Prosím o kontrolu po odstranění Virus Protectoru

Zpráva

lenka85 · #1 Příspěvek od **lenka85** » 16 kvě 2010 16:59

Dobrý den,
před chvílí se mi podařilo (snad) úspěšně odstranit virus Virus Protector z kamarádčina notebooku a tak Vás porsím o kontrolu logu. Vůbec totiž nevěřím, že už je notebook čistý.

Děkuji.

Logfile of random's system information tool 1.07 (written by random/random)
Run by Zusss at 2010-05-16 17:56:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (50%) free of 31 GB
Total RAM: 2039 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:56:30, on 16.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\acovcnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Altap Salamander 2.5\SALAMAND.exe
C:\WINDOWS\system32\wuauclt.exe
E:\RSIT.exe
C:\Program Files\trend micro\Zusss.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: m-cris-d3-ipmi.netbox.priv HP001B78C7F967
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlý začátek s aplikací HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2618179936
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2625137937
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c989c1da54132a) (gupdate1c989c1da54132a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 13189 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-05-04 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-24 70928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-07-03 7708672]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-08-12 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-08-12 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-08-12 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-18 16270848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-20 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-07 69632]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-06-01 823296]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-06-01 974848]
"CognizanceTS"=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-25 17920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-16 815104]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]
"ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2007-06-26 851968]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-11-21 165144]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-03-10 815184]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-04 198160]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-11-21 960528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2008-11-21 4352832]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Rychlý začátek s aplikací HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-09 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [2007-02-10 74240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\setup\HPZnet01.exe"="F:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"F:\setup\HPONICIFS01.EXE"="F:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-05-16 17:56:15 ----D---- C:\rsit
2010-05-16 17:56:15 ----D---- C:\Program Files\trend micro
2010-05-16 17:55:27 ----D---- C:\WINDOWS\LastGood
2010-05-16 16:36:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-05-16 16:36:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-05-16 15:21:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-16 15:21:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-05-16 09:39:20 ----SHD---- C:\WINDOWS\CSC
2010-05-16 08:27:27 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-13 22:34:18 ----D---- C:\spoolerlogs
2010-05-12 22:37:21 ----DC---- C:\WINDOWS\$NtUninstallKB978542$

======List of files/folders modified in the last 1 months======

2010-05-16 17:56:15 ----RD---- C:\Program Files
2010-05-16 17:55:49 ----D---- C:\WINDOWS\Temp
2010-05-16 17:55:29 ----HD---- C:\WINDOWS\inf
2010-05-16 17:55:27 ----D---- C:\WINDOWS
2010-05-16 17:55:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-16 17:55:25 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-16 17:53:28 ----D---- C:\WINDOWS\Prefetch
2010-05-16 17:53:21 ----D---- C:\WINDOWS\system32
2010-05-16 17:53:21 ----A---- C:\WINDOWS\system32\acovcnt.exe
2010-05-16 17:46:52 ----D---- C:\WINDOWS\system32\config
2010-05-16 17:45:20 ----D---- C:\WINDOWS\system32\wbem
2010-05-16 17:45:13 ----D---- C:\WINDOWS\Registration
2010-05-16 17:44:36 ----HD---- C:\Config.Msi
2010-05-16 17:44:12 ----D---- C:\Program Files\Outlook Express
2010-05-16 17:44:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-16 17:13:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-16 16:34:20 ----D---- C:\WINDOWS\system32\drivers
2010-05-14 22:42:17 ----SD---- C:\WINDOWS\Tasks
2010-05-12 22:40:30 ----SHD---- C:\WINDOWS\Installer
2010-05-12 22:37:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-05-12 17:14:52 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-03 21:01:25 ----D---- C:\Program Files\Opera
2010-04-17 16:35:11 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ItSDisk;ItSDisk; C:\WINDOWS\System32\Drivers\ItSDisk.sys [2006-05-20 23232]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-21 21393]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-01-25 44704]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 36864]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-06-16 146824]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-09 5776864]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-29 36608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-19 4225920]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-28 5632]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-28 5760]
R3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-10-16 198976]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 al7ycsst;al7ycsst; C:\WINDOWS\system32\drivers\al7ycsst.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-11-21 554264]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-02-08 380928]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-06-01 647168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-10 1229232]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-06-01 327680]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-06-01 987136]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate1c989c1da54132a;Google Update Service (gupdate1c989c1da54132a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **stell** » 16 kvě 2010 17:24

