skryti ovladac Axxxxx.sys

Zpráva

katak · #1 Příspěvek od **katak** » 20 čer 2010 16:51

Zdravim, snazim sa uz nejaky cas odstranit tento rooting ale je nad moje moznosti. Pouzivam AVG 8.5 Network edition (platenu). Avg ho najde a pokusi sa ho odstanit ale vzdy po pokusu o odstaneni sa modifikuje na jiny nazov. Vzdy zacina ten subor s pismenom "a" a ostatok tela su rozne modifikacie a konci s priponov ".sys" . Pouzil som snad vsetky mozne anti rootkit ale bez uspechu.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:43:35, on 20.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vsnp2std.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6595594171
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Služba Google Update (gupdate1ca142d17a28f36) (gupdate1ca142d17a28f36) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ZTBGE - Unknown owner - C:\DOCUME~1\GREGOR~1\LOCALS~1\Temp\ZTBGE.exe (file missing)

--
End of file - 7911 bytes

#2 Příspěvek od **stell** » 20 čer 2010 16:58

Zdravim

Zdravim, snazim sa uz nejaky cas odstranit tento rooting

tento Rootkit-je pravdepodobne ovladac Daemon-Alcohol,-u,
Ale vloz sem log z RSIT

Stiahnes>>RSIT >>logy vloz sem,

katak · #3 Příspěvek od **katak** » 20 čer 2010 17:17

vypis s ComboFix

ComboFix 10-06-19.04 - Gregorian 20.06.2010 18:04:45.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1490 [GMT 2:00]
Spuštěný z: c:\documents and settings\Gregorian\Dokumenty\root\ComboFix.exe
AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\help.jpg
C:\Install.exe
c:\program files\INSTALL.LOG
c:\windows\system32\kabaker.dll
c:\windows\system32\TMPA.tmp
C:\wow.jpg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-20 do 2010-06-20 )))))))))))))))))))))))))))))))
.

