Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

BackDoor.Generic12.AEIU

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
seten
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 23 bře 2009 14:00

BackDoor.Generic12.AEIU

#1 Příspěvek od seten »

Avg vybehlo s nasledujici zpravou o infekci

"Trojský kůň BackDoor.Generic12.AEIU";"C:\WINDOWS\system32\drivers\mrjbha.sys";"Infikováno";"24.2.2010, 17:53:50";"Soubor";"System"
"Trojský kůň BackDoor.Generic12.AEIU";"C:\WINDOWS\system32\drivers\asyncmac.sys";"Objekt je vedený na bílé listině (důležitý/systémový soubor, který by neměl být odstraněn)";"24.2.2010, 17:53:48";"Soubor";"System"
"Trojský kůň BackDoor.Generic12.AEIU";"C:\WINDOWS\system32\drivers\amdk8.sys";"Infikováno";"24.2.2010, 17:53:48";"Soubor";"System"
"Trojský kůň BackDoor.Generic12.AEIU";"C:\WINDOWS\system32\drivers\akshhl.sys";"Infikováno";"24.2.2010, 17:53:48";"Soubor";"System"
"Trojský kůň BackDoor.Generic12.AEIU";"C:\WINDOWS\system32\drivers\aec.sys";"Infikováno";"24.2.2010, 17:53:47";"Soubor";"System"
"Trojský kůň BackDoor.Generic12.AEIU";"C:\WINDOWS\system32\drivers\61883.sys";"Infikováno";"24.2.2010, 17:53:46";"Soubor";"System"


prikladam log z RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sida at 2010-02-25 17:56:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 66 GB (14%) free of 477 GB
Total RAM: 1791 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:36, on 25.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7\miranda32.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\OZOTISKY\PRINTFILE\PRFILE32.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\OZOTISKY\PRINTFILE\PRFILE32.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Mx-3 B-Cup Service.exe
C:\Program Files\BurnerXP\NMSAccessU.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Dokumenty\stažené soubory\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Sida.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [MirandaIM] "C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7\miranda32.exe" "C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7\Profile\dbase-v6.6"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: winesm32.exe
O4 - Startup: Zástupce - miranda32.lnk = C:\Program Files\Mir4nda-IM-0.7.1-Pack-v2.0\miranda32.exe
O4 - Startup: Údržba databáze BUILDpower.LNK = C:\Program Files\RTSStavitel\BPStartUp.exe
O4 - Global Startup: Komprimovaný tisk.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Normální tisk.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: BSC Applet Security - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Applet Utilities - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Business Objects - https://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
O16 - DPF: BSC Java Components Library - https://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
O16 - DPF: BSC Text Utilities - https://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
O16 - DPF: BSC Utilities - https://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
O16 - DPF: GEMINI IBS 32 GEMB Applet Security - https://ra.internetbanka.cz/ra31/bin/IB ... .3.0.0.cab
O16 - DPF: GEMINI IBS 32 GEMB Applet Utilities - https://ib.internetbanka.cz/ibs31/bin/I ... .99.99.cab
O16 - DPF: IAIK Java Cryptography Extension - https://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
O16 - DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} (ICASign Class) - https://ib24.csob.cz/Comp/IcaSignerCZ.cab
O16 - DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} (CSOBEnroll Class) - https://ib24.csob.cz/comp/CSOBEnroll.dll
O16 - DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} (ICApki Class) - http://download.ica.cz/icapki.cab
O16 - DPF: {8DB83558-B5E6-4449-8E59-B91126580A99} (ICAHsmEngine Class) - https://ib24.csob.cz/comp/ICAHsmEngine.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MX-3 B-Cup XP (Mx-3 B-Cup Service) - n.v.t. MX-3 - C:\WINDOWS\system32\Mx-3 B-Cup Service.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnerXP\NMSAccessU.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

--
End of file - 11948 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{DD8EBA77-3E69-4E46-9041-2AC5353C12FC}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-01-20 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-15 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-03-27 16859136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2003-12-04 406016]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-29 52168]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"eBook Library Launcher"=C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [2009-11-24 906640]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2009-02-25 77824]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-20 2033432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-10 39408]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"MirandaIM"=C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7\miranda32.exe [2009-10-04 792576]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Komprimovaný tisk.lnk - C:\OZOtisky\PrintFile\shortcuts\Komprimovaný tisk.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Normální tisk.lnk - C:\OZOtisky\PrintFile\shortcuts\Normální tisk.exe

C:\Documents and Settings\Sida\Nabídka Start\Programy\Po spuštění
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
winesm32.exe
Zástupce - miranda32.lnk - C:\Program Files\Mir4nda-IM-0.7.1-Pack-v2.0\miranda32.exe
Údržba databáze BUILDpower.LNK - C:\Program Files\RTSStavitel\BPStartUp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-01-20 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ENABLE"
"C:\WINDOWS\RTHDCPL.exe"="C:\WINDOWS\RTHDCPL.exe:*:Enabled:ENABLE"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\ARCHline.XP 2009\exe\ARCHlineXP2009.exe"="C:\Program Files\ARCHline.XP 2009\exe\ARCHlineXP2009.exe:*:Enabled:ARCHline.XP"
"C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7\miranda32.exe"="C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc370ec7-4e36-11dd-b293-806d6172696f}]
shell\AutoRun\command - D:\startdvd.exe
shell\readme\command - notepad cti_mne.txt


======List of files/folders created in the last 1 months======

2010-02-25 17:56:23 ----D---- C:\rsit
2010-02-25 17:56:23 ----D---- C:\Program Files\trend micro
2010-02-25 00:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-24 17:53:31 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-02-17 14:40:42 ----A---- C:\WINDOWS\system32\Mx-3 B-Cup Service.exe
2010-02-10 21:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 21:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 21:44:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 21:44:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 21:44:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 21:44:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 21:44:08 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 21:44:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 21:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 1 months======

