Security tool

[michal10]

Zdravím, mám problém s virem "security tool". Vyskakuje všude, nejde se připojit na net, zmizeli ikony z plochy a program "HiJackthis" jde spustit jen v nouzovém režimu. Děkuji předem za radu


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 15:07:10, on 22.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [90606627] C:\ProgramData\90606627\90606627.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7377 bytes

[Caroprd111]

Zdravím

Potřeboval bych log z RSIT (klidně i z nouzového režimu) http://www.viry.cz/forum/viewtopic.php?f=13&t=82743

[michal10]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Michal at 2010-03-22 18:12:58
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 211 GB (69%) free of 305 GB
Total RAM: 2047 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:59, on 22.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RSIT.exe
C:\Program Files\trend micro\Michal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [90606627] C:\ProgramData\90606627\90606627.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7346 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-01-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-11 5296128]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-03-06 488984]
""= []
"LogitechQuickCamRibbon"=C:\Program Files\Labtec\WebCam10\WebCam10.exe [2007-03-06 1060376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"USB Storage Toolbox"=C:\Program Files\USB Disk Win98 Driver\Res.EXE [2005-09-14 65536]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-03-13 81920]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-01-15 13683232]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-01-15 92704]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-01-12 37888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-09-14 3055616]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"90606627"=C:\ProgramData\90606627\90606627.exe [2010-03-22 1047040]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.scr - open - "%windir%\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-03-22 18:12:45 ----A---- C:\Program Files\RSIT.exe
2010-03-22 18:08:30 ----D---- C:\rsit
2010-03-22 18:08:30 ----D---- C:\Program Files\trend micro
2010-03-22 14:56:37 ----A---- C:\Windows\ntbtlog.txt
2010-03-22 14:05:15 ----D---- C:\Program Files\TrendMicro
2010-03-22 13:50:06 ----D---- C:\FY01
2010-03-22 12:35:41 ----D---- C:\ProgramData\90606627
2010-03-14 21:40:30 ----SHD---- C:\found.001
2010-03-11 06:22:50 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-11 06:22:46 ----A---- C:\Windows\system32\httpapi.dll
2010-02-24 05:25:47 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 05:25:38 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 05:25:38 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 05:25:37 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 05:25:37 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 05:25:37 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 05:25:37 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 05:25:37 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 05:25:37 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 05:25:37 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 05:25:35 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 05:25:35 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-24 05:25:34 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

======List of files/folders modified in the last 1 months======

2010-03-22 18:12:49 ----RD---- C:\Program Files
2010-03-22 18:07:53 ----D---- C:\Program Files\Mozilla Firefox
2010-03-22 18:07:37 ----D---- C:\Windows\System32
2010-03-22 18:07:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-22 18:07:36 ----D---- C:\Windows\inf
2010-03-22 14:58:25 ----D---- C:\Windows\system32\catroot2
2010-03-22 14:56:37 ----D---- C:\Windows
2010-03-22 14:54:03 ----D---- C:\Windows\Temp
2010-03-22 14:49:41 ----D---- C:\Windows\Prefetch
2010-03-22 14:43:32 ----SHD---- C:\Windows\Installer
2010-03-22 14:42:26 ----HD---- C:\Config.Msi
2010-03-22 14:23:06 ----D---- C:\Users\Michal\AppData\Roaming\ICQ
2010-03-22 14:05:12 ----SHD---- C:\System Volume Information
2010-03-22 13:22:55 ----D---- C:\ProgramData\Spyware Terminator
2010-03-22 13:22:32 ----D---- C:\Program Files\Spyware Terminator
2010-03-22 13:00:06 ----D---- C:\Users\Michal\AppData\Roaming\Spyware Terminator
2010-03-22 12:35:41 ----HD---- C:\ProgramData
2010-03-22 07:27:11 ----D---- C:\Program Files\Abra
2010-03-19 07:11:17 ----D---- C:\ABRAG1
2010-03-11 06:46:30 ----D---- C:\Windows\winsxs
2010-03-11 06:36:05 ----D---- C:\Windows\system32\catroot
2010-03-11 06:28:44 ----D---- C:\Windows\system32\drivers
2010-03-11 06:28:44 ----D---- C:\Program Files\Windows Mail
2010-03-11 06:28:44 ----D---- C:\Program Files\Movie Maker
2010-03-11 06:26:07 ----A---- C:\Windows\win.ini
2010-03-02 06:30:12 ----A---- C:\Windows\system32\mrt.exe
2010-02-24 17:00:02 ----D---- C:\Windows\rescache
2010-02-24 12:22:03 ----D---- C:\Windows\system32\cs-CZ
2010-02-24 12:22:02 ----RSD---- C:\Windows\Fonts
2010-02-24 12:22:02 ----D---- C:\Windows\AppPatch
2010-02-24 10:16:06 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-07-30 1025024]
S1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
S1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2009-09-14 142592]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
S2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-11 2077080]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-03-06 1669664]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-03-06 2261792]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-03-06 41376]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-01-15 7740320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-03-06 491168]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winusb;Ovladač WinUsb; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
S2 Autodesk Data Management Job Dispatch;Autodesk Data Management Job Dispatch; C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe [2007-02-13 32768]
S2 Autodesk EDM Server;Autodesk EDM Server; C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe [2007-02-13 49152]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [2008-11-11 81920]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-03-06 105248]
S2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-01-15 207392]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-09-14 487424]
S2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
S2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
S2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-06-27 79360]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2008-11-11 2015232]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