Zdravim
podla mna nie

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Suhlasit instalacio Konzoly pre zotavenie (Recovery console)

- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

lenka85 · #3 Příspěvek od **lenka85** » 16 kvě 2010 18:14

diky,posilam log.

ComboFix 10-05-15.03 - Zusss 16.05.2010 18:57:24.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1236 [GMT 2:00]
Spuštěný z: c:\documents and settings\Zusss\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100516-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Settings
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\windows\system\VI30AUT.DLL
c:\windows\system32\lixgap.dll
D:\AUTORUN.INF

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-16 do 2010-05-16 )))))))))))))))))))))))))))))))
.

2010-05-16 17:07 . 2010-05-16 17:07 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-05-16 16:13 . 2010-05-16 16:13 36864 ---ha-w- C:\SZKGFS.dat
2010-05-16 16:12 . 2010-05-16 16:12 -------- d-----w- c:\program files\Common Files\iS3
2010-05-16 16:00 . 2010-05-16 16:00 -------- d-----w- c:\program files\Common Files\Java
2010-05-16 15:59 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-16 15:56 . 2010-05-16 15:56 -------- d-----w- C:\rsit
2010-05-16 15:56 . 2010-05-16 15:56 -------- d-----w- c:\program files\trend micro
2010-05-16 15:45 . 2010-05-16 15:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-13 20:34 . 2010-05-13 20:34 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 16:42 . 2010-05-16 16:41 728 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-16 15:59 . 2009-01-23 10:44 -------- d-----w- c:\program files\Java
2010-05-16 15:59 . 2004-08-18 12:00 81312 ----a-w- c:\windows\system32\perfc005.dat
2010-05-16 15:59 . 2004-08-18 12:00 435306 ----a-w- c:\windows\system32\perfh005.dat
2010-05-03 19:01 . 2009-01-22 11:51 -------- d-----w- c:\program files\Opera
2010-04-14 18:40 . 2009-02-08 07:49 -------- d-----w- c:\program files\Google
2010-04-11 09:40 . 2009-08-25 17:59 -------- d-----w- c:\program files\rajce
2010-04-08 09:28 . 2010-04-08 09:11 127133 ----a-w- c:\windows\hpoins11.dat
2010-04-08 09:21 . 2010-04-08 09:21 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-08 09:20 . 2010-04-08 09:19 -------- d-----w- c:\program files\Common Files\HP
2010-04-08 09:17 . 2010-03-28 11:04 -------- d-----w- c:\program files\HP
2010-04-08 08:53 . 2010-04-08 07:55 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-08 08:46 . 2010-04-08 08:44 103052 ----a-w- c:\windows\hpqins05.dat
2010-04-07 19:35 . 2010-03-16 20:08 -------- d-----w- c:\program files\1-Click YouTube Downloader
2010-03-28 11:07 . 2010-03-28 11:07 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-10 10:03 . 2009-11-16 11:55 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-10 10:03 . 2009-01-30 14:16 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2004-08-18 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-03-17 16:13 . 2004-03-17 16:13 1028368 ----a-w- c:\program files\vbrun60sp6.exe
2006-10-11 08:04 . 2009-02-19 12:19 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2009-02-19 12:19 48742 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2009-02-19 12:19 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2009-02-19 12:19 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2009-02-19 12:19 166510 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-10-30 00:35 391168 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-12 137752]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-18 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-20 2879488]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-16 815104]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-06-26 851968]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-21 165144]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-10 815184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Miloç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Rychlě zaź tek s aplikacˇ HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-10 01:30 74240 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-11-21 20:57 960528 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 10:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 19:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-11-21 20:20 4352832 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30.1.2009 16:00 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.1.2009 15:05 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.1.2009 11:18 114768]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [20.5.2006 3:14 23232]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [23.1.2009 13:54 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.2.2010 13:23 380928]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 14:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 14:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.1.2009 11:18 20560]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [21.1.2009 23:00 36864]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21.1.2009 23:10 36608]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [23.1.2009 13:54 65576]
S2 gupdate1c989c1da54132a;Google Update Service (gupdate1c989c1da54132a);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2009 9:50 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1229232]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Obsah adresáře 'Naplánované úlohy'