2010-06-20 15:25 . 2010-06-20 15:25 -------- d-----w- c:\program files\Trend Micro
2010-06-15 01:00 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-06-15 00:53 . 2010-06-15 00:59 -------- d-----w- C:\root
2010-06-13 14:22 . 2009-06-18 10:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-06-13 00:01 . 2010-06-13 00:01 -------- d-----w- c:\program files\Sophos
2010-06-11 09:35 . 2010-06-11 09:35 -------- d-----w- C:\013422fa425361f630a9
2010-06-09 13:08 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 08:37 . 2010-06-08 08:37 -------- d-----w- c:\program files\Vstplugins
2010-06-08 08:36 . 2010-06-08 08:36 -------- d-----w- c:\program files\Sony
2010-06-08 08:14 . 2010-06-08 08:14 -------- d-----w- C:\Fraps
2010-06-08 08:11 . 2010-06-08 08:11 -------- d-----w- c:\program files\Sony Setup
2010-06-05 13:22 . 2010-06-05 13:22 -------- d-----w- C:\Tmp
2010-06-05 13:21 . 2010-06-05 13:21 -------- d-----w- c:\program files\Taksi
2010-06-04 18:48 . 2010-06-09 13:09 -------- d-----w- c:\program files\Game Cam XPress
2010-06-04 18:25 . 2010-06-04 19:24 -------- d-----w- c:\program files\Game Cam v1.4.0.5
2010-06-03 05:40 . 2010-06-03 05:40 -------- d-----w- c:\documents and settings\Gregorian\SystemRequirementsLab
2010-05-30 14:04 . 2010-05-30 14:04 -------- d-----w- C:\totalcmd
2010-05-30 14:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2010-05-30 14:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-05-30 14:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-05-30 14:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-05-30 14:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-05-30 14:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-05-30 14:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-05-27 15:19 . 2006-10-06 06:17 53248 ------w- c:\windows\Ctregrun.exe
2010-05-27 15:18 . 2008-09-30 03:23 181760 ----a-r- c:\windows\system32\ctdvinst.dll
2010-05-27 15:18 . 2007-10-12 08:19 53248 ----a-r- c:\windows\ksdef.exe
2010-05-27 15:18 . 2007-07-16 07:50 782336 ----a-r- c:\windows\OALInst.exe
2010-05-27 15:18 . 2008-09-19 01:46 1462 ----a-r- c:\windows\skdef.reg
2010-05-27 15:18 . 2007-10-29 03:16 151040 ----a-r- c:\windows\system32\KSXPPI32.dll
2010-05-27 15:18 . 2008-02-12 02:50 1670016 ----a-r- c:\windows\system32\drivers\skfilt.sys
2010-05-27 15:16 . 2010-05-27 15:16 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2010-05-27 15:15 . 2010-05-27 15:19 -------- d-----w- c:\program files\Creative
2010-05-27 15:14 . 2008-04-14 03:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-05-27 15:14 . 2008-04-14 03:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-05-27 15:13 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-05-27 15:13 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-05-27 15:13 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-27 15:13 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 18:23 . 2009-07-07 16:05 -------- d-----w- c:\program files\Warcraft III
2010-06-17 07:18 . 2009-12-15 00:21 -------- d-----w- c:\program files\World of Warcraft
2010-06-15 14:49 . 2009-12-14 20:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-15 09:19 . 2009-08-07 01:52 -------- d-----w- c:\program files\Opera
2010-06-15 09:17 . 2006-03-02 12:00 78202 ----a-w- c:\windows\system32\perfc005.dat
2010-06-15 09:17 . 2006-03-02 12:00 429370 ----a-w- c:\windows\system32\perfh005.dat
2010-06-13 14:23 . 2010-03-06 21:08 -------- d-----w- c:\program files\Silkroad
2010-06-11 17:31 . 2010-05-08 09:17 -------- d-----w- c:\program files\CCleaner
2010-06-11 14:08 . 2009-10-15 09:18 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-11 14:08 . 2009-10-15 09:18 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-06 11:36 . 2009-07-10 23:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-06 11:36 . 2009-07-10 23:22 -------- d-----w- c:\program files\DivX
2010-06-04 19:26 . 2009-07-04 11:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 17:59 . 2009-12-11 19:11 -------- d-----w- c:\program files\Game Cam V2
2010-06-01 10:06 . 2009-09-04 16:31 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-01 10:05 . 2009-09-04 16:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-01 10:04 . 2009-09-04 16:31 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-27 15:20 . 2009-07-02 19:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-21 12:14 . 2009-10-02 23:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 21:27 . 2009-08-03 11:24 -------- d-----w- c:\program files\Google
2010-05-06 10:35 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 12:24 . 2010-04-29 19:06 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-02 12:23 . 2010-04-29 18:55 -------- d-----w- c:\program files\TrojanHunter 5.3
2010-05-02 08:09 . 2006-03-02 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 21:49 . 2010-05-01 21:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 21:49 . 2010-05-01 21:45 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-01 21:49 . 2010-05-01 21:44 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 21:49 . 2010-05-01 21:44 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-01 21:49 . 2010-05-01 21:44 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-05-01 21:49 . 2010-05-01 21:44 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-01 21:49 . 2010-05-01 21:45 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-01 21:44 . 2010-05-01 21:44 -------- d-----w- c:\program files\AVG
2010-04-29 23:14 . 2010-03-28 16:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-29 20:40 . 2009-10-15 09:12 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-29 05:35 . 2010-02-10 14:00 -------- d-----w- c:\program files\Microsoft SQL Server
2010-04-29 05:34 . 2010-02-10 14:02 -------- d-----w- c:\program files\Microsoft.NET
2010-04-20 05:32 . 2006-03-02 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-03 17:23 . 2010-04-03 17:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 17:23 . 2010-04-03 17:23 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-04-03 17:23 . 2010-04-03 17:23 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-04-02 14:54 . 2009-07-02 19:47 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-31 01:58 . 2009-07-18 02:15 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58 . 2009-07-18 02:15 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58 . 2009-07-18 02:15 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2009-07-18 02:15 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2009-07-18 02:15 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2009-07-18 02:15 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-23 23:41 . 2010-03-23 23:41 110592 ----a-w- c:\windows\system32\bass.dll
2003-12-18 09:33 . 2009-09-05 08:36 20102 -c--a-w- c:\program files\Readme.txt
2003-09-03 05:46 . 2009-09-05 08:36 10960 -c--a-w- c:\program files\EULA.txt
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-05-01 2046816]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-08-27 233588]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-01 21:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\DOC\\MW4TRIAL\\MW4.EXE"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Documents and Settings\\Gregorian\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6112:TCP"= 6112:TCP:Blizzard Downloader 6112