[Caroprd111]

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

[michal10]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3900
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

22.3.2010 20:11:03
mbam-log-2010-03-22 (20-10-55).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 120824
Uplynulý čas: 5 minute(s), 14 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 1
Infikované soubory: 5

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\ProgramData\90606627 (Rogue.Multiple) -> No action taken.

Infikované soubory:
C:\$Recycle.Bin\S-1-5-21-2033219669-755253501-60140191-1000\$RXC9SJ1.exe (Rogue.SecurityTool) -> No action taken.
C:\Users\Michal\AppData\Local\Temp\H8SRT4f0.tmp (Trojan.FakeAlert) -> No action taken.
C:\Users\Michal\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
C:\Program Files\Cabutil.dll (Spyware.OnlineGames) -> No action taken.

[Caroprd111]

Vše smažte a dejte úplný sken.

[michal10]

Ještě t našlo nějakého troje, ale už se tváří výrazně lépe

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3900
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

22.3.2010 21:11:54
mbam-log-2010-03-22 (21-11-50).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 265750
Uplynulý čas: 45 minute(s), 53 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Windows\ConfigSetRoot\BS Player Pro v2.12.942 Pro + Keygen.exe\BS Player Pro v2.12.942 Pro + Keygen\keygen\keygen.exe (Trojan.Hacktool) -> No action taken.

[Caroprd111]

Položku smažte a restartujte PC.


Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[michal10]

ComboFix 10-03-22.02 - Michal 22.03.2010 21:34:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.1185 [GMT 1:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1385623068-3562770978-3592965114-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3120336591-3898995569-679136941-500
c:\users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Adlm.err
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\Connect.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-22 do 2010-03-22 )))))))))))))))))))))))))))))))
.