2010-05-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:02]

2010-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 07:49]

2010-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 07:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 19:07
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\windows\system32\acovcnt.exe 45056 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spke.sys >>UNKNOWN [0x8A151938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> atapi.sys @ 0xb9dfcb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) Wireless WiFi Link 4965AGN -> SendCompleteHandler -> NDIS.sys @ 0xb9d05bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d12a21
SendHandler -> NDIS.sys @ 0xb9cf087b
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\TrayIcon.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\brand.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItDAC.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItReports.DLL
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\BioAuth.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASBioAT.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCClient.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AuthWiz.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCard.dll
c:\windows\system32\xenroll.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\TokenAuth.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ittalsnap.DLL
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ittal.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\TpmAuth.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\STEngine.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\NetAdmin.dll

- - - - - - - > 'explorer.exe'(4428)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Altap Salamander 2.5\plugins\salamext.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ACEngSvr.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\acovcnt.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\HPZinw12.exe
.
**************************************************************************
.
Celkový čas: 2010-05-16 19:13:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-16 17:13

Před spuštěním: Volných bajtů: 16 029 609 984
Po spuštění: Volných bajtů: 15 980 097 536

- - End Of File - - A97271126780BD484B4EA475239AF8AE

#4 Příspěvek od **stell** » 16 kvě 2010 18:29

Odinstaluj progrm C:\Program Files\DAEMON Tools Lite
Stahni dle ze stranek SPTD http://www.duplexsecure.com/en/downloads verzi dle sveho operacniho systemu. SPTD for Windows (32 bit) nebo (64b) na plochu
- spust
- zvol moznost Uninstall
- restart PC

otestujte na VIRUSTOTALu
c:\windows\system32\drivers\kgpcpy.cfg
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)

lenka85 · #5 Příspěvek od **lenka85** » 16 kvě 2010 19:43

Soubor kgpcpy.cfg přijatý 2010.05.16 18:41:23 (UTC)
Současný stav: Dokončeno
Výsledek: 0/40 (0%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.14 -
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.15 -
Avast 4.8.1351.0 2010.05.16 -
Avast5 5.0.332.0 2010.05.16 -
AVG 9.0.0.787 2010.05.16 -
BitDefender 7.2 2010.05.16 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.16 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.15 -
F-Secure 9.0.15370.0 2010.05.16 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.16 -
Ikarus T3.1.1.84.0 2010.05.16 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.16 -
McAfee 5.400.0.1158 2010.05.16 -
McAfee-GW-Edition 2010.1 2010.05.16 -
Microsoft 1.5703 2010.05.16 -
NOD32 5118 2010.05.16 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.16 -
Rising 22.47.06.04 2010.05.16 -
Sophos 4.53.0 2010.05.16 -
Sunbelt 6310 2010.05.16 -
Symantec 20101.1.0.89 2010.05.16 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.16 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.15 -
VirusBuster 5.0.27.0 2010.05.16 -
Rozšiřující informace
File size: 728 bytes
MD5...: 1fb22d2df3bbbc5e82ad2fc53ca4ab79
SHA1..: bc617a2e9b3a3cdfb1228c75e201977f484b13ee
SHA256: 3bd7bb9d0edf6bfd0c13068dac3ec8104fe71501c75d447e46bced8d62ad654f
ssdeep: 12:lnTgDkUojBFWjbGh6NW2DA2gDkUou8Jsuj5Hn1/KMsYk7rahMcvFZPj4McK6g
kbW:1OoNcGh0hA2OoX9j9n1/K+2Iz8Mj6xmx
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#6 Příspěvek od **stell** » 16 kvě 2010 19:47