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1.5.2010 23:45 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1.5.2010 23:44 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1.5.2010 23:44 108552]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [13.6.2010 16:22 18816]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1.5.2010 23:49 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1.5.2010 23:44 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [1.5.2010 23:49 1370488]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1.5.2010 23:44 29208]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.sys [27.5.2010 17:18 1670016]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.7.2009 20:48 722416]
S2 gupdate1ca142d17a28f36;Služba Google Update (gupdate1ca142d17a28f36);c:\program files\Google\Update\GoogleUpdate.exe [3.8.2009 13:25 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1.5.2010 23:44 29208]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [27.5.2010 17:16 79360]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\60.tmp --> c:\windows\system32\60.tmp [?]
S3 ZTBGE;ZTBGE;c:\docume~1\GREGOR~1\LOCALS~1\Temp\ZTBGE.exe --> c:\docume~1\GREGOR~1\LOCALS~1\Temp\ZTBGE.exe [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 11:25]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 11:25]

2010-06-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: mbank.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 18:09
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\60.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1078081533-583907252-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2010-06-20 18:11:42
ComboFix-quarantined-files.txt 2010-06-20 16:11

Před spuštěním: Volných bajtů: 113 212 821 504
Po spuštění: Volných bajtů: 113 377 042 432

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7EC508DAC0535D3C2EA19B1745411871

katak · #4 Příspěvek od **katak** » 20 čer 2010 17:20

Logfile of random's system information tool 1.07 (written by random/random)
Run by Gregorian at 2010-06-20 18:18:32
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 108 GB (45%) free of 238 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:18:56, on 20.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gregorian\Local Settings\Temporary Internet Files\Content.IE5\HXSMRXOW\RSIT[1].exe
C:\Program Files\trend micro\Gregorian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6595594171
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Služba Google Update (gupdate1ca142d17a28f36) (gupdate1ca142d17a28f36) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ZTBGE - Unknown owner - C:\DOCUME~1\GREGOR~1\LOCALS~1\Temp\ZTBGE.exe (file missing)