2010-02-25 17:56:28 ----D---- C:\WINDOWS\Prefetch
2010-02-25 17:56:23 ----SD---- C:\Program Files
2010-02-25 17:55:57 ----D---- C:\WINDOWS\temp
2010-02-25 17:37:57 ----D---- C:\Program Files\Mozilla Firefox
2010-02-25 16:20:32 ----D---- C:\OZO2009P
2010-02-25 14:45:10 ----SD---- C:\WINDOWS\Tasks
2010-02-25 14:35:02 ----D---- C:\OZO2010P
2010-02-25 13:20:14 ----D---- C:\Documents and Settings\Sida\Data aplikací\Canon
2010-02-25 13:20:11 ----A---- C:\WINDOWS\CSTBox.INI
2010-02-25 11:57:07 ----D---- C:\Program Files\DWG Viewer
2010-02-25 11:56:45 ----A---- C:\WINDOWS\iltwain.ini
2010-02-25 11:54:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-25 08:30:31 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-25 07:13:47 ----D---- C:\WINDOWS\system32\config
2010-02-25 06:23:17 ----D---- C:\WINDOWS\system32
2010-02-25 06:23:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-25 06:19:42 ----AD---- C:\WINDOWS
2010-02-25 06:19:13 ----D---- C:\Documents and Settings\Sida\Data aplikací\OpenOffice.org2
2010-02-25 00:05:45 ----HD---- C:\WINDOWS\inf
2010-02-25 00:05:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-25 00:05:22 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-25 00:05:18 ----A---- C:\WINDOWS\imsins.BAK
2010-02-25 00:05:04 ----D---- C:\Program Files\Internet Explorer
2010-02-24 17:53:50 ----D---- C:\WINDOWS\system32\drivers
2010-02-24 14:33:54 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-17 15:51:29 ----A---- C:\WINDOWS\Labels.INI
2010-02-17 14:40:46 ----SHD---- C:\WINDOWS\Installer
2010-02-17 14:40:44 ----D---- C:\WINDOWS\Help
2010-02-17 09:03:04 ----A---- C:\WINDOWS\win.ini
2010-02-16 11:05:36 ----D---- C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7
2010-02-15 11:31:12 ----D---- C:\Program Files\PROTECH
2010-02-15 11:30:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-12 08:32:35 ----A---- C:\WINDOWS\PENB.INI
2010-02-11 10:49:30 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-10 16:46:24 ----A---- C:\WINDOWS\Csp.INI
2010-02-04 08:10:34 ----D---- C:\Program Files\Google
2010-02-02 17:14:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-01-20 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-01-20 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-01-20 360584]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aksfridge;HASP Fridge; C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2008-03-18 350720]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-02 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-02 55936]
R3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2007-07-05 238976]
R3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-07-05 14976]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2003-12-04 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-20 30104]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 GEMPC430;GEMPLUS GemPC430 USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\grclass.sys [2001-10-24 82432]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-27 4713472]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NmPar;PCI Parallel Port; C:\WINDOWS\system32\DRIVERS\NmPar.sys [2008-12-24 80256]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-01-21 118656]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-07-17 28672]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 akshhl;Aladdin HASP HL Key; C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-07-23 46336]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-20 30104]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-01-20 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-20 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-01-20 2304192]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2007-06-14 145504]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2008-04-24 2562048]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Mx-3 B-Cup Service;MX-3 B-Cup XP; C:\WINDOWS\system32\Mx-3 B-Cup Service.exe [2010-02-17 124928]
R2 NMSAccessU;NMSAccessU; C:\Program Files\BurnerXP\NMSAccessU.exe [2008-10-20 71096]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-02 194032]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Sony SCSI Helper Service;Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [2009-11-09 73728]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

seten
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 23 bře 2009 14:00

Re: BackDoor.Generic12.AEIU

#2 Příspěvek od seten »

Dekuji za rychlou odpoved,

prikladam zatim log z combofixu pri startu zahlasil pouze chybu o chybejicim souboru ktery jsem bohuzel zapomnel poznamenat, ale myslim ze nazev souboru byl ten grpconv co je uveden na zacatku logu
takze log z combofixu:
ComboFix 10-02-25.02 - Sida 26.02.2010 9:54.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1791.1055 [GMT 1:00]
Spuštěný z: c:\documents and settings\Sida\Plocha\abraka.com
AV: AVG Anti-Virus plus Firewall *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sida\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\srchasst\nls302en.lex