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
File::
c:\windows\system32\acovcnt.exe
C:\SZKGFS.dat
c:\windows\system32\drivers\kgpcpy.cfg
Rootkit::
c:\windows\system32\acovcnt.exe
Folder::
C:\Program Files\Application Updater
Driver::
Application Updater

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

lenka85 · #7 Příspěvek od **lenka85** » 16 kvě 2010 20:05

ComboFix 10-05-15.03 - Zusss 16.05.2010 20:51:23.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1215 [GMT 2:00]
Spuštěný z: c:\documents and settings\Zusss\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Zusss\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100516-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"C:\SZKGFS.dat"
"c:\windows\system32\acovcnt.exe"
"c:\windows\system32\drivers\kgpcpy.cfg"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Application Updater
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Application Updater\config.ini
C:\SZKGFS.dat
c:\windows\system32\acovcnt.exe
c:\windows\system32\drivers\kgpcpy.cfg

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPLICATION_UPDATER
-------\Service_Application Updater

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-16 do 2010-05-16 )))))))))))))))))))))))))))))))
.

2010-05-16 18:59 . 2010-05-16 18:59 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-05-16 16:12 . 2010-05-16 16:12 -------- d-----w- c:\program files\Common Files\iS3
2010-05-16 16:00 . 2010-05-16 16:00 -------- d-----w- c:\program files\Common Files\Java
2010-05-16 15:59 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-16 15:56 . 2010-05-16 15:56 -------- d-----w- C:\rsit
2010-05-16 15:56 . 2010-05-16 15:56 -------- d-----w- c:\program files\trend micro
2010-05-16 15:45 . 2010-05-16 15:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-13 20:34 . 2010-05-13 20:34 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 15:59 . 2009-01-23 10:44 -------- d-----w- c:\program files\Java
2010-05-16 15:59 . 2004-08-18 12:00 81312 ----a-w- c:\windows\system32\perfc005.dat
2010-05-16 15:59 . 2004-08-18 12:00 435306 ----a-w- c:\windows\system32\perfh005.dat
2010-05-03 19:01 . 2009-01-22 11:51 -------- d-----w- c:\program files\Opera
2010-04-14 18:40 . 2009-02-08 07:49 -------- d-----w- c:\program files\Google
2010-04-11 09:40 . 2009-08-25 17:59 -------- d-----w- c:\program files\rajce
2010-04-08 09:28 . 2010-04-08 09:11 127133 ----a-w- c:\windows\hpoins11.dat
2010-04-08 09:21 . 2010-04-08 09:21 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-08 09:20 . 2010-04-08 09:19 -------- d-----w- c:\program files\Common Files\HP
2010-04-08 09:17 . 2010-03-28 11:04 -------- d-----w- c:\program files\HP
2010-04-08 08:53 . 2010-04-08 07:55 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-08 08:46 . 2010-04-08 08:44 103052 ----a-w- c:\windows\hpqins05.dat
2010-04-07 19:35 . 2010-03-16 20:08 -------- d-----w- c:\program files\1-Click YouTube Downloader
2010-03-28 11:07 . 2010-03-28 11:07 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-10 10:03 . 2009-11-16 11:55 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-10 10:03 . 2009-01-30 14:16 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2004-08-18 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-03-17 16:13 . 2004-03-17 16:13 1028368 ----a-w- c:\program files\vbrun60sp6.exe
2006-10-11 08:04 . 2009-02-19 12:19 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2009-02-19 12:19 48742 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2009-02-19 12:19 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2009-02-19 12:19 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2009-02-19 12:19 166510 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-10-30 00:35 391168 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-12 137752]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-18 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-20 2879488]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-16 815104]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-06-26 851968]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-21 165144]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-10 815184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Miloç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Rychlě zaź tek s aplikacˇ HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-10 01:30 74240 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-11-21 20:57 960528 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 10:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 19:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-11-21 20:20 4352832 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30.1.2009 16:00 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.1.2009 11:18 114768]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [20.5.2006 3:14 23232]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [23.1.2009 13:54 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 14:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 14:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.1.2009 11:18 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1229232]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [21.1.2009 23:00 36864]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21.1.2009 23:10 36608]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [23.1.2009 13:54 65576]
S2 gupdate1c989c1da54132a;Google Update Service (gupdate1c989c1da54132a);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2009 9:50 133104]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Obsah adresáře 'Naplánované úlohy'