--
End of file - 7354 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2010-05-02 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2010-05-01 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2010-05-01 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"snp2std"=C:\WINDOWS\vsnp2std.exe [2006-09-15 675840]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-05-02 2046816]
"VolPanel"=C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe [2008-08-27 233588]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-05-01 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe"="C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:*:Enabled:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)"
"C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe"="C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\DOC\MW4TRIAL\MW4.EXE"="C:\DOC\MW4TRIAL\MW4.EXE:*:Enabled:MechWarrior IV"
"C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe"="C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\Gregorian\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Gregorian\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-06-20 18:18:32 ----D---- C:\rsit
2010-06-20 18:11:43 ----A---- C:\ComboFix.txt
2010-06-20 18:03:23 ----A---- C:\Boot.bak
2010-06-20 18:03:18 ----RASHD---- C:\cmdcons
2010-06-20 17:58:11 ----A---- C:\WINDOWS\MBR.exe
2010-06-20 17:58:10 ----A---- C:\WINDOWS\zip.exe
2010-06-20 17:58:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-06-20 17:58:10 ----A---- C:\WINDOWS\SWSC.exe
2010-06-20 17:58:10 ----A---- C:\WINDOWS\SWREG.exe
2010-06-20 17:58:10 ----A---- C:\WINDOWS\sed.exe
2010-06-20 17:58:10 ----A---- C:\WINDOWS\PEV.exe
2010-06-20 17:58:10 ----A---- C:\WINDOWS\NIRCMD.exe
2010-06-20 17:58:10 ----A---- C:\WINDOWS\grep.exe
2010-06-20 17:57:33 ----D---- C:\WINDOWS\ERDNT
2010-06-20 17:53:02 ----D---- C:\Qoobox
2010-06-20 17:25:22 ----D---- C:\Program Files\Trend Micro
2010-06-15 03:00:04 ----D---- C:\Program Files\GRISOFT
2010-06-15 02:53:33 ----D---- C:\root
2010-06-13 02:01:17 ----D---- C:\Program Files\Sophos
2010-06-11 16:08:33 ----RA---- C:\WINDOWS\system32\tmp9.tmp
2010-06-11 11:35:17 ----D---- C:\013422fa425361f630a9
2010-06-08 10:41:42 ----D---- C:\Documents and Settings\Gregorian\Data aplikací\Publish Providers
2010-06-08 10:41:08 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-06-08 10:41:01 ----D---- C:\Documents and Settings\Gregorian\Data aplikací\Sony
2010-06-08 10:37:11 ----D---- C:\Program Files\Vstplugins
2010-06-08 10:37:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2010-06-08 10:36:56 ----D---- C:\Program Files\Sony
2010-06-08 10:14:33 ----D---- C:\Fraps
2010-06-08 10:11:03 ----D---- C:\Program Files\Sony Setup
2010-06-05 15:22:25 ----D---- C:\Tmp
2010-06-05 15:21:58 ----D---- C:\Program Files\Taksi
2010-06-04 20:48:07 ----D---- C:\Program Files\Game Cam XPress
2010-06-04 20:25:43 ----D---- C:\Program Files\Game Cam v1.4.0.5
2010-05-30 16:04:04 ----D---- C:\totalcmd
2010-05-30 16:04:04 ----D---- C:\Documents and Settings\Gregorian\Data aplikací\GHISLER
2010-05-27 17:19:57 ----N---- C:\WINDOWS\Ctregrun.exe
2010-05-27 17:18:54 ----RA---- C:\WINDOWS\system32\xfisk.ini
2010-05-27 17:18:54 ----RA---- C:\WINDOWS\system32\tmp506.tmp
2010-05-27 17:18:54 ----RA---- C:\WINDOWS\system32\tmp505.tmp
2010-05-27 17:18:54 ----RA---- C:\WINDOWS\system32\ctzapxx.ini
2010-05-27 17:18:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Creative
2010-05-27 17:18:44 ----RA---- C:\WINDOWS\system32\ctdvinst.dll
2010-05-27 17:18:30 ----RA---- C:\WINDOWS\OALInst.exe
2010-05-27 17:18:30 ----RA---- C:\WINDOWS\ksdef.exe
2010-05-27 17:18:29 ----RA---- C:\WINDOWS\system32\KSXPPI32.dll
2010-05-27 17:17:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Creative Labs
2010-05-27 17:16:20 ----D---- C:\Program Files\Common Files\Creative Labs Shared
2010-05-27 17:15:50 ----D---- C:\Program Files\Creative
2010-05-27 17:14:03 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-05-25 02:06:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX

======List of files/folders modified in the last 1 months======

2010-06-20 18:18:34 ----D---- C:\WINDOWS\Temp
2010-06-20 18:09:37 ----D---- C:\WINDOWS
2010-06-20 18:09:37 ----A---- C:\WINDOWS\system.ini
2010-06-20 18:08:59 ----D---- C:\WINDOWS\system32
2010-06-20 18:08:58 ----RD---- C:\Program Files
2010-06-20 18:06:53 ----D---- C:\WINDOWS\system32\drivers
2010-06-20 18:06:52 ----D---- C:\WINDOWS\AppPatch
2010-06-20 18:06:48 ----D---- C:\Program Files\Common Files
2010-06-20 18:04:28 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-20 18:03:23 ----RASH---- C:\boot.ini
2010-06-20 18:00:32 ----SD---- C:\WINDOWS\Tasks
2010-06-20 17:58:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-20 17:58:30 ----D---- C:\WINDOWS\Prefetch
2010-06-20 17:58:08 ----SHD---- C:\System Volume Information
2010-06-20 17:58:08 ----D---- C:\WINDOWS\system32\Restore
2010-06-20 17:40:54 ----SHD---- C:\WINDOWS\Installer
2010-06-20 16:29:09 ----D---- C:\Documents and Settings\Gregorian\Data aplikací\Skype
2010-06-18 20:23:24 ----D---- C:\Program Files\Warcraft III
2010-06-17 09:18:37 ----D---- C:\Program Files\World of Warcraft
2010-06-17 00:36:12 ----D---- C:\Documents and Settings\Gregorian\Data aplikací\vlc
2010-06-16 00:33:52 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-15 16:49:05 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-06-15 11:21:32 ----D---- C:\ja
2010-06-15 11:19:06 ----D---- C:\Program Files\Opera
2010-06-15 11:17:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-15 10:50:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard Entertainment
2010-06-14 03:52:37 ----D---- C:\Documents and Settings\Gregorian\Data aplikací\dvdcss
2010-06-13 16:24:01 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-06-13 16:24:01 ----D---- C:\26b4ef2c84b1a38be1ff56f1a4650c
2010-06-13 16:24:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-13 16:23:53 ----D---- C:\Program Files\Silkroad
2010-06-13 02:29:46 ----D---- C:\$AVG8.VAULT$
2010-06-11 19:31:49 ----D---- C:\Documents and Settings\Gregorian\Data aplikací\Media Player Classic
2010-06-11 19:31:16 ----D---- C:\Program Files\CCleaner
2010-06-11 19:19:13 ----D---- C:\WINDOWS\system32\LogFiles
2010-06-11 19:15:16 ----D---- C:\WINDOWS\Debug
2010-06-11 16:08:34 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2010-06-11 16:08:33 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2010-06-11 16:04:37 ----HD---- C:\WINDOWS\inf
2010-06-11 06:20:45 ----RSD---- C:\WINDOWS\assembly
2010-06-11 06:14:22 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-10 03:22:05 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-10 03:21:12 ----D---- C:\Program Files\Internet Explorer
2010-06-10 03:21:01 ----D---- C:\WINDOWS\ie8updates
2010-06-10 03:10:26 ----D---- C:\WINDOWS\WinSxS
2010-06-09 16:16:14 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2010-06-06 13:36:09 ----D---- C:\Program Files\Common Files\DivX Shared
2010-06-06 13:36:08 ----D---- C:\Program Files\DivX
2010-06-05 23:13:51 ----D---- C:\Documents and Settings\Gregorian\Data aplikací\ICQ
2010-06-04 21:26:22 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-04 19:59:30 ----D---- C:\Program Files\Game Cam V2
2010-06-04 10:58:35 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-06-03 03:12:57 ----D---- C:\QQQ
2010-06-01 12:06:38 ----D---- C:\WINDOWS\Help
2010-06-01 12:06:37 ----D---- C:\Program Files\NVIDIA Corporation
2010-06-01 12:05:18 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-06-01 12:04:14 ----D---- C:\Program Files\AGEIA Technologies
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-27 17:28:49 ----D---- C:\Documents and Settings\Gregorian\Data aplikací\DivX
2010-05-27 17:26:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-27 17:20:38 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-24 12:42:23 ----D---- C:\Nová složka
2010-05-21 14:14:28 ----N---- C:\WINDOWS\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-05-01 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-05-01 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-05-01 108552]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-05-01 29208]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 skfilt;skfilt; C:\WINDOWS\system32\drivers\skfilt.sys [2008-02-12 1670016]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-04-09 12039552]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-09-15 141312]
S3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-05-01 29208]
S3 catchme;catchme; \??\C:\DOCUME~1\GREGOR~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\GREGOR~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 mbr;mbr; \??\C:\DOCUME~1\GREGOR~1\LOCALS~1\Temp\mbr.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\60.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2010-05-01 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2010-05-02 297752]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2010-05-02 1370488]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-04-30 417792]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 gupdate1ca142d17a28f36;Služba Google Update (gupdate1ca142d17a28f36); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-03 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-27 79360]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 ZTBGE;ZTBGE; C:\DOCUME~1\GREGOR~1\LOCALS~1\Temp\ZTBGE.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#5 Příspěvek od **stell** » 20 čer 2010 17:35