2010-03-22 20:42 . 2010-03-22 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-22 19:03 . 2010-03-22 19:03 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2010-03-22 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-22 19:03 . 2010-03-22 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-22 19:03 . 2010-03-22 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-03-22 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-22 19:02 . 2010-03-22 19:03 5115824 ----a-w- c:\users\Michal\mbam-setup.exe
2010-03-22 17:30 . 2010-03-22 17:30 -------- d-----w- c:\program files\Crawler
2010-03-22 17:12 . 2010-03-22 17:12 781909 ----a-w- c:\program files\RSIT.exe
2010-03-22 17:08 . 2010-03-22 17:12 -------- d-----w- c:\program files\trend micro
2010-03-22 17:08 . 2010-03-22 17:08 -------- d-----w- C:\rsit
2010-03-22 13:42 . 2010-03-22 13:42 388096 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-22 13:28 . 2010-03-22 13:29 743 ----a-w- c:\users\Michal\xp_exe_fix.zip
2010-03-22 13:05 . 2010-03-22 13:05 -------- d-----w- c:\program files\TrendMicro
2010-03-22 12:50 . 2010-03-22 12:50 -------- d-----w- C:\FY01
2010-03-14 20:40 . 2010-03-14 20:40 -------- d-----w- C:\found.001
2010-03-11 05:22 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 05:22 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 05:22 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 20:27 . 2009-09-14 18:02 -------- d-----w- c:\users\Michal\AppData\Roaming\Spyware Terminator
2010-03-22 20:27 . 2009-09-14 18:02 -------- d-----w- c:\program files\Spyware Terminator
2010-03-22 20:25 . 2008-05-28 19:20 -------- d-----w- c:\users\Michal\AppData\Roaming\ICQ
2010-03-22 20:24 . 2008-12-24 07:48 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-22 17:35 . 2009-09-14 18:02 -------- d-----w- c:\programdata\Spyware Terminator
2010-03-22 17:07 . 2007-01-08 21:09 648598 ----a-w- c:\windows\system32\perfh005.dat
2010-03-22 17:07 . 2007-01-08 21:09 133856 ----a-w- c:\windows\system32\perfc005.dat
2010-03-22 06:27 . 2008-07-22 20:38 -------- d-----w- c:\program files\Abra
2010-03-11 05:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-24 09:16 . 2009-10-03 19:20 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-18 21:59 . 2008-06-18 04:40 -------- d-----w- c:\program files\Java
2010-02-18 21:57 . 2010-02-18 21:57 15951256 ----a-w- c:\users\Michal\jre-6u6-windows-i586-p-s.exe
2010-02-03 20:17 . 2010-02-03 20:17 116305818 ----a-w- c:\users\Michal\AbraG1-9.03.16-CZ.exe
2010-02-03 20:05 . 2010-02-03 20:05 -------- d-----w- c:\program files\Firebird
2010-02-03 20:04 . 2010-02-03 20:04 4459503 ----a-w- c:\users\Michal\Firebird-2.0.4.13130.exe
2010-02-02 16:54 . 2008-06-18 04:40 -------- d-----w- c:\program files\Common Files\Java
2010-01-26 10:29 . 2010-01-26 09:58 -------- d-----w- c:\program files\IGC
2010-01-26 10:29 . 2008-02-12 11:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-25 12:00 . 2010-02-24 04:25 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 04:25 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 04:25 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 04:25 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 04:25 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 04:25 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 04:25 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 04:25 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 04:25 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 05:54 . 2010-01-25 05:54 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-25 05:54 . 2008-12-24 12:27 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-25 05:54 . 2008-12-24 11:06 -------- d-----w- c:\program files\Nokia
2010-01-25 05:52 . 2010-01-25 05:52 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-25 05:49 . 2008-12-24 11:04 -------- d-----w- c:\programdata\Installations
2010-01-25 05:49 . 2010-01-25 05:49 95232 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-25 05:49 . 2010-01-25 05:49 8192 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-25 05:49 . 2010-01-25 05:49 61440 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-25 05:49 . 2010-01-25 05:49 10240 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-25 05:49 . 2010-01-25 05:49 34698816 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_cze.exe
2010-01-23 09:26 . 2010-02-24 04:25 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-12 06:34 . 2010-01-12 06:33 78208 ----a-w- c:\windows\hpqins05.dat
2010-01-08 16:07 . 2010-01-08 16:07 36864 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-01-08 16:07 . 2010-01-08 16:07 3351812 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-01-08 16:07 . 2010-01-08 16:07 3203453 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-01-08 15:59 . 2010-01-08 16:08 24567912 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_1.8.10CZ.exe
2010-01-06 15:39 . 2010-02-24 04:25 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 04:25 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 04:25 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 04:25 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 04:25 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 04:25 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 04:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2007-11-08 13:29 . 2008-06-18 19:02 61264 ----a-w- c:\program files\zmenyju
2007-06-12 08:30 . 2008-06-18 19:02 1648 ----a-w- c:\program files\juw_url.txt
2006-03-20 09:34 . 2008-06-18 19:02 12410 ----a-w- c:\program files\zmenyju2.txt
2006-03-14 17:28 . 2008-06-18 19:02 779264 ----a-w- c:\program files\vfp5csy.dll
2006-03-14 17:28 . 2008-06-18 19:02 3224336 ----a-w- c:\program files\vfp50Z.dll
2004-05-19 08:48 . 2008-06-18 19:02 190416 ----a-w- c:\program files\IMAGE1.BMP
2000-06-08 09:31 . 2008-06-18 19:02 39 ----a-w- c:\program files\config.fpw
1998-06-23 22:00 . 2008-06-18 19:02 609584 ----a-w- c:\program files\comctl32.ocx
1997-12-10 22:00 . 2008-06-18 19:02 67072 ----a-w- c:\program files\cabinet.dll
1997-01-23 22:00 . 2008-06-18 19:02 48606 ----a-w- c:\program files\foxpro.int
1996-11-12 10:12 . 2008-06-18 19:02 473872 ----a-w- c:\program files\oleaut32.dl_
.

Kód: Vybrat vše

<pre>
c:\windows\ConfigSetRoot\Nero 7 + keygen by Cweb\__INCOMPLETE__Nero-7.2.3.2b-ENG .exe
</pre>

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-09-14 3055616]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6b,4a,6b,1a,69,40,ca,01

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe [2008-11-11 81920]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe [2008-11-11 2015232]
S1 aswSP;avast! Self Protection; [x]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-09-14 142592]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\q6ongpue.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\q6ongpue.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AOEMViewScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 21:42
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-22 21:44:34
ComboFix-quarantined-files.txt 2010-03-22 20:44

Před spuštěním: Volných bajtů: 221 853 773 824
Po spuštění: Volných bajtů: 222 545 567 744

- - End Of File - - 9131B46C8203EA6AA8B3AB9FC6C5D359

[Caroprd111]

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Folder::
c:\windows\ConfigSetRoot\Nero 7 + keygen by Cweb

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci



Tohle otestujte na http://www.virustotal.com/cs/
c:\program files\vfp5csy.dll
c:\program files\vfp50Z.dll

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)


Tohle znáte
c:\program files\zmenyju



Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe

• Spusťte a klikněte na "Search For Files", po dokončení skenu klikněte na "Save List to File" -> "OK"
• Log s názvem ckfiles.txt bude uložený na ploše, obsah tohoto souboru sem vložte.