2010-05-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:02]

2010-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 07:49]

2010-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 07:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 20:59
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\windows\system32\acovcnt.exe 45056 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\TrayIcon.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\brand.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItDAC.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItReports.DLL
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\BioAuth.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASBioAT.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCClient.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AuthWiz.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCard.dll
c:\windows\system32\xenroll.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\TokenAuth.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ittalsnap.DLL
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ittal.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\TpmAuth.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\STEngine.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\NetAdmin.dll

- - - - - - - > 'explorer.exe'(5032)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Altap Salamander 2.5\plugins\salamext.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ACEngSvr.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\acovcnt.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2010-05-16 21:04:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-16 19:04
ComboFix2.txt 2010-05-16 17:13

Před spuštěním: Volných bajtů: 15 979 249 664
Po spuštění: Volných bajtů: 15 939 149 824

- - End Of File - - 3ED7697FAB7796576D86ACDA1BC4C0E6

#8 Příspěvek od **stell** » 16 kvě 2010 20:17

c:\windows\system32\acovcnt.exe

otestuj na www.virustotal.com

lenka85 · #9 Příspěvek od **lenka85** » 16 kvě 2010 20:20

Soubor acovcnt.exe přijatý 2010.05.16 19:19:14 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.14 -
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.15 -
Avast 4.8.1351.0 2010.05.16 -
Avast5 5.0.332.0 2010.05.16 -
AVG 9.0.0.787 2010.05.16 -
BitDefender 7.2 2010.05.16 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.16 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.15 -
F-Secure 9.0.15370.0 2010.05.16 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.16 -
Ikarus T3.1.1.84.0 2010.05.16 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.16 -
McAfee 5.400.0.1158 2010.05.16 -
McAfee-GW-Edition 2010.1 2010.05.16 -
Microsoft 1.5703 2010.05.16 -
NOD32 5118 2010.05.16 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.16 -
Prevx 3.0 2010.05.16 -
Rising 22.47.06.04 2010.05.16 -
Sophos 4.53.0 2010.05.16 -
Sunbelt 6310 2010.05.16 -
Symantec 20101.1.0.89 2010.05.16 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.16 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.15 -
VirusBuster 5.0.27.0 2010.05.16 -
Rozšiřující informace
File size: 45056 bytes
MD5...: 6bcaf46e2b7fa9ace92b4d39f3037c5c
SHA1..: 6d5a81e3cf59832d73f28d6e87f51d073c3e4095
SHA256: aaf659e3d38ad04848a9c3ed6250b30dc13acc8ac9f527a11f0c14e6ec8735b2
ssdeep: 384:eswH94Z+gT87cSDxeHlxpCjkDADNZop8ZYNniy91AI1ZQSrS9E5l1wX:OHE5
g7p8xQrN8niLI1ZQSeu5lG
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1613
timedatestamp.....: 0x425539fb (Thu Apr 07 13:47:39 2005)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4ee6 0x5000 6.60 f7aa46b67e4004a80db01ad39b5c4bd7
.rdata 0x6000 0xb32 0x1000 4.20 f3ceef6b97b6aad02714644497ad4da9
.data 0x7000 0x413c 0x3000 0.56 af4abe2835a3f5bf87330b627a696dbf
.rsrc 0xc000 0xc0 0x1000 0.14 c85d6206afcdfed0fe16bdc48441d945