c:\windows\system32\grpconv.exe chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\grpconv.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-26 08:58 . 2008-04-14 03:22 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-02-26 08:58 . 2008-04-14 03:22 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-02-25 16:56 . 2010-02-25 16:56 -------- d-----w- C:\rsit
2010-02-25 16:56 . 2010-02-25 16:56 -------- d-----w- c:\program files\trend micro
2010-02-24 16:53 . 2010-02-26 09:01 792064 ----a-w- c:\windows\system32\drivers\mrjbha.sys
2010-02-24 16:53 . 2010-02-24 17:24 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-02-17 13:40 . 2010-02-17 13:42 124928 ----a-w- c:\windows\system32\Mx-3 B-Cup Service.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 08:45 . 2009-03-27 11:58 -------- d-----w- c:\program files\CCleaner
2010-02-25 10:57 . 2008-11-03 15:49 -------- d-----w- c:\program files\DWG Viewer
2010-02-25 05:23 . 2006-03-02 12:00 73138 ----a-w- c:\windows\system32\perfc005.dat
2010-02-25 05:23 . 2006-03-02 12:00 390898 ----a-w- c:\windows\system32\perfh005.dat
2010-02-16 10:05 . 2009-10-24 14:29 -------- d-----w- c:\program files\Mir4nda-IM-0.8.8-Pack-v2.7
2010-02-15 10:31 . 2009-08-27 15:20 -------- d-----w- c:\program files\PROTECH
2010-02-15 10:30 . 2008-07-10 04:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-04 07:10 . 2008-12-29 11:17 -------- d-----w- c:\program files\Google
2010-01-21 06:20 . 2008-08-12 13:57 -------- d-----w- c:\program files\RTSStavitel
2010-01-21 06:09 . 2009-11-10 19:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 11:53 . 2010-01-20 11:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-20 11:53 . 2010-01-20 11:41 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-20 11:42 . 2010-01-20 11:42 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-20 11:41 . 2010-01-20 11:41 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-20 11:41 . 2010-01-20 11:41 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-20 11:41 . 2010-01-20 11:41 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-20 11:41 . 2010-01-20 11:41 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-20 11:16 . 2009-12-06 14:35 -------- d-----r- c:\program files\Skype
2010-01-07 14:09 . 2010-01-07 14:09 303928 ----a-w- c:\windows\system32\icapki.dll
2010-01-06 17:47 . 2008-09-02 17:56 -------- d-----w- c:\program files\Avidemux 2.4
2010-01-04 18:00 . 2009-06-22 20:27 -------- d-----w- c:\program files\Evidence Médií stará
2010-01-04 17:47 . 2010-01-04 17:13 -------- d-----w- c:\program files\Evidence Médií
2009-12-31 16:50 . 2008-07-17 07:15 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 06:09 . 2009-12-30 06:07 -------- d-----w- c:\program files\Common Files\Remote Control Software Common
2009-12-30 06:07 . 2009-12-30 06:06 -------- d-----w- c:\program files\Logitech
2009-12-30 06:07 . 2009-12-30 06:07 -------- d-----w- c:\program files\Common Files\Remote Control USB Driver
2009-12-30 06:06 . 2009-12-30 06:06 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-12-21 19:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-07-10 02:57 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 09:05 . 2009-12-16 09:05 151552 ----a-w- c:\windows\system32\SecureStorePKCS11.dll
2009-12-14 07:10 . 2008-07-17 07:15 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2008-07-17 07:15 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2008-07-17 07:15 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-06 14:40 . 2009-12-06 14:40 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-04 18:22 . 2008-07-17 07:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-28 17:00 . 2009-05-28 16:48 655 -c--a-w- c:\program files\dcadwin.ini
2008-09-29 07:30 . 2008-09-29 07:20 24 -csha-w- c:\windows\S0EE27972.tmp
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 39408]
"MirandaIM"="c:\program files\Mir4nda-IM-0.8.8-Pack-v2.7\miranda32.exe" [2009-10-04 792576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-27 16859136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"eBook Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2009-11-24 906640]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2009-02-25 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Sida\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-3-16 393216]
winesm32.exe [2008-4-14 29696]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Komprimovaně tisk.lnk - c:\ozotisky\PrintFile\shortcuts\Komprimovaně tisk.exe [2002-7-26 16896]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-12-30 66864]
Norm lnˇ tisk.lnk - c:\ozotisky\PrintFile\shortcuts\Norm lnˇ tisk.exe [2002-7-26 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-20 11:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\ARCHline.XP 2009\\exe\\ARCHlineXP2009.exe"=
"c:\\Program Files\\Mir4nda-IM-0.8.8-Pack-v2.7\\miranda32.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [20.1.2010 12:42 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20.1.2010 12:41 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20.1.2010 12:41 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [20.1.2010 12:41 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [20.1.2010 12:41 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [20.1.2010 12:41 2304192]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 Mx-3 B-Cup Service;MX-3 B-Cup XP;c:\windows\system32\Mx-3 B-Cup Service.exe [17.2.2010 14:40 124928]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [20.1.2010 12:41 30104]
R3 GEMPC430;GEMPLUS GemPC430 USB Smart Card Reader;c:\windows\system32\drivers\grclass.sys [24.7.2008 17:47 82432]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [9.4.2008 8:28 80256]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.1.2010 23:04 135664]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l151x86.sys --> c:\windows\system32\DRIVERS\l151x86.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [20.1.2010 12:41 30104]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mrjbha
.
Obsah adresáře 'Naplánované úlohy'

2010-02-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-29 16:14]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 22:04]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 22:04]

2010-02-26 c:\windows\Tasks\User_Feed_Synchronization-{DD8EBA77-3E69-4E46-9041-2AC5353C12FC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: csob.cz\ib24
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://ib24.csob.cz/Comp/IcaSignerCZ.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://ib24.csob.cz/comp/CSOBEnroll.dll
DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} - hxxp://download.ica.cz/icapki.cab
DPF: {8DB83558-B5E6-4449-8E59-B91126580A99} - hxxps://ib24.csob.cz/comp/ICAHsmEngine.dll
FF - ProfilePath - c:\documents and settings\Sida\Data aplikací\Mozilla\Firefox\Profiles\se1bweu3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - plugin: c:\program files\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 10:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\documents and settings\Sida\Nabídka Start\Programy\Po spuštění\winesm32.exe 29696 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mrjbha]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\SecureStoreCSP.dll
c:\windows\system32\SecureStoreCore.dll
c:\windows\system32\STM4XW32.dll
c:\windows\system32\LIBEAY32_098.dll
c:\windows\system32\SecureStoreCspRes.dll

- - - - - - - > 'explorer.exe'(2184)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\bgsvcgen.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\hasplms.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\BurnerXP\NMSAccessU.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-02-26 10:06:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-26 09:06

Před spuštěním: Volných bajtů: 79 676 379 136
Po spuštění: Volných bajtů: 79 622 602 752

- - End Of File - - E719DC42CA010132A8F2E9274F2940BD

jdu na ten dalsi

seten
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 23 bře 2009 14:00

Re: BackDoor.Generic12.AEIU

#3 Příspěvek od seten »

Tak jsem to asi prehnal, ten gmer nejdrive bezel strasne pomalu a po case se samovolne restartoval pc a dokonce se mu nechtelo nabehnout, pomohlo najet do recovery konzole a pri prihlasovani k instalaci jen zmacknout enter a nechat to restartovat, potom to uz nabehlo.
Ve win jsem zjistil ze je tam uz od startu zatezovan procesor procesem svchost.exe na 50%(mam dvoujadro) tak jsem to parkrat suspendnul po cemz prestal process explorer ukazovat vytizeni procesoru a tak nejak zacal blbnout i system.
No a ted jsem se dostal do faze kdy uz po POSTu cerna obrazovka win nenabehnou ani v nouzovym rezimu a ani oprava z cd nezabrala. Jinak nez se to restartlo tak gmer upozornoval na nejakej moznej rootkit, ale momentalne se tam nedostanu k tomu logu takze nevim nazvy.
No asi pomalu pujdu pripojit disk jinam, zazalohovat a asi komplet reinstal, protoze uz mi nejak dochazej napady.
Jinak dekuji za snahu, ale asi jsem si tu pri vsi ty aktivite neco tezce oddelal.

seten
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 23 bře 2009 14:00

Re: BackDoor.Generic12.AEIU

#4 Příspěvek od seten »

Jo to je ten nazev, jinak ja jsem nic ani nemazal jenom jsem tam experimentoval se suspendovanim tech procesu a ted jsem ve stejnym stavu jako predtim kdy nenabehnou windows s tim rozdilem ze uz nabehnuti do recovery nic nezmeni, zkousel jsem tu opravu z cd, az ta druha nabidka ne ta konzole, to nic nezmenilo tak jsem zkousel v konzoli fixboot a fixmbr coz taky zadny lepsi vysledky nedalo chkdsk hlasi ze je tam aspon jedna chyba, ale asi se drive pokusim stahnu nekam nejaky ty data nez to pustim /r.