[pavel21]

I já mám tento problém a mohl by mi někdo poradit,jak se toho zbavit! Děkuji

[Caroprd111]

pavel21

Založte si své vlastní téma v sekci "Řešení problémů, logy" a vložte tam log z RSIT.

[michal10]

ComboFix 10-03-22.02 - Michal 22.03.2010 22:11:36.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.988 [GMT 1:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal\Desktop\CFScript.txt
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ConfigSetRoot\Nero 7 + keygen by Cweb
c:\windows\ConfigSetRoot\Nero 7 + keygen by Cweb\__INCOMPLETE__Nero-7.2.3.2b-ENG .exe
c:\windows\ConfigSetRoot\Nero 7 + keygen by Cweb\__INCOMPLETE__Nero_7_Keygen.exe
c:\windows\ConfigSetRoot\Nero 7 + keygen by Cweb\__INCOMPLETE__Ukb.txt

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-22 do 2010-03-22 )))))))))))))))))))))))))))))))
.

2010-03-22 21:17 . 2010-03-22 21:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-22 21:17 . 2010-03-22 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-22 19:03 . 2010-03-22 19:03 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2010-03-22 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-22 19:03 . 2010-03-22 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-22 19:03 . 2010-03-22 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-03-22 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-22 19:02 . 2010-03-22 19:03 5115824 ----a-w- c:\users\Michal\mbam-setup.exe
2010-03-22 17:30 . 2010-03-22 17:30 -------- d-----w- c:\program files\Crawler
2010-03-22 17:12 . 2010-03-22 17:12 781909 ----a-w- c:\program files\RSIT.exe
2010-03-22 17:08 . 2010-03-22 17:12 -------- d-----w- c:\program files\trend micro
2010-03-22 17:08 . 2010-03-22 17:08 -------- d-----w- C:\rsit
2010-03-22 13:42 . 2010-03-22 13:42 388096 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-22 13:28 . 2010-03-22 13:29 743 ----a-w- c:\users\Michal\xp_exe_fix.zip
2010-03-22 13:05 . 2010-03-22 13:05 -------- d-----w- c:\program files\TrendMicro
2010-03-22 12:50 . 2010-03-22 12:50 -------- d-----w- C:\FY01
2010-03-14 20:40 . 2010-03-14 20:40 -------- d-----w- C:\found.001
2010-03-11 05:22 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 05:22 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 05:22 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 20:27 . 2009-09-14 18:02 -------- d-----w- c:\users\Michal\AppData\Roaming\Spyware Terminator
2010-03-22 20:27 . 2009-09-14 18:02 -------- d-----w- c:\program files\Spyware Terminator
2010-03-22 20:25 . 2008-05-28 19:20 -------- d-----w- c:\users\Michal\AppData\Roaming\ICQ
2010-03-22 20:24 . 2008-12-24 07:48 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-22 17:35 . 2009-09-14 18:02 -------- d-----w- c:\programdata\Spyware Terminator
2010-03-22 17:07 . 2007-01-08 21:09 648598 ----a-w- c:\windows\system32\perfh005.dat
2010-03-22 17:07 . 2007-01-08 21:09 133856 ----a-w- c:\windows\system32\perfc005.dat
2010-03-22 06:27 . 2008-07-22 20:38 -------- d-----w- c:\program files\Abra
2010-03-11 05:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-24 09:16 . 2009-10-03 19:20 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-18 21:59 . 2008-06-18 04:40 -------- d-----w- c:\program files\Java
2010-02-18 21:57 . 2010-02-18 21:57 15951256 ----a-w- c:\users\Michal\jre-6u6-windows-i586-p-s.exe
2010-02-03 20:17 . 2010-02-03 20:17 116305818 ----a-w- c:\users\Michal\AbraG1-9.03.16-CZ.exe
2010-02-03 20:05 . 2010-02-03 20:05 -------- d-----w- c:\program files\Firebird
2010-02-03 20:04 . 2010-02-03 20:04 4459503 ----a-w- c:\users\Michal\Firebird-2.0.4.13130.exe
2010-02-02 16:54 . 2008-06-18 04:40 -------- d-----w- c:\program files\Common Files\Java
2010-01-26 10:29 . 2010-01-26 09:58 -------- d-----w- c:\program files\IGC
2010-01-26 10:29 . 2008-02-12 11:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-25 12:00 . 2010-02-24 04:25 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 04:25 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 04:25 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 04:25 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 04:25 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 04:25 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 04:25 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 04:25 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 04:25 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 05:54 . 2010-01-25 05:54 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-25 05:54 . 2008-12-24 12:27 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-25 05:54 . 2008-12-24 11:06 -------- d-----w- c:\program files\Nokia
2010-01-25 05:52 . 2010-01-25 05:52 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-25 05:49 . 2008-12-24 11:04 -------- d-----w- c:\programdata\Installations
2010-01-25 05:49 . 2010-01-25 05:49 95232 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-25 05:49 . 2010-01-25 05:49 8192 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-25 05:49 . 2010-01-25 05:49 61440 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-25 05:49 . 2010-01-25 05:49 10240 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-25 05:49 . 2010-01-25 05:49 34698816 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_cze.exe
2010-01-23 09:26 . 2010-02-24 04:25 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-12 06:34 . 2010-01-12 06:33 78208 ----a-w- c:\windows\hpqins05.dat
2010-01-08 16:07 . 2010-01-08 16:07 36864 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-01-08 16:07 . 2010-01-08 16:07 3351812 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-01-08 16:07 . 2010-01-08 16:07 3203453 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-01-08 15:59 . 2010-01-08 16:08 24567912 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_1.8.10CZ.exe
2010-01-06 15:39 . 2010-02-24 04:25 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 04:25 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 04:25 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 04:25 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 04:25 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 04:25 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 04:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2007-11-08 13:29 . 2008-06-18 19:02 61264 ----a-w- c:\program files\zmenyju
2007-06-12 08:30 . 2008-06-18 19:02 1648 ----a-w- c:\program files\juw_url.txt
2006-03-20 09:34 . 2008-06-18 19:02 12410 ----a-w- c:\program files\zmenyju2.txt
2006-03-14 17:28 . 2008-06-18 19:02 779264 ----a-w- c:\program files\vfp5csy.dll
2006-03-14 17:28 . 2008-06-18 19:02 3224336 ----a-w- c:\program files\vfp50Z.dll
2004-05-19 08:48 . 2008-06-18 19:02 190416 ----a-w- c:\program files\IMAGE1.BMP
2000-06-08 09:31 . 2008-06-18 19:02 39 ----a-w- c:\program files\config.fpw
1998-06-23 22:00 . 2008-06-18 19:02 609584 ----a-w- c:\program files\comctl32.ocx
1997-12-10 22:00 . 2008-06-18 19:02 67072 ----a-w- c:\program files\cabinet.dll
1997-01-23 22:00 . 2008-06-18 19:02 48606 ----a-w- c:\program files\foxpro.int
1996-11-12 10:12 . 2008-06-18 19:02 473872 ----a-w- c:\program files\oleaut32.dl_
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-09-14 3055616]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6b,4a,6b,1a,69,40,ca,01