( 5 imports )
> DDRAW.dll: DirectDrawCreateEx
> KERNEL32.dll: CreateEventA, SetEvent, CloseHandle, GetModuleFileNameA, SetHandleCount, GetStdHandle, GetEnvironmentStringsW, SetStdHandle, LoadLibraryA, GetProcAddress, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, FlushFileBuffers, LCMapStringW, LCMapStringA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, HeapDestroy, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetCPInfo, HeapFree, RtlUnwind, GetFileType, GetEnvironmentVariableA, GetVersionExA, MultiByteToWideChar, HeapCreate, VirtualFree, GetStringTypeA, WriteFile, SetFilePointer, GetLastError, GetStringTypeW, HeapAlloc
> USER32.dll: TranslateMessage, DispatchMessageA, CreateWindowExA, TranslateAcceleratorA, GetMessageA, LoadStringA, RegisterClassExA, DefWindowProcA, PostQuitMessage, LoadCursorA, LoadIconA
> ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegDeleteValueA, RegCreateKeyA
> ole32.dll: CoInitializeEx, CoUninitialize

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#10 Příspěvek od **stell** » 16 kvě 2010 20:25

ok das este jeden log
Stiahni >>tento<< subor na plochu.-rozbal na plochu.
klik-start -spustit vloz prikaz
"%userprofile%\plocha\tdsskiller.exe" -l "%userprofile%\plocha\tdsskiller.txt"
log vloz sem

lenka85 · #11 Příspěvek od **lenka85** » 16 kvě 2010 20:27

21:27:29:734 2132 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
21:27:29:734 2132 ================================================================================
21:27:29:734 2132 SystemInfo:

21:27:29:734 2132 OS Version: 5.1.2600 ServicePack: 3.0
21:27:29:734 2132 Product type: Workstation
21:27:29:734 2132 ComputerName: ASUS
21:27:29:734 2132 UserName: Zusss
21:27:29:734 2132 Windows directory: C:\WINDOWS
21:27:29:734 2132 Processor architecture: Intel x86
21:27:29:734 2132 Number of processors: 2
21:27:29:734 2132 Page size: 0x1000
21:27:29:734 2132 Boot type: Normal boot
21:27:29:734 2132 ================================================================================
21:27:29:750 2132 UnloadDriverW: NtUnloadDriver error 2
21:27:29:750 2132 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:27:29:796 2132 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
21:27:29:796 2132 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:27:29:796 2132 wfopen_ex: Trying to KLMD file open
21:27:29:796 2132 wfopen_ex: File opened ok (Flags 2)
21:27:29:796 2132 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
21:27:29:796 2132 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:27:29:796 2132 wfopen_ex: Trying to KLMD file open
21:27:29:796 2132 wfopen_ex: File opened ok (Flags 2)
21:27:29:796 2132 Initialize success
21:27:29:796 2132
21:27:29:796 2132 Scanning Services ...
21:27:30:250 2132 Raw services enum returned 389 services
21:27:30:250 2132
21:27:30:250 2132 Scanning Kernel memory ...
21:27:30:250 2132 Devices to scan: 3
21:27:30:250 2132
21:27:30:250 2132 Driver Name: Disk
21:27:30:250 2132 IRP_MJ_CREATE : BA10EBB0
21:27:30:250 2132 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:27:30:250 2132 IRP_MJ_CLOSE : BA10EBB0
21:27:30:250 2132 IRP_MJ_READ : BA108D1F
21:27:30:250 2132 IRP_MJ_WRITE : BA108D1F
21:27:30:250 2132 IRP_MJ_QUERY_INFORMATION : 804F4562
21:27:30:250 2132 IRP_MJ_SET_INFORMATION : 804F4562
21:27:30:250 2132 IRP_MJ_QUERY_EA : 804F4562
21:27:30:250 2132 IRP_MJ_SET_EA : 804F4562
21:27:30:250 2132 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:27:30:250 2132 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:27:30:250 2132 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:27:30:250 2132 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:27:30:250 2132 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:27:30:250 2132 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:27:30:250 2132 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:27:30:250 2132 IRP_MJ_SHUTDOWN : BA1092E2
21:27:30:250 2132 IRP_MJ_LOCK_CONTROL : 804F4562
21:27:30:250 2132 IRP_MJ_CLEANUP : 804F4562
21:27:30:250 2132 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:27:30:250 2132 IRP_MJ_QUERY_SECURITY : 804F4562
21:27:30:250 2132 IRP_MJ_SET_SECURITY : 804F4562
21:27:30:250 2132 IRP_MJ_POWER : BA10AC82
21:27:30:250 2132 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:27:30:250 2132 IRP_MJ_DEVICE_CHANGE : 804F4562
21:27:30:250 2132 IRP_MJ_QUERY_QUOTA : 804F4562
21:27:30:250 2132 IRP_MJ_SET_QUOTA : 804F4562
21:27:30:265 2132 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:27:30:265 2132
21:27:30:265 2132 Driver Name: Disk
21:27:30:265 2132 IRP_MJ_CREATE : BA10EBB0
21:27:30:265 2132 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:27:30:265 2132 IRP_MJ_CLOSE : BA10EBB0
21:27:30:265 2132 IRP_MJ_READ : BA108D1F
21:27:30:265 2132 IRP_MJ_WRITE : BA108D1F
21:27:30:265 2132 IRP_MJ_QUERY_INFORMATION : 804F4562
21:27:30:265 2132 IRP_MJ_SET_INFORMATION : 804F4562
21:27:30:265 2132 IRP_MJ_QUERY_EA : 804F4562
21:27:30:265 2132 IRP_MJ_SET_EA : 804F4562
21:27:30:265 2132 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:27:30:265 2132 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:27:30:265 2132 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:27:30:265 2132 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:27:30:265 2132 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:27:30:265 2132 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:27:30:265 2132 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:27:30:265 2132 IRP_MJ_SHUTDOWN : BA1092E2
21:27:30:265 2132 IRP_MJ_LOCK_CONTROL : 804F4562
21:27:30:265 2132 IRP_MJ_CLEANUP : 804F4562
21:27:30:265 2132 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:27:30:265 2132 IRP_MJ_QUERY_SECURITY : 804F4562
21:27:30:265 2132 IRP_MJ_SET_SECURITY : 804F4562
21:27:30:265 2132 IRP_MJ_POWER : BA10AC82
21:27:30:265 2132 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:27:30:265 2132 IRP_MJ_DEVICE_CHANGE : 804F4562
21:27:30:265 2132 IRP_MJ_QUERY_QUOTA : 804F4562
21:27:30:265 2132 IRP_MJ_SET_QUOTA : 804F4562
21:27:30:281 2132 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:27:30:281 2132
21:27:30:281 2132 Driver Name: atapi
21:27:30:281 2132 IRP_MJ_CREATE : B9F156F2
21:27:30:281 2132 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:27:30:281 2132 IRP_MJ_CLOSE : B9F156F2
21:27:30:281 2132 IRP_MJ_READ : 804F4562
21:27:30:281 2132 IRP_MJ_WRITE : 804F4562
21:27:30:281 2132 IRP_MJ_QUERY_INFORMATION : 804F4562
21:27:30:281 2132 IRP_MJ_SET_INFORMATION : 804F4562
21:27:30:281 2132 IRP_MJ_QUERY_EA : 804F4562
21:27:30:281 2132 IRP_MJ_SET_EA : 804F4562
21:27:30:281 2132 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:27:30:281 2132 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:27:30:281 2132 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:27:30:281 2132 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:27:30:281 2132 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:27:30:281 2132 IRP_MJ_DEVICE_CONTROL : B9F15712
21:27:30:281 2132 IRP_MJ_INTERNAL_DEVICE_CONTROL : B9F11852
21:27:30:281 2132 IRP_MJ_SHUTDOWN : 804F4562
21:27:30:281 2132 IRP_MJ_LOCK_CONTROL : 804F4562
21:27:30:281 2132 IRP_MJ_CLEANUP : 804F4562
21:27:30:281 2132 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:27:30:281 2132 IRP_MJ_QUERY_SECURITY : 804F4562
21:27:30:281 2132 IRP_MJ_SET_SECURITY : 804F4562
21:27:30:281 2132 IRP_MJ_POWER : B9F1573C
21:27:30:281 2132 IRP_MJ_SYSTEM_CONTROL : B9F1C336
21:27:30:281 2132 IRP_MJ_DEVICE_CHANGE : 804F4562
21:27:30:281 2132 IRP_MJ_QUERY_QUOTA : 804F4562
21:27:30:281 2132 IRP_MJ_SET_QUOTA : 804F4562
21:27:30:296 2132 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:27:30:296 2132
21:27:30:296 2132 Completed
21:27:30:296 2132
21:27:30:296 2132 Results:
21:27:30:296 2132 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:27:30:296 2132 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:27:30:296 2132 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:27:30:296 2132
21:27:30:296 2132 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
21:27:30:296 2132 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
21:27:30:296 2132 KLMD(ARK) unloaded successfully