seten
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 23 bře 2009 14:00

Re: BackDoor.Generic12.AEIU

#5 Příspěvek od seten »

Dobre diky, zkusim.
Radsi bych aby se chytnul nez to preinstalovavat.

seten
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 23 bře 2009 14:00

Re: BackDoor.Generic12.AEIU

#6 Příspěvek od seten »

Tak neveril jsem tomu, ale smazal jsem ty dva soubory ze system32 a ten z nabidky start/po spusteni a nabehla mi ta opravna instalace tak uvidime, zacinam trochu litovat ze jsem tu instalaci poustel protoze to mi asi taky trosku rozbije nastaveni a instalovany programy.
Jinak tady je ten log z OTL jede mi tu ted ta instalace
OTL logfile created on: 2/26/2010 5:07:26 PM - Run
OTLPE by OldTimer - Version 3.1.30.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2800.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 76.87 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/02/17 08:42:59 | 000,124,928 | ---- | M] (n.v.t. MX-3) [Auto] -- C:\WINDOWS\System32\Mx-3 B-Cup Service.exe -- (Mx-3 B-Cup Service)
SRV - [2010/02/02 11:14:24 | 000,194,032 | ---- | M] (Google) [Auto] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/01/20 06:53:48 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/20 06:53:45 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/01/20 06:41:40 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/06 17:04:11 | 000,135,664 | ---- | M] (Google Inc.) [Auto] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Služba Google Update (gupdate)
SRV - [2009/11/09 15:46:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/10/10 22:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/02/03 23:41:55 | 000,602,112 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/02/03 15:05:00 | 000,593,920 | ---- | M] () [Auto] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/10/20 15:18:26 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\BurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/24 06:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2007/06/14 14:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2003/07/28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (mrjbha)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (AtcL001)
DRV - [2010/01/20 06:53:50 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/20 06:42:01 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/01/20 06:41:57 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/20 06:41:40 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/20 06:41:21 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/01/20 06:41:21 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/08/27 10:23:34 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/02/04 02:27:21 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/01/21 09:49:00 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/12/23 23:40:12 | 000,080,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008/11/20 14:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2008/07/21 07:11:58 | 000,024,392 | ---- | M] (Elaborate Bytes AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/07/16 19:12:47 | 000,028,672 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2008/03/27 03:37:00 | 004,713,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/18 09:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 09:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/10/11 20:40:00 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2007/07/23 08:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/07/05 08:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2007/07/05 08:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/06/14 08:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/04/16 15:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/12/28 11:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/07/01 15:42:58 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006/03/02 07:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2006/03/02 07:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2006/03/02 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/03/02 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2006/03/02 07:00:00 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/03/02 07:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/03/02 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/03/02 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2006/03/02 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2006/02/19 21:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/09/23 17:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/11 04:24:24 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2005/02/11 04:22:48 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005/02/11 04:21:10 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005/02/11 04:21:02 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005/02/11 04:19:20 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005/01/07 10:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/12/04 05:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2002/06/13 09:08:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/10/24 04:58:08 | 000,082,432 | ---- | M] (Gemplus) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\grclass.sys -- (GEMPC430)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Sida_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\Sida_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/20 07:01:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 10:32:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 10:32:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2008/08/14 03:02:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/02/25 03:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/11 08:37:22 | 000,086,016 | ---- | M] (Software602 a.s.) -- C:\Program Files\Mozilla Firefox\plugins\npfiller.dll
[2010/01/19 08:05:26 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010/01/19 08:05:26 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010/01/19 08:05:26 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010/01/19 08:05:26 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010/01/19 08:05:26 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010/02/26 04:00:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\Sida_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [Print2PDF Print Monitor] C:\Program Files\Software602\Print2PDF\Print2PDF.exe (Software602)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\Sida_ON_C..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\Sida_ON_C..\Run: [MirandaIM] C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7\miranda32.exe ( )
O4 - HKU\Sida_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\Sida_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O7 - HKU\Sida_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Sida_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Sida_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Sida_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll (Software602 a.s.)
O9 - Extra 'Tools' menuitem : Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll (Software602 a.s.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 5527 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Ranges: 36 range(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 5538 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Ranges: 77 range(s) not assigned to a zone.
O15 - HKU\Sida_ON_C\..Trusted Domains: 5539 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Sida_ON_C\..Trusted Ranges: 77 range(s) not assigned to a zone.
O16 - DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} https://ib24.csob.cz/Comp/IcaSignerCZ.cab (ICASign Class)
O16 - DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} https://ib24.csob.cz/comp/CSOBEnroll.dll (CSOBEnroll Class)
O16 - DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} http://download.ica.cz/icapki.cab (ICApki Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8DB83558-B5E6-4449-8E59-B91126580A99} https://ib24.csob.cz/comp/ICAHsmEngine.dll (ICAHsmEngine Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/28 03:08:54 | 000,000,035 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/26 17:02:23 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/02/26 17:00:13 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/02/26 17:00:12 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/02/26 17:00:12 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/02/26 17:00:12 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/02/26 17:00:12 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/02/26 17:00:12 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/02/26 17:00:12 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/02/26 17:00:12 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/02/26 17:00:12 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/02/26 17:00:12 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/02/26 17:00:12 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/02/26 17:00:12 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/02/26 17:00:12 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/02/26 17:00:12 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/02/26 17:00:12 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/02/26 17:00:12 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/02/26 17:00:12 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/02/26 07:12:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2010/02/26 03:58:50 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grpconv.exe
[2010/02/26 03:53:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/26 03:53:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/26 03:53:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/26 03:53:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/26 03:51:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/26 03:47:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sida\Recent
[2010/02/25 11:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/02/25 11:56:23 | 000,000,000 | ---D | C] -- C:\rsit
[2010/02/17 08:40:44 | 000,216,064 | ---- | C] (n.v.t. MX-3) -- C:\WINDOWS\System32\B-CupXP.cpl
[2010/02/17 08:40:42 | 000,124,928 | ---- | C] (n.v.t. MX-3) -- C:\WINDOWS\System32\Mx-3 B-Cup Service.exe
[2010/02/15 05:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sida\Plocha\ PROTECH
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/26 17:08:46 | 000,001,316 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/26 17:06:55 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/26 09:47:38 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/02/26 09:47:00 | 000,000,319 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/02/26 09:46:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/26 07:47:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/26 07:42:38 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/26 07:42:32 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/02/26 07:42:08 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/26 07:42:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/26 07:42:03 | 000,121,808 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/02/26 07:15:50 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/02/26 07:15:50 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/02/26 07:14:48 | 014,680,064 | -H-- | M] () -- C:\Documents and Settings\Sida\NTUSER.DAT