Takto,tak ako som pisal Rootkita co ti detektuje AVG-je falosna detekcia- -je to drivera Daemon tools,,ale mas tam nieco ine,,okrem bordelu co si tam nainstaloval sysprotantirootkit,atd,,

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Driver::
MEMSWEEP2
ZTBGE
mbr
Rootkit::
c:\windows\system32\60.tmp
c:\docume~1\GREGOR~1\LOCALS~1\Temp\ZTBGE.exe 
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"=-

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

Stiahnes na plochu TFC
zatvor vsetko co mas otvorene a spust-po skane restart

katak · #6 Příspěvek od **katak** » 20 čer 2010 19:06

len by ma zaujimalo ze stale my vyhlasuje Combo ze musi vypnut emulaci DVD ale pritom som davno odstranil Deamona.

ComboFix 10-06-19.04 - Gregorian 20.06.2010 19:53:32.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1507 [GMT 2:00]
Spuštěný z: c:\documents and settings\Gregorian\Plocha\ComboFix.exe
AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-05-20 do 2010-06-20 )))))))))))))))))))))))))))))))
.

2010-06-20 15:25 . 2010-06-20 16:18 -------- d-----w- c:\program files\Trend Micro
2010-06-15 01:00 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-06-15 00:53 . 2010-06-15 00:59 -------- d-----w- C:\root
2010-06-13 14:22 . 2009-06-18 10:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-06-13 00:01 . 2010-06-13 00:01 -------- d-----w- c:\program files\Sophos
2010-06-11 09:35 . 2010-06-11 09:35 -------- d-----w- C:\013422fa425361f630a9
2010-06-09 13:08 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 08:37 . 2010-06-08 08:37 -------- d-----w- c:\program files\Vstplugins
2010-06-08 08:36 . 2010-06-08 08:36 -------- d-----w- c:\program files\Sony
2010-06-08 08:14 . 2010-06-08 08:14 -------- d-----w- C:\Fraps
2010-06-08 08:11 . 2010-06-08 08:11 -------- d-----w- c:\program files\Sony Setup
2010-06-05 13:22 . 2010-06-05 13:22 -------- d-----w- C:\Tmp
2010-06-05 13:21 . 2010-06-05 13:21 -------- d-----w- c:\program files\Taksi
2010-06-04 18:48 . 2010-06-09 13:09 -------- d-----w- c:\program files\Game Cam XPress
2010-06-04 18:25 . 2010-06-04 19:24 -------- d-----w- c:\program files\Game Cam v1.4.0.5
2010-06-03 05:40 . 2010-06-03 05:40 -------- d-----w- c:\documents and settings\Gregorian\SystemRequirementsLab
2010-05-30 14:04 . 2010-05-30 14:04 -------- d-----w- C:\totalcmd
2010-05-30 14:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2010-05-30 14:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-05-30 14:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-05-30 14:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-05-30 14:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-05-30 14:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-05-30 14:04 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-05-27 15:19 . 2006-10-06 06:17 53248 ------w- c:\windows\Ctregrun.exe
2010-05-27 15:18 . 2008-09-30 03:23 181760 ----a-r- c:\windows\system32\ctdvinst.dll
2010-05-27 15:18 . 2007-10-12 08:19 53248 ----a-r- c:\windows\ksdef.exe
2010-05-27 15:18 . 2007-07-16 07:50 782336 ----a-r- c:\windows\OALInst.exe
2010-05-27 15:18 . 2008-09-19 01:46 1462 ----a-r- c:\windows\skdef.reg
2010-05-27 15:18 . 2007-10-29 03:16 151040 ----a-r- c:\windows\system32\KSXPPI32.dll
2010-05-27 15:18 . 2008-02-12 02:50 1670016 ----a-r- c:\windows\system32\drivers\skfilt.sys
2010-05-27 15:16 . 2010-05-27 15:16 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2010-05-27 15:15 . 2010-05-27 15:19 -------- d-----w- c:\program files\Creative
2010-05-27 15:14 . 2008-04-14 03:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-05-27 15:14 . 2008-04-14 03:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-05-27 15:13 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-05-27 15:13 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-05-27 15:13 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-27 15:13 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 16:55 . 2006-03-02 12:00 78202 ----a-w- c:\windows\system32\perfc005.dat