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe [2008-11-11 81920]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe [2008-11-11 2015232]
S1 aswSP;avast! Self Protection; [x]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-09-14 142592]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\q6ongpue.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\q6ongpue.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 22:17
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-03-22 22:19:47
ComboFix-quarantined-files.txt 2010-03-22 21:19
ComboFix2.txt 2010-03-22 20:44

Před spuštěním: Volných bajtů: 222 579 802 112
Po spuštění: Volných bajtů: 222 549 032 960

- - End Of File - - F004E33FF8E93D6E27D4191139431572

[michal10]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.22 -
AhnLab-V3 5.0.0.2 2010.03.22 -
AntiVir 8.2.1.196 2010.03.22 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.22 -
Avast 4.8.1351.0 2010.03.22 -
Avast5 5.0.332.0 2010.03.22 -
AVG 9.0.0.787 2010.03.22 -
BitDefender 7.2 2010.03.22 -
CAT-QuickHeal 10.00 2010.03.22 -
ClamAV 0.96.0.0-git 2010.03.22 -
Comodo 4352 2010.03.22 -
DrWeb 5.0.1.12222 2010.03.22 -
eSafe 7.0.17.0 2010.03.21 -
eTrust-Vet 35.2.7382 2010.03.22 -
F-Prot 4.5.1.85 2010.03.22 -
F-Secure 9.0.15370.0 2010.03.22 -
Fortinet 4.0.14.0 2010.03.22 -
GData 19 2010.03.22 -
Ikarus T3.1.1.80.0 2010.03.22 -
Jiangmin 13.0.900 2010.03.22 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.22 -
McAfee 5928 2010.03.22 -
McAfee+Artemis 5928 2010.03.22 -
McAfee-GW-Edition 6.8.5 2010.03.22 -
Microsoft 1.5605 2010.03.22 -
NOD32 4966 2010.03.22 -
Norman 6.04.09 2010.03.22 -
nProtect 2009.1.8.0 2010.03.22 -
Panda 10.0.2.2 2010.03.22 -
PCTools 7.0.3.5 2010.03.22 -
Prevx 3.0 2010.03.22 -
Rising 22.40.00.04 2010.03.22 -
Sophos 4.51.0 2010.03.22 -
Sunbelt 6031 2010.03.22 -
Symantec 20091.2.0.41 2010.03.22 -
TheHacker 6.5.2.0.241 2010.03.22 -
TrendMicro 9.120.0.1004 2010.03.22 -
VBA32 3.12.12.2 2010.03.22 -
ViRobot 2010.3.22.2238 2010.03.22 -
VirusBuster 5.0.27.0 2010.03.22 -
Rozšiřující informace
File size: 3224336 bytes
MD5...: f52a34b176e1675328ce627793e81416
SHA1..: 3987dc43e135aee5943f41be60d118ab5827cb54
SHA256: 8d6bed78c2464d79393dfd408ab02f38b282297265177f78a257b7632efa7a53
ssdeep: 98304:qkIilvSwCW45QstD35AOFFplySlIFlHVtvgtYC:DfSwt45thBFFpMn99jC