[2010/02/26 07:14:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sida\ntuser.ini
[2010/02/26 04:40:46 | 000,065,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/26 04:40:46 | 000,020,102 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/26 04:40:45 | 000,390,898 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010/02/26 04:40:44 | 000,073,138 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010/02/26 04:40:36 | 000,559,808 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/26 04:15:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/26 04:01:13 | 000,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/26 04:00:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/26 03:50:26 | 000,004,484 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010/02/26 03:45:23 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\Sida\Plocha\CCleaner.lnk
[2010/02/26 03:41:51 | 003,873,109 | R--- | M] () -- C:\Documents and Settings\Sida\Plocha\abraka.com
[2010/02/26 03:19:59 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DD8EBA77-3E69-4E46-9041-2AC5353C12FC}.job
[2010/02/26 03:18:45 | 000,036,363 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2010/02/26 02:45:56 | 000,078,181 | ---- | M] () -- C:\Documents and Settings\Sida\Plocha\poznámky.ods
[2010/02/26 02:29:49 | 056,265,151 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/25 12:53:25 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\Sida\Plocha\Youtube.lnk
[2010/02/25 12:53:02 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/25 12:53:01 | 000,090,624 | ---- | M] () -- C:\Documents and Settings\Sida\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/25 05:56:45 | 000,000,067 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/02/25 02:30:13 | 000,568,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/02/24 12:23:33 | 000,000,012 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Data aplikací\rbuwzv.dat
[2010/02/24 11:53:26 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\LocalService\Data aplikací\rbuwzv.dat
[2010/02/24 11:53:16 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Sida\Data aplikací\avdrn.dat
[2010/02/23 08:09:13 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Sida\Plocha\hesla.xls
[2010/02/19 02:25:11 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/19 02:25:11 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/19 02:25:11 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/19 02:25:11 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/19 02:25:11 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/19 02:25:11 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/19 02:25:10 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/19 02:25:10 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/19 02:25:10 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/19 02:25:10 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/19 02:25:10 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/19 02:25:10 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/19 02:25:10 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/17 09:51:29 | 000,000,477 | ---- | M] () -- C:\WINDOWS\Labels.INI
[2010/02/17 09:48:10 | 000,000,334 | ---- | M] () -- C:\Documents and Settings\Sida\Plocha\MX-3 B-Cup XP.lnk
[2010/02/17 08:42:59 | 000,124,928 | ---- | M] (n.v.t. MX-3) -- C:\WINDOWS\System32\Mx-3 B-Cup Service.exe
[2010/02/17 08:40:44 | 000,216,064 | ---- | M] (n.v.t. MX-3) -- C:\WINDOWS\System32\B-CupXP.cpl
[2010/02/17 03:03:04 | 000,001,122 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/16 09:39:47 | 000,000,507 | ---- | M] () -- C:\Documents and Settings\Sida\Plocha\Sdílené dokumenty.lnk
[2010/02/16 05:05:32 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Sida\Plocha\miranda32.lnk
[2010/02/12 02:32:35 | 000,006,790 | ---- | M] () -- C:\WINDOWS\PENB.INI
[2010/02/10 10:46:24 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Csp.INI
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/26 17:00:13 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/26 17:00:13 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/26 17:00:13 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/26 17:00:13 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/26 17:00:13 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/26 17:00:13 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/26 17:00:13 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/26 17:00:13 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/26 17:00:13 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/26 17:00:13 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/26 17:00:13 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/26 17:00:13 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/26 17:00:13 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/26 17:00:13 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/26 17:00:13 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/26 17:00:13 | 000,001,316 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/26 17:00:13 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/26 04:20:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Sida\Plocha\gmer.exe
[2010/02/26 03:53:31 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/26 03:53:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/26 03:53:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/26 03:53:31 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/26 03:53:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/26 03:41:42 | 003,873,109 | R--- | C] () -- C:\Documents and Settings\Sida\Plocha\abraka.com
[2010/02/24 12:23:33 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\config\systemprofile\Data aplikací\rbuwzv.dat
[2010/02/24 11:53:26 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Data aplikací\rbuwzv.dat
[2010/02/24 11:53:16 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Sida\Data aplikací\avdrn.dat
[2010/02/17 09:48:10 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\Sida\Plocha\MX-3 B-Cup XP.lnk
[2010/02/16 05:05:32 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Sida\Plocha\miranda32.lnk
[2010/01/20 06:52:43 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\ct.ini
[2009/12/16 04:05:42 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SecureStorePKCS11.dll
[2009/11/20 10:04:04 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCspRes.dll
[2009/11/20 10:03:18 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCSP.dll
[2009/11/20 10:02:52 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SecureStoreCore.dll
[2009/10/18 08:50:37 | 000,000,082 | ---- | C] () -- C:\WINDOWS\__1534277.ini
[2009/09/03 08:36:54 | 000,006,790 | ---- | C] () -- C:\WINDOWS\PENB.INI
[2009/08/27 10:23:34 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/08/12 15:21:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Sida\Data aplikací\$_hpcst$.hpc
[2009/07/12 03:37:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/28 11:48:52 | 000,000,655 | ---- | C] () -- C:\Program Files\dcadwin.ini
[2009/03/17 08:03:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/03/17 05:08:48 | 000,131,960 | ---- | C] () -- C:\WINDOWS\System32\ICAEnroll.dll
[2009/03/17 05:08:48 | 000,078,712 | ---- | C] () -- C:\WINDOWS\System32\ICARenewal.dll
[2009/03/13 09:59:18 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/03/13 09:59:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini
[2009/03/09 11:49:55 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/03/02 11:47:49 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\BHARegister.dll
[2009/02/25 09:45:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009/02/25 09:45:04 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2009/02/25 09:44:44 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/02/25 09:44:04 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2009/02/25 03:13:58 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/01/16 03:17:35 | 000,000,652 | ---- | C] () -- C:\WINDOWS\StudioDV.ini
[2009/01/16 03:17:18 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2009/01/16 03:17:17 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2009/01/16 03:17:17 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2009/01/16 03:17:17 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2009/01/16 03:17:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2008/10/30 12:35:05 | 000,023,056 | ---- | C] () -- C:\WINDOWS\System32\Pkwdcl.dll
[2008/10/23 12:51:31 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2008/09/26 11:52:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\pslabeler.ini
[2008/09/22 06:42:16 | 000,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/09/17 03:38:02 | 000,000,477 | ---- | C] () -- C:\WINDOWS\Labels.INI
[2008/08/20 04:06:41 | 000,000,330 | ---- | C] () -- C:\WINDOWS\Csp.INI
[2008/08/20 02:42:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2008/08/15 03:17:27 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\Sida\Data aplikací\burnaware.ini
[2008/08/15 02:56:03 | 000,000,041 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008/08/12 03:39:09 | 000,000,641 | ---- | C] () -- C:\WINDOWS\SESTDLL.INI
[2008/07/30 02:38:10 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/07/29 05:58:08 | 000,004,484 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/07/28 05:44:47 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\Sida\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/25 02:28:14 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2008/07/09 23:03:03 | 000,029,366 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/09 23:03:03 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/07/09 23:02:53 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/02/08 11:13:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\LS3Renderer.dll
[2006/03/02 07:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/03/02 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/10/14 04:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 04:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 04:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 04:56:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 04:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 04:56:48 | 003,223,552 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/10/14 04:56:48 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/10/14 04:56:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/10/14 04:56:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/10/14 04:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2002/07/26 06:15:18 | 000,000,769 | ---- | C] () -- C:\WINDOWS\prfile.ini
[2001/10/27 20:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll

========== LOP Check ==========

[2008/09/02 01:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\.RTS
[2009/11/11 07:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\AVG9
[2009/06/04 14:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\avidemux
[2009/10/18 08:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\Cadline
[2009/03/14 08:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\Canneverbe_Limited
[2010/02/26 03:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\Canon
[2008/09/26 11:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\CD-LabelPrint
[2008/10/18 07:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\CoSoSys
[2008/07/29 03:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\FRITZ!
[2009/12/26 05:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\gtk-2.0
[2009/03/10 05:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\KeePass
[2008/08/20 02:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\NewSoft
[2008/07/28 04:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\Nokia Multimedia Player
[2008/08/20 03:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\NSBackup
[2008/08/15 03:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\Obsidium
[2009/12/06 09:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\ooVoo Details
[2009/03/13 10:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\proDAD
[2009/02/25 03:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\ScanSoft
[2009/12/16 09:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\Software602
[2008/08/14 03:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\Thunderbird
[2009/06/04 15:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\VitySoft
[2009/11/09 07:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sida\Data aplikací\XnView
[2010/02/26 03:19:59 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DD8EBA77-3E69-4E46-9041-2AC5353C12FC}.job

========== Purity Check ==========


< End of report >

seten
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 23 bře 2009 14:00

Re: BackDoor.Generic12.AEIU

#7 Příspěvek od seten »

Provedu hned jak dobehne ta instalace prerusovat uz to asi nema smysl ona se totiz asi neprovedla jak jsem psal ale jenom se nakopirovali ty soubory na disk a vzhledem k tomu ze jsem se nedostal za POST se jeste nedokoncila a bezi az ted, ale uz to snad bude.

seten
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 23 bře 2009 14:00

Re: BackDoor.Generic12.AEIU

#8 Příspěvek od seten »

Takze v OTLPE to probehlo a smazalo jeden zaznam v registru
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrjbha
po nabehnuti jsem v registrech uz nic nenasel a vytizeni procesoru se zda v normalu
jinak jaky je nejcastejsi zpusob chyceni takoveto haveti v pc? Uzivatel tvrdi ze hlaska AVG se objevila zhruba v dobe kdy od jineho uzivatele v siti prijal nejake PDF. Tak jestli nahodou by nemel byt zkontrolovan i ten druhy pc.

seten
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 23 bře 2009 14:00

Re: BackDoor.Generic12.AEIU

#9 Příspěvek od seten »

AVG rezidentni stit je podle me pouze oznacil, ted jsem koukal a fyzicky tam porad jsou na umisteni kde je to hlasilo, spustil jsem kompletni test.

seten
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 23 bře 2009 14:00

Re: BackDoor.Generic12.AEIU

#10 Příspěvek od seten »

Takze ten Kaspersky jsem stopnul kdyz uz presel na prohledavani dvdcka a do ty doby nic nenasel,
MBAM log
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3799
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

27.2.2010 10:45:11
mbam-log-2010-02-27 (10-45-04).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 278890
Uplynulý čas: 53 minute(s), 57 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Sida\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

kde tu oznacenou polozku jsem dal nakonec taky smazat, neprislo mi ze by byla na nejakym kritickym miste a RootRepeal akorat bezi, log zachvilku hodim

seten
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 23 bře 2009 14:00

Re: BackDoor.Generic12.AEIU

#11 Příspěvek od seten »

takze tady log z RootRepeal

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/02/27 10:47
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8E1E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5E6000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA4E11000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\$avg\$chjw\481d54be-beb0-49f5-a614-7ba3838b6439
Status: Size mismatch (API: 1797836, Raw: 1788908)

Path: c:\$avg\$chjw\9ff04c7d-8a31-42ad-84ea-e3aaad4b6b4f
Status: Size mismatch (API: 1998088, Raw: 1980232)

Path: c:\windows\temp\perflib_perfdata_9d4.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\All Users\Dokumenty\filmy\zz TV\DTMPEG~1.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\All Users\Dokumenty\filmy\zz TV\NVEVOD~1.MPE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d70cc

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d70d1

==EOF==

seten
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 23 bře 2009 14:00

Re: BackDoor.Generic12.AEIU

#12 Příspěvek od seten »