2010-06-20 16:55 . 2006-03-02 12:00 429370 ----a-w- c:\windows\system32\perfh005.dat
2010-06-18 18:23 . 2009-07-07 16:05 -------- d-----w- c:\program files\Warcraft III
2010-06-17 07:18 . 2009-12-15 00:21 -------- d-----w- c:\program files\World of Warcraft
2010-06-15 14:49 . 2009-12-14 20:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-06-15 09:19 . 2009-08-07 01:52 -------- d-----w- c:\program files\Opera
2010-06-13 14:23 . 2010-03-06 21:08 -------- d-----w- c:\program files\Silkroad
2010-06-11 17:31 . 2010-05-08 09:17 -------- d-----w- c:\program files\CCleaner
2010-06-11 14:08 . 2009-10-15 09:18 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-11 14:08 . 2009-10-15 09:18 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-06 11:36 . 2009-07-10 23:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-06 11:36 . 2009-07-10 23:22 -------- d-----w- c:\program files\DivX
2010-06-04 19:26 . 2009-07-04 11:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 17:59 . 2009-12-11 19:11 -------- d-----w- c:\program files\Game Cam V2
2010-06-01 10:06 . 2009-09-04 16:31 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-01 10:05 . 2009-09-04 16:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-01 10:04 . 2009-09-04 16:31 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-27 15:20 . 2009-07-02 19:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-21 12:14 . 2009-10-02 23:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 21:27 . 2009-08-03 11:24 -------- d-----w- c:\program files\Google
2010-05-06 10:35 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 12:24 . 2010-04-29 19:06 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-02 12:23 . 2010-04-29 18:55 -------- d-----w- c:\program files\TrojanHunter 5.3
2010-05-02 08:09 . 2006-03-02 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 21:49 . 2010-05-01 21:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 21:49 . 2010-05-01 21:45 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-01 21:49 . 2010-05-01 21:44 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 21:49 . 2010-05-01 21:44 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-01 21:49 . 2010-05-01 21:44 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-05-01 21:49 . 2010-05-01 21:44 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-01 21:49 . 2010-05-01 21:45 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-01 21:44 . 2010-05-01 21:44 -------- d-----w- c:\program files\AVG
2010-04-29 23:14 . 2010-03-28 16:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-29 20:40 . 2009-10-15 09:12 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-29 05:35 . 2010-02-10 14:00 -------- d-----w- c:\program files\Microsoft SQL Server
2010-04-29 05:34 . 2010-02-10 14:02 -------- d-----w- c:\program files\Microsoft.NET
2010-04-20 05:32 . 2006-03-02 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-03 17:23 . 2010-04-03 17:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 17:23 . 2010-04-03 17:23 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-04-03 17:23 . 2010-04-03 17:23 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-04-02 14:54 . 2009-07-02 19:47 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-31 01:58 . 2009-07-18 02:15 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58 . 2009-07-18 02:15 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58 . 2009-07-18 02:15 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2009-07-18 02:15 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2009-07-18 02:15 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2009-07-18 02:15 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-23 23:41 . 2010-03-23 23:41 110592 ----a-w- c:\windows\system32\bass.dll
2003-12-18 09:33 . 2009-09-05 08:36 20102 -c--a-w- c:\program files\Readme.txt
2003-09-03 05:46 . 2009-09-05 08:36 10960 -c--a-w- c:\program files\EULA.txt
.