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5ca9
timedatestamp.....: 0x344d313d (Tue Oct 21 22:48:29 1997)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2e2a70 0x2e2c00 6.65 5cd024398fbfafd5779edbcc2f50a67b
.rdata 0x2e4000 0xb34c 0xb400 5.52 f0872912d33be0f52b27f2f7df2f2054
.data 0x2f0000 0x1c698 0x7e00 3.49 f84247fe44ef4bf6d010a66c1f2362d2
.idata 0x30d000 0x2d72 0x2e00 5.46 063b795ee78db5d7e4166ab2fd52742d
.rsrc 0x310000 0x386c 0x3a00 4.73 22cb991a1711a66db06086f7993dab78
.reloc 0x314000 0x164a0 0x16600 6.74 34589b7cc4c8a8ad324af0421bb24b29

( 11 imports )
> KERNEL32.dll: GetOEMCP, MultiByteToWideChar, LoadLibraryA, GetProcAddress, FreeLibrary, GetCPInfo, CreateProcessA, GetComputerNameA, GetVersionExA, TerminateThread, GetLocalTime, MulDiv, WinExec, WaitForSingleObject, GetLocaleInfoA, GlobalFlags, GetSystemInfo, GlobalReAlloc, GetSystemDirectoryA, lstrcatA, GlobalFree, GlobalAlloc, IsBadCodePtr, IsBadReadPtr, IsBadWritePtr, HeapReAlloc, HeapDestroy, HeapCreate, GlobalMemoryStatus, HeapFree, VirtualAlloc, HeapAlloc, HeapSize, VirtualFree, GetDateFormatA, GetTimeFormatA, GetProfileIntA, GlobalCompact, FindResourceA, LoadResource, LockResource, lstrlenA, lstrcpyA, _lopen, _lread, _lclose, GetSystemDefaultLangID, FormatMessageA, GetCurrentThreadId, WideCharToMultiByte, LCMapStringA, GetSystemDefaultLCID, IsDBCSLeadByte, GetFileSize, MoveFileA, DeleteFileA, SetCurrentDirectoryA, GetCurrentDirectoryA, FindFirstFileA, FindNextFileA, FindClose, SetFileAttributesA, GetLogicalDrives, GetVolumeInformationA, GetDriveTypeA, GetDiskFreeSpaceA, GetSystemTime, SystemTimeToFileTime, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, GetFileTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, UnlockFile, LockFile, GetCurrentProcess, DuplicateHandle, SetEndOfFile, SetFilePointer, WriteFile, ReadFile, CloseHandle, GetFileAttributesA, CreateFileA, GetLastError, GlobalSize, GlobalLock, GetProfileStringA, GlobalUnlock, GetFullPathNameA, SearchPathA, GetModuleHandleA, SetErrorMode, GetTickCount, Sleep, CreateThread, GetACP, TerminateProcess, CreateDirectoryA, RtlUnwind, RemoveDirectoryA, SetHandleCount, GetFileType, GetModuleFileNameA, FlushFileBuffers, SetStdHandle, CompareStringW, GetCommandLineA, GetVersion, GetStringTypeA, GetStringTypeW, RaiseException, LCMapStringW, CompareStringA, GetEnvironmentStrings, GetStdHandle, GetStartupInfoA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, ExitProcess, SetEnvironmentVariableA, GetEnvironmentStringsW
> USER32.dll: GetWindow, CloseClipboard, EmptyClipboard, OpenClipboard, IsClipboardFormatAvailable, GetClipboardData, SetClipboardData, IsChild, DestroyAcceleratorTable, CreateAcceleratorTableA, CopyAcceleratorTableA, LoadAcceleratorsA, PostQuitMessage, DrawIcon, DestroyIcon, LoadBitmapA, GetDlgItem, GetWindowTextA, CheckDlgButton, IsDlgButtonChecked, LoadCursorFromFileA, CreateCursor, DestroyCursor, CreateIcon, SetDlgItemTextA, GetWindowDC, SubtractRect, EqualRect, GetDCEx, ClipCursor, UpdateWindow, WindowFromPoint, SetCursorPos, GetWindowThreadProcessId, GetCursorPos, CallNextHookEx, SetWindowsHookExA, UnhookWindowsHookEx, DispatchMessageA, GetMessageA, DdeAbandonTransaction, DdeUninitialize, DdeInitializeA, DdePostAdvise, DdeClientTransaction, DdeDisconnect, DdeConnect, DdeAccessData, DdeUnaccessData, DdeFreeDataHandle, GetClipboardFormatNameA, RegisterClipboardFormatA, DdeEnableCallback, DdeGetLastError, DdeNameService, DdeFreeStringHandle, DdeCreateDataHandle, DdeCreateStringHandleA, DdeQueryStringA, GetWindowRect, MessageBeep, GetKeyState, GetParent, PostMessageA, GetFocus, GetActiveWindow, ShowCursor, CharToOemBuffA, GetClassNameA, ScreenToClient, GetCursor, CharPrevA, InSendMessage, GetCapture, MapVirtualKeyA, OemToCharBuffA, ValidateRect, InvalidateRect, SetWindowPos, GetMenu, GetClientRect, ShowWindow, FrameRect, FillRect, InflateRect, CopyRect, OffsetRect, DrawTextA, SetWindowLongA, DestroyWindow, GetWindowLongA, LoadCursorA, RegisterClassA, LoadImageA, CreateWindowExA, ChangeClipboardChain, SetClipboardViewer, wsprintfA, DrawFocusRect, IsIconic, IsWindowVisible, KillTimer, SetTimer, GetQueueStatus, TranslateMessage, GetDesktopWindow, GetDC, ReleaseDC, GetMenuItemID, CreateMDIWindowA, LoadIconA, CreateCaret, SetCaretPos, ScrollDC, InvalidateRgn, RegisterWindowMessageA, DrawFrameControl, EnableMenuItem, InsertMenuA, GetSubMenu, ModifyMenuA, SetMenu, MessageBoxA, EnableWindow, GetClassLongA, SetClassLongA, SetFocus, BringWindowToTop, ReleaseCapture, SetCapture, ClientToScreen, SendMessageA, GetSystemMetrics, DefWindowProcA, GetUpdateRect, BeginPaint, EndPaint, keybd_event, GetKeyboardType, CharNextA, PeekMessageA, FindWindowA, RemoveMenu, DestroyMenu, SystemParametersInfoA, GetSystemMenu, GetMenuItemCount, DeleteMenu, LoadMenuIndirectA, CreateMenu, CreatePopupMenu, GetKeyboardState, SetKeyboardState, CharToOemA, SetCursor, SetRect, SendDlgItemMessageA, SetWindowTextA, SetActiveWindow, GetSysColorBrush, DrawIconEx, GetMenuItemInfoA, AppendMenuA, BeginDeferWindowPos, GetMenuStringA, EndDeferWindowPos, SetParent, IsZoomed, AdjustWindowRectEx, WinHelpA, UnregisterClassA, GetKeyboardLayout, DrawMenuBar, GrayStringA, MoveWindow, GetAsyncKeyState, GetSysColor, DestroyCaret, ShowCaret, DeferWindowPos
> GDI32.dll: EnumFontsA, SetBkColor, SetTextColor, SelectObject, Rectangle, GetBkColor, GetTextColor, GetStockObject, PatBlt, DeleteObject, GetObjectA, RealizePalette, SelectPalette, DeleteDC, CreatePalette, CreateCompatibleDC, SetBkMode, CreateFontIndirectA, BitBlt, RoundRect, Ellipse, FillRgn, CombineRgn, CreateRoundRectRgn, CreateEllipticRgnIndirect, CreateRectRgnIndirect, LineTo, MoveToEx, CreatePen, CreateSolidBrush, SetROP2, GetROP2, SetBrushOrgEx, GetDCOrgEx, LPtoDP, UnrealizeObject, PaintRgn, CreateRectRgn, CreatePatternBrush, CreateBitmap, GetRgnBox, RectInRegion, FrameRgn, Polyline, GetPixel, EnumFontFamiliesExA, AddFontResourceA, GetTextMetricsA, RemoveFontResourceA, CreateHatchBrush, SelectClipRgn, SetRectRgn, ExtTextOutA, GetTextExtentPointA, CreateBrushIndirect, SetTextAlign, GetTextAlign, CreateCompatibleBitmap, StretchBlt, SetStretchBltMode, SetViewportExtEx, SetWindowExtEx, SetMapMode, DeleteMetaFile, CloseMetaFile, SetWindowOrgEx, CreateMetaFileA, CreateDIBitmap, SetDIBits, StretchDIBits, GetBitmapBits, EnumFontFamiliesA, Escape, CreateICA, CreateDCA, StartPage, EndPage, StartDocA, EndDoc, AbortDoc, SetBitmapBits, OffsetRgn, GdiFlush, GetClipBox, GetDeviceCaps
> WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, WritePrinter, GetPrinterA, StartDocPrinterA, OpenPrinterA, EndDocPrinter
> comdlg32.dll: ChooseColorA, ChooseFontA, GetSaveFileNameA, PrintDlgA, GetOpenFileNameA, CommDlgExtendedError
> ADVAPI32.dll: RegQueryValueA, RegOpenKeyA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegCreateKeyA, RegOpenKeyW, RegSetValueA, RegDeleteKeyA, RegCreateKeyExA, RegEnumKeyA, RegEnumValueA
> SHELL32.dll: SHAppBarMessage, ShellExecuteA, SHFileOperationA
> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> MPR.dll: WNetGetUserA, WNetCancelConnection2A, WNetAddConnection2A, WNetGetConnectionA
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> WINMM.dll: PlaySoundA, timeGetTime