Takze RSIT log po restartu

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sida at 2010-02-27 11:06:02
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 81 GB (17%) free of 477 GB
Total RAM: 1791 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:25, on 27.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7\miranda32.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\OZOTISKY\PRINTFILE\PRFILE32.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\OZOTISKY\PRINTFILE\PRFILE32.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Mx-3 B-Cup Service.exe
C:\Program Files\BurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\All Users\Dokumenty\stažené soubory\RSIT.exe
C:\Program Files\trend micro\Sida.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [MirandaIM] "C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7\miranda32.exe" "C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7\Profile\dbase-v6.6"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Zástupce - miranda32.lnk = C:\Program Files\Mir4nda-IM-0.7.1-Pack-v2.0\miranda32.exe
O4 - Startup: Údržba databáze BUILDpower.LNK = C:\Program Files\RTSStavitel\BPStartUp.exe
O4 - Global Startup: Komprimovaný tisk.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Normální tisk.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} (ICASign Class) - https://ib24.csob.cz/Comp/IcaSignerCZ.cab
O16 - DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} (CSOBEnroll Class) - https://ib24.csob.cz/comp/CSOBEnroll.dll
O16 - DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} (ICApki Class) - http://download.ica.cz/icapki.cab
O16 - DPF: {8DB83558-B5E6-4449-8E59-B91126580A99} (ICAHsmEngine Class) - https://ib24.csob.cz/comp/ICAHsmEngine.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MX-3 B-Cup XP (Mx-3 B-Cup Service) - n.v.t. MX-3 - C:\WINDOWS\system32\Mx-3 B-Cup Service.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnerXP\NMSAccessU.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

--
End of file - 10688 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{DD8EBA77-3E69-4E46-9041-2AC5353C12FC}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-01-20 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-15 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2003-12-04 406016]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-29 52168]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"eBook Library Launcher"=C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [2009-11-24 906640]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2009-02-25 77824]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-03-27 16859136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-10 39408]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"MirandaIM"=C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7\miranda32.exe [2009-10-04 792576]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Komprimovaný tisk.lnk - C:\OZOtisky\PrintFile\shortcuts\Komprimovaný tisk.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Normální tisk.lnk - C:\OZOtisky\PrintFile\shortcuts\Normální tisk.exe

C:\Documents and Settings\Sida\Nabídka Start\Programy\Po spuštění
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
Zástupce - miranda32.lnk - C:\Program Files\Mir4nda-IM-0.7.1-Pack-v2.0\miranda32.exe
Údržba databáze BUILDpower.LNK - C:\Program Files\RTSStavitel\BPStartUp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-01-20 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\WINDOWS\RTHDCPL.exe"="C:\WINDOWS\RTHDCPL.exe:*:Enabled:ENABLE"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\ARCHline.XP 2009\exe\ARCHlineXP2009.exe"="C:\Program Files\ARCHline.XP 2009\exe\ARCHlineXP2009.exe:*:Enabled:ARCHline.XP"
"C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7\miranda32.exe"="C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

======List of files/folders created in the last 1 months======

2010-02-27 10:59:38 ----A---- C:\RootRepeal report 02-27-10 (10-59-38).txt
2010-02-27 10:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-27 10:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-27 09:43:36 ----D---- C:\Documents and Settings\Sida\Data aplikací\Malwarebytes
2010-02-27 09:43:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-27 09:43:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-02-26 23:55:54 ----D---- C:\_OTL
2010-02-26 23:09:48 ----A---- C:\OTL.Txt
2010-02-26 21:17:11 ----A---- C:\ComboFix.txt
2010-02-26 18:00:58 ----D---- C:\WINDOWS\Prefetch
2010-02-26 17:37:15 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-26 17:36:17 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-02-26 17:17:46 ----A---- C:\WINDOWS\imsins.BAK
2010-02-26 17:17:33 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-02-26 17:17:33 ----A---- C:\WINDOWS\system32\irclass.dll
2010-02-26 17:17:18 ----RA---- C:\WINDOWS\SET126.tmp
2010-02-26 17:17:07 ----RA---- C:\WINDOWS\SETFB.tmp
2010-02-26 17:17:03 ----RA---- C:\WINDOWS\SETEF.tmp
2010-02-26 17:17:02 ----RA---- C:\WINDOWS\SETEC.tmp
2010-02-26 17:15:17 ----A---- C:\WINDOWS\setuplog.txt
2010-02-26 09:53:31 ----A---- C:\WINDOWS\zip.exe
2010-02-26 09:53:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-26 09:53:31 ----A---- C:\WINDOWS\SWSC.exe
2010-02-26 09:53:31 ----A---- C:\WINDOWS\SWREG.exe
2010-02-26 09:53:31 ----A---- C:\WINDOWS\sed.exe
2010-02-26 09:53:31 ----A---- C:\WINDOWS\PEV.exe
2010-02-26 09:53:31 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-26 09:53:31 ----A---- C:\WINDOWS\MBR.exe
2010-02-26 09:53:31 ----A---- C:\WINDOWS\grep.exe
2010-02-26 09:51:08 ----D---- C:\Qoobox
2010-02-25 17:56:23 ----D---- C:\rsit
2010-02-25 17:56:23 ----D---- C:\Program Files\trend micro
2010-02-17 14:40:42 ----A---- C:\WINDOWS\system32\Mx-3 B-Cup Service.exe