((((((((((((((((((((((((((((( SnapShot@2010-06-20_16.09.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-20 17:52 . 2010-06-20 17:52 16384 c:\windows\temp\Perflib_Perfdata_1bc.dat
+ 2006-03-02 12:00 . 2010-06-20 16:55 67620 c:\windows\system32\perfc009.dat
- 2006-03-02 12:00 . 2010-06-15 09:17 67620 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-06-20 16:55 432844 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2010-06-15 09:17 432844 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-05-01 2046816]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-08-27 233588]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-01 21:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\DOC\\MW4TRIAL\\MW4.EXE"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Documents and Settings\\Gregorian\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6112:TCP"= 6112:TCP:Blizzard Downloader 6112

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1.5.2010 23:45 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1.5.2010 23:44 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1.5.2010 23:44 108552]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [13.6.2010 16:22 18816]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1.5.2010 23:49 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1.5.2010 23:44 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [1.5.2010 23:49 1370488]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1.5.2010 23:44 29208]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.sys [27.5.2010 17:18 1670016]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.7.2009 20:48 722416]
S2 gupdate1ca142d17a28f36;Služba Google Update (gupdate1ca142d17a28f36);c:\program files\Google\Update\GoogleUpdate.exe [3.8.2009 13:25 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1.5.2010 23:44 29208]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [27.5.2010 17:16 79360]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 11:25]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 11:25]

2010-06-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: mbank.cz
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 19:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1078081533-583907252-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2010-06-20 20:00:38
ComboFix-quarantined-files.txt 2010-06-20 18:00
ComboFix2.txt 2010-06-20 17:06
ComboFix3.txt 2010-06-20 16:11

Před spuštěním: Volných bajtů: 113 257 660 416
Po spuštění: Volných bajtů: 113 240 944 640

- - End Of File - - E602ED50285929B8279762A8AC2F78EE

#7 Příspěvek od **stell** » 20 čer 2010 19:15

no Daemona mozno,ale nie koplet nakolko driver este je tam
sptd;sptd;c:\windows\system32\drivers\sptd.sys

Vlozil si sem novy log z combofixu,,a nie log z CFScript.txt,ale je to jedno,
ak chces komplet odinstalovat DAEMON-pouzi tieto programy
http://www.duplexsecure.com/en/downloads verzi dle sveho operacniho systemu. SPTD for Windows (32 bit) nebo (64b) na plochu
- spust
- zvol moznost Uninstall
- restart PC
http://jpshortstuff.247fixes.com/beta/Defogger.exe , spust, nech disablovat, samozrejme nech restartovat pc.
Treba odinstalovat combofix
A ak uz nemas problemy s pc-tot vse.

VIRY.CZ

skryti ovladac Axxxxx.sys

skryti ovladac Axxxxx.sys

Re: skryti ovladac Axxxxx.sys

Re: skryti ovladac Axxxxx.sys

Re: skryti ovladac Axxxxx.sys

Re: skryti ovladac Axxxxx.sys

Re: skryti ovladac Axxxxx.sys

Re: skryti ovladac Axxxxx.sys