\system32\ieaksie.dll
2009-10-29 08:46:51 ----A---- F:\WINDOWS\system32\ieakeng.dll
2009-10-29 08:46:51 ----A---- F:\WINDOWS\system32\icardie.dll
2009-10-29 08:46:51 ----A---- F:\WINDOWS\system32\extmgr.dll
2009-10-29 08:46:51 ----A---- F:\WINDOWS\system32\dxtrans.dll
2009-10-29 08:46:50 ----A---- F:\WINDOWS\system32\dxtmsft.dll
2009-10-29 08:46:50 ----A---- F:\WINDOWS\system32\corpol.dll
2009-10-29 08:46:50 ----A---- F:\WINDOWS\system32\advpack.dll
2009-10-28 16:07:15 ----N---- F:\WINDOWS\system32\tzchange.exe
2009-10-28 15:36:11 ----A---- F:\WINDOWS\system32\ieudinit.exe
2009-10-28 15:36:11 ----A---- F:\WINDOWS\system32\ie4uinit.exe
2009-10-28 09:36:42 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI
2009-10-28 07:52:46 ----A---- F:\WINDOWS\system32\ieakui.dll
2009-10-21 06:38:36 ----A---- F:\WINDOWS\system32\strmfilt.dll
2009-10-21 06:38:36 ----A---- F:\WINDOWS\system32\httpapi.dll
2009-10-19 22:12:13 ----RSD---- F:\WINDOWS\Fonts
2009-10-19 22:12:01 ----D---- F:\Program Files\Common Files\Microsoft Shared
2009-10-19 22:11:13 ----D---- F:\Program Files\Microsoft Works
2009-10-19 22:06:42 ----A---- F:\WINDOWS\win.ini
2009-10-19 22:06:41 ----D---- F:\Program Files\Common Files\System
2009-10-16 14:42:08 ----D---- F:\WINDOWS\Microsoft.NET
2009-10-16 14:42:00 ----RSD---- F:\WINDOWS\assembly
2009-10-15 14:56:23 ----HD---- F:\Program Files\InstallShield Installation Information
2009-10-13 11:30:16 ----A---- F:\WINDOWS\system32\oakley.dll
2009-10-12 14:38:19 ----A---- F:\WINDOWS\system32\rastls.dll
2009-10-12 14:38:18 ----A---- F:\WINDOWS\system32\raschap.dll
2009-10-11 11:57:11 ----D---- F:\Documents and Settings\Administrator\Application Data\ArcSoft
2009-10-10 16:29:57 ----D---- F:\Program Files\WinFast
2009-10-10 16:25:39 ----D---- F:\WINDOWS\system32\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; F:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; F:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-04 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; F:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-04 27784]
R1 fwdrv;Firewall Driver; F:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 274432]
R1 khips;Kerio HIPS Driver; F:\WINDOWS\system32\drivers\khips.sys [2005-12-15 81920]
R1 SASDIFSV;SASDIFSV; \??\F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\F:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 VIAPFD;VIAPFD; F:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R2 BT848;WinFast TV2000 XP WDM Video Capture; F:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
R2 DgiVecp;Team MFP Comm Driver; F:\WINDOWS\System32\Drivers\DgiVecp.sys [2009-06-15 40448]
R2 Hardlock;Hardlock; \??\F:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\F:\WINDOWS\system32\drivers\Haspnt.sys []
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; F:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; F:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); F:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-06-21 655596]
R3 ati2mtag;ati2mtag; F:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; F:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; F:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SASENUM;SASENUM; \??\F:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbhub;USB2 Enabled Hub; F:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; F:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; F:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 AF15BDA;WinFast DTV Dongle Gold BDA Filter; F:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-07-04 306816]
S3 CCDECODE;Closed Caption Decoder; F:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GT680x;BearPaw 2448TA Plus Usb Scanner; F:\WINDOWS\System32\Drivers\Gt680x.sys [2003-02-18 17504]
S3 HidUsb;Microsoft HID Class Driver; F:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MPE;BDA MPE Filter; F:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; F:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; F:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; F:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NFWVAD_ds2dhw;NFW Virtual Audio; F:\WINDOWS\system32\drivers\nfwvad.sys [2007-11-09 22368]
S3 SLIP;BDA Slip De-Framer; F:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; F:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndis;USB Remote NDIS Device Driver; F:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbaudio;USB Audio Driver (WDM); F:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; F:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; F:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; F:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; F:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; F:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; F:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; F:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; F:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056]
R2 avg8wd;AVG Free8 WatchDog; F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-04 297752]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; F:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe [2005-12-19 1368064]
R2 MDM;Machine Debug Manager; F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NMSAccessU;NMSAccessU; F:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 71096]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; F:\Program Files\Spyware Terminator\sp_rsser.exe [2009-09-21 487424]
R2 UleadBurningHelper;Ulead Burning Helper; F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; F:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; F:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; F:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[Rudy]

Udělejte sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[Lucie Knoblochová]

Tady je ten log z MBAM, "Adware.ADON", co to našlo, jsem vymazala až potom.


Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

10.1.2010 11:29:56
mbam-log-2010-01-10 (11-28-39).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 388491
Time elapsed: 3 hour(s), 32 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Documents and Settings\Administrator\Application Data\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe (Adware.ADON) -> No action taken.

[Rudy]

Pokud je smazán, PC by měl být čistý. Kde byl trojan nalezen?

[Lucie Knoblochová]

Ten posledni byl u aplikace eBay. Vtip je ale v tom, ze to nebyl ten Asta-killer, toho mi nachazel Spybot i po vycisteni MBAMem. Proto me zajimalo, jestli je to chyba ve Spybotu nebo tam nekde opravdu neco je...

Diky moc.

[Rudy]

Spybot jako sw má už svá nejlepší léta za sebou. Dnes máme lepší antispywary, např Spyware terminator, Sperantispyware a pod.

[Lucie Knoblochová]

Takže to jeho varování mám nechat být a dál se tím nezabývat? Je to falešná zpráva?

[Rudy]

Pro všechny případu zkuste stáhnout a nainstalovat Superantispyware: http://www.stahuj.centrum.cz/utility_a_ ... tispyware/ , udělat sken a eventuální nálezy smazat.

[Lucie Knoblochová]

Díky

[Rudy]

Nemáte zač!