======List of files/folders modified in the last 1 months======

2010-02-27 11:06:03 ----D---- C:\Documents and Settings\Sida\Data aplikací\OpenOffice.org2
2010-02-27 11:05:58 ----D---- C:\WINDOWS\temp
2010-02-27 11:05:47 ----AD---- C:\WINDOWS
2010-02-27 11:05:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-27 11:05:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-27 11:05:16 ----SD---- C:\WINDOWS\Tasks
2010-02-27 11:04:35 ----D---- C:\WINDOWS\system32
2010-02-27 11:04:18 ----D---- C:\WINDOWS\system32\drivers
2010-02-27 11:04:18 ----D---- C:\WINDOWS\Resources
2010-02-27 11:03:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-27 10:22:33 ----HD---- C:\WINDOWS\inf
2010-02-27 10:15:48 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2010-02-27 09:57:42 ----D---- C:\WINDOWS\system32\config
2010-02-27 09:43:32 ----RD---- C:\Program Files
2010-02-27 09:41:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-27 09:41:05 ----D---- C:\Program Files\Mozilla Firefox
2010-02-27 09:40:04 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-27 09:40:00 ----D---- C:\WINDOWS\Help
2010-02-26 21:20:27 ----D---- C:\WINDOWS\security
2010-02-26 21:15:24 ----A---- C:\WINDOWS\system.ini
2010-02-26 21:13:44 ----D---- C:\WINDOWS\AppPatch
2010-02-26 21:13:39 ----D---- C:\Program Files\Common Files
2010-02-26 20:57:26 ----AC---- C:\WINDOWS\wincmd.ini
2010-02-26 19:01:14 ----SHD---- C:\System Volume Information
2010-02-26 18:57:12 ----D---- C:\WINDOWS\Registration
2010-02-26 18:26:32 ----D---- C:\OZO2009P
2010-02-26 18:26:15 ----D---- C:\OZO2010P
2010-02-26 18:25:53 ----A---- C:\WINDOWS\iltwain.ini
2010-02-26 18:05:09 ----D---- C:\WINDOWS\system32\Restore
2010-02-26 17:37:54 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-26 17:37:10 ----AC---- C:\WINDOWS\ODBCINST.INI
2010-02-26 17:36:20 ----RD---- C:\WINDOWS\Web
2010-02-26 17:36:12 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-26 17:36:00 ----A---- C:\WINDOWS\win.ini
2010-02-26 17:35:56 ----D---- C:\WINDOWS\srchasst
2010-02-26 17:35:53 ----D---- C:\WINDOWS\system32\oobe
2010-02-26 17:35:46 ----D---- C:\Program Files\Windows Media Player
2010-02-26 17:35:35 ----D---- C:\Program Files\Movie Maker
2010-02-26 17:35:19 ----D---- C:\Program Files\NetMeeting
2010-02-26 17:35:13 ----D---- C:\Program Files\Outlook Express
2010-02-26 17:35:12 ----D---- C:\Program Files\Common Files\System
2010-02-26 17:34:52 ----D---- C:\Program Files\Internet Explorer
2010-02-26 17:34:39 ----D---- C:\WINDOWS\system32\Com
2010-02-26 17:33:43 ----D---- C:\Program Files\Windows NT
2010-02-26 17:33:31 ----D---- C:\WINDOWS\system32\wbem
2010-02-26 17:32:12 ----SH---- C:\boot.ini
2010-02-26 17:17:33 ----D---- C:\WINDOWS\system
2010-02-26 17:17:25 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-02-26 15:46:57 ----D---- C:\WINDOWS\system32\Setup
2010-02-26 15:46:46 ----D---- C:\WINDOWS\system32\usmt
2010-02-26 15:46:34 ----D---- C:\WINDOWS\ime
2010-02-26 15:46:33 ----RSD---- C:\WINDOWS\Fonts
2010-02-26 15:46:32 ----D---- C:\WINDOWS\Media
2010-02-26 15:46:20 ----D---- C:\WINDOWS\PeerNet
2010-02-26 15:46:05 ----D---- C:\WINDOWS\system32\npp
2010-02-26 15:45:58 ----D---- C:\WINDOWS\msagent
2010-02-26 15:42:59 ----D---- C:\WINDOWS\system32\1029
2010-02-26 15:42:45 ----D---- C:\WINDOWS\twain_32
2010-02-26 15:42:04 ----D---- C:\WINDOWS\system32\icsxml
2010-02-26 15:41:32 ----D---- C:\WINDOWS\system32\ias
2010-02-26 15:41:27 ----D---- C:\WINDOWS\system32\1033
2010-02-26 15:40:07 ----D---- C:\WINDOWS\WinSxS
2010-02-26 15:40:07 ----D---- C:\WINDOWS\Driver Cache
2010-02-26 10:05:29 ----D---- C:\WINDOWS\ERDNT
2010-02-26 09:47:47 ----D---- C:\WINDOWS\Debug
2010-02-26 09:45:20 ----D---- C:\Program Files\CCleaner
2010-02-26 09:18:47 ----D---- C:\Documents and Settings\Sida\Data aplikací\Canon
2010-02-26 09:18:45 ----A---- C:\WINDOWS\CSTBox.INI
2010-02-26 02:09:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-25 22:10:23 ----SHD---- C:\WINDOWS\Installer
2010-02-25 18:53:02 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-25 11:57:07 ----D---- C:\Program Files\DWG Viewer
2010-02-25 00:05:22 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-17 15:51:29 ----A---- C:\WINDOWS\Labels.INI
2010-02-16 11:05:36 ----D---- C:\Program Files\Mir4nda-IM-0.8.8-Pack-v2.7
2010-02-15 11:31:12 ----D---- C:\Program Files\PROTECH
2010-02-15 11:30:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-12 08:32:35 ----A---- C:\WINDOWS\PENB.INI
2010-02-11 10:49:30 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-10 16:46:24 ----A---- C:\WINDOWS\Csp.INI
2010-02-04 08:10:34 ----D---- C:\Program Files\Google
2010-02-02 17:14:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-01-20 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-01-20 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-01-20 360584]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-03-02 14848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2006-03-02 8832]
R2 aksfridge;HASP Fridge; C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2008-03-18 350720]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2006-03-02 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-02 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-02 55936]
R3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2007-07-05 238976]
R3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-07-05 14976]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-02 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2003-12-04 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-20 30104]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-02 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-27 4713472]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2006-03-02 63744]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-02 61824]
R3 NmPar;PCI Parallel Port; C:\WINDOWS\system32\DRIVERS\NmPar.sys [2008-12-24 80256]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-01-21 118656]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-03-02 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 akshhl;Aladdin HASP HL Key; C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-07-23 46336]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-20 30104]
S3 catchme;catchme; \??\C:\DOCUME~1\Sida\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GEMPC430;GEMPLUS GemPC430 USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\grclass.sys [2001-10-24 82432]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-03-02 10880]
S3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2006-03-02 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2006-03-02 15360]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 26496]
S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-07-17 28672]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-03-02 31744]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-01-20 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-20 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-01-20 2304192]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2007-06-14 145504]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2008-04-24 2562048]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Mx-3 B-Cup Service;MX-3 B-Cup XP; C:\WINDOWS\system32\Mx-3 B-Cup Service.exe [2010-02-17 124928]
R2 NMSAccessU;NMSAccessU; C:\Program Files\BurnerXP\NMSAccessU.exe [2008-10-20 71096]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-02 194032]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Sony SCSI Helper Service;Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [2009-11-09 73728]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

seten
Návštěvník
Návštěvník
Příspěvky: 30
Registrován: 23 bře 2009 14:00

Re: BackDoor.Generic12.AEIU

#13 Příspěvek od seten »

Tak jsem zdarne prosel vsemi body(snad), aktualizace uz stahuju a ten firewall by snad mel bezet AVG, ikonka v tray sice zmizela, ale kdyz pustim uzivatelske rozhrani pres nabidku start tak hlasi vse aktivni.
Jinak dekuji mnohokrat za pomoc, uz jsem to videl spatne a ani nedoufal ze by to mohlo jeste nejak bez reinstalu jit takze jeste jednou diky!

Odpovědět