Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

AVG našel Trojana

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
passy
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 03 lis 2006 12:40

AVG našel Trojana

#1 Příspěvek od passy »

Hezké skoropoledne :)
Měl jsem dnes chvíli čas a tak jsem si na vás vzpomněl. Spustil jsem test AVG a ten nedopadl nejlíp. Prosím tedy o kontrolu a radu.
Log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by passy at 2010-07-18 10:47:02
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 9 GB (22%) free of 38 GB
Total RAM: 256 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:01, on 18.7.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~1\AVG\AVG8\avgfws8.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\AVG\AVG8\avgam.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
D:\Program Files\Vertex Wireless\VW100 Connection Manager\Connection Manager.exe
D:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\Documents and Settings\passy\Plocha\RSIT.exe
D:\Program Files\trend micro\passy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NokiaMServer] D:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] D:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{30AB73D2-58FC-4C4D-9EEC-9ACFAF9F40EE}: NameServer = 78.136.128.4 78.136.128.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{30AB73D2-58FC-4C4D-9EEC-9ACFAF9F40EE}: NameServer = 78.136.128.4 78.136.128.12
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4529 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - D:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\AVG8\avgssie.dll [2010-07-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - D:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"=D:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"AVG8_TRAY"=D:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-07-11 2048352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
""= []
"NokiaOviSuite2"=D:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-06-18 671608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
D:\WINDOWS\system32\avgrsstx.dll [2010-07-11 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="D:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Disabled:Nokia Service Layer Host Process "
"D:\Program Files\Google\Google Earth\plugin\geplugin.exe"="D:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"D:\Program Files\AVG\AVG8\avgam.exe"="D:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"D:\Program Files\AVG\AVG8\avgdiag.exe"="D:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"D:\Program Files\AVG\AVG8\avgdiagex.exe"="D:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"D:\Program Files\AVG\AVG8\avgupd.exe"="D:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"D:\Program Files\AVG\AVG8\avgnsx.exe"="D:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-18 10:42:56 ----D---- D:\Program Files\CCleaner
2010-07-18 10:32:18 ----D---- D:\Program Files\trend micro
2010-07-18 10:32:02 ----D---- D:\rsit
2010-07-18 07:43:48 ----D---- D:\Scotti
2010-07-18 07:20:10 ----D---- D:\Sp.Club.p4f
2010-07-17 10:58:28 ----D---- D:\Roughman
2010-07-17 10:41:26 ----D---- D:\M.Lewi
2010-07-17 10:33:42 ----D---- D:\M.P.H.B
2010-07-16 15:39:36 ----D---- D:\Lps.GarPar
2010-07-11 15:16:33 ----HD---- D:\$AVG8.VAULT$
2010-07-11 11:53:52 ----D---- D:\WINDOWS\system32\appmgmt
2010-07-11 11:11:19 ----D---- D:\Documents and Settings\All Users\Data aplikací\Downloaded Installations
2010-07-11 11:10:57 ----A---- D:\WINDOWS\system32\avgrsstx.dll
2010-07-11 11:10:56 ----A---- D:\WINDOWS\system32\drivers\avgrkx86.sys
2010-07-11 11:10:55 ----A---- D:\WINDOWS\system32\drivers\avgtdix.sys
2010-07-11 11:10:43 ----A---- D:\WINDOWS\system32\drivers\avgldx86.sys
2010-07-11 11:10:42 ----A---- D:\WINDOWS\system32\drivers\avgmfx86.sys
2010-07-11 11:10:32 ----D---- D:\WINDOWS\system32\drivers\Avg
2010-07-11 11:10:29 ----D---- D:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2010-07-11 11:06:16 ----D---- D:\Documents and Settings\All Users\Data aplikací\avg8
2010-07-11 09:30:04 ----A---- D:\WINDOWS\system32\drivers\avgfwdx.sys
2010-07-11 09:30:04 ----A---- D:\WINDOWS\system32\avgfwdx.dll
2010-07-11 09:30:03 ----D---- D:\Program Files\AVG
2010-07-11 08:47:53 ----D---- D:\Program Files\Seznam.cz
2010-07-11 06:52:21 ----D---- D:\JudCan_II
2010-07-11 06:46:31 ----D---- D:\Judcan_3
2010-07-10 16:28:29 ----D---- D:\Program Files\Mozilla Firefox
2010-07-08 21:25:34 ----D---- D:\Program Files\AskBarDis
2010-07-08 21:25:16 ----D---- D:\Program Files\Foxit Software
2010-07-08 21:25:16 ----D---- D:\Documents and Settings\passy\Data aplikací\Foxit
2010-07-07 15:57:49 ----D---