#12 Příspěvek od **stell** » 16 kvě 2010 20:31

ok,mozes zmazat TDSKILLER,,
odinstaluj combofix-pravy klik na ikonu combofixu a premenuj na uninstall
a spust.
na zaver este sprav komlet skan Malwarebytes,
Stiahnes>>Malwarebytes' Anti-Malware stiahnut-nainstalovat -aktualizovat-
sprav komplet skan,co najde zmaz,,,log vloz sem,

lenka85 · #13 Příspěvek od **lenka85** » 16 kvě 2010 22:06

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4107

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16.5.2010 23:04:01
mbam-log-2010-05-16 (23-04-01).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 204796
Uplynulý čas: 38 minuta(y), 13 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

#14 Příspěvek od **stell** » 17 kvě 2010 07:58

ok
ako je na tom pocitac??

lenka85 · #15 Příspěvek od **lenka85** » 17 kvě 2010 10:40

Vypada v pohodě. Vsechno jede jak ma, tak snad uz to bude dobre.

VIRY.CZ

Prosím o kontrolu po odstranění Virus Protectoru

Prosím o kontrolu po odstranění Virus Protectoru

Re: Prosím o kontrolu po odstranění Virus Protectoru

Re: Prosím o kontrolu po odstranění Virus Protectoru

Re: Prosím o kontrolu po odstranění Virus Protectoru

Re: Prosím o kontrolu po odstranění Virus Protectoru

Re: Prosím o kontrolu po odstranění Virus Protectoru

Re: Prosím o kontrolu po odstranění Virus Protectoru

Re: Prosím o kontrolu po odstranění Virus Protectoru

Re: Prosím o kontrolu po odstranění Virus Protectoru

Re: Prosím o kontrolu po odstranění Virus Protectoru

Re: Prosím o kontrolu po odstranění Virus Protectoru

Re: Prosím o kontrolu po odstranění Virus Protectoru

Re: Prosím o kontrolu po odstranění Virus Protectoru

Re: Prosím o kontrolu po odstranění Virus Protectoru

Re: Prosím o kontrolu po odstranění Virus Protectoru