( 5 exports )
@OCXAPIInit@4, DllCanUnloadNow, DllGetClassObject, DllOleInit, DllWinMain

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Windows OCX File (62.8%)
Win32 Executable MS Visual C++ (generic) (19.1%)
Windows Screen Saver (6.6%)
Win32 Executable Generic (4.3%)
Win32 Dynamic Link Library (generic) (3.8%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: Copyright (c) 1988-1997 Microsoft Corp.
product......: Microsoft Visual FoxPro for Windows
description..: Microsoft Visual FoxPro for Windows
original name: VFP.EXE
internal name: VFP
file version.: 5.0a (Build 415)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!

VirusTotal © Hispasec Sistemas - Blog - Kontakt: info@virustotal.com - Terms of Service & Privacy Policy

[michal10]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.22 -
AhnLab-V3 5.0.0.2 2010.03.22 -
AntiVir 8.2.1.196 2010.03.22 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.22 -
Avast 4.8.1351.0 2010.03.22 -
Avast5 5.0.332.0 2010.03.22 -
AVG 9.0.0.787 2010.03.22 -
BitDefender 7.2 2010.03.22 -
CAT-QuickHeal 10.00 2010.03.22 -
ClamAV 0.96.0.0-git 2010.03.22 -
Comodo 4352 2010.03.22 -
DrWeb 5.0.1.12222 2010.03.22 -
eSafe 7.0.17.0 2010.03.21 -
eTrust-Vet 35.2.7382 2010.03.22 -
F-Prot 4.5.1.85 2010.03.22 -
F-Secure 9.0.15370.0 2010.03.22 -
Fortinet 4.0.14.0 2010.03.22 -
GData 19 2010.03.22 -
Ikarus T3.1.1.80.0 2010.03.22 -
Jiangmin 13.0.900 2010.03.22 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.22 -
McAfee 5928 2010.03.22 -
McAfee+Artemis 5928 2010.03.22 -
McAfee-GW-Edition 6.8.5 2010.03.22 -
Microsoft 1.5605 2010.03.22 -
NOD32 4966 2010.03.22 -
Norman 6.04.09 2010.03.22 -
nProtect 2009.1.8.0 2010.03.22 -
Panda 10.0.2.2 2010.03.22 -
PCTools 7.0.3.5 2010.03.22 -
Prevx 3.0 2010.03.22 -
Rising 22.40.00.04 2010.03.22 -
Sophos 4.51.0 2010.03.22 -
Sunbelt 6031 2010.03.22 -
Symantec 20091.2.0.41 2010.03.22 -
TheHacker 6.5.2.0.241 2010.03.22 -
TrendMicro 9.120.0.1004 2010.03.22 -
VBA32 3.12.12.2 2010.03.22 -
ViRobot 2010.3.22.2238 2010.03.22 -
VirusBuster 5.0.27.0 2010.03.22 -
Rozšiřující informace
File size: 779264 bytes
MD5...: 6435459623c20fb6e7fa10667d8a519e
SHA1..: 9cc1c22d3d80337f3b0b8303c80e275ac2953284
SHA256: ad0e2bfbbd4d9b0acc456444f2d1aa5619392f467d59d463009c0509f85562f3
ssdeep: 6144:ogdCkMTogckk3FzFL4Js6z7wqjYMXQMMMMSrDbZ:Tmbckk3FSJs6NjgMMMM
g/

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1064
timedatestamp.....: 0x344d20f6 (Tue Oct 21 21:39:02 1997)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xaa 0x200 2.05 848c6c27916961fdc7a84a608b5c8b93
.rdata 0x2000 0x49 0x200 0.73 f3e7f262fa5d3108efd3688c7429829b
.data 0x3000 0x4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x4000 0x68 0x200 0.91 4d3581ff33f24a25bd2dd436e3e11311
.rsrc 0x5000 0xbe000 0xbd800 5.50 17d4d1a89cb7ef704c62abc28196fe78
.reloc 0xc3000 0x48 0x200 0.18 58a71fe1838330430207dfad0fe78b75

( 1 imports )
> USER32.dll: LoadStringA, MessageBoxA

( 1 exports )
DllVersion

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ 4.x (45.9%)
Win64 Executable Generic (29.1%)
Win32 Executable MS Visual C++ (generic) (12.8%)
Windows Screen Saver (4.4%)
Win32 Executable Generic (2.9%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: Copyright (c) 1988-1997 Microsoft Corp.
product......: Microsoft Visual FoxPro pro Windows
description..: Microsoft Visual FoxPro pro Windows
original name: VFP500.DLL
internal name: VFP500
file version.: 5.0a (Build 415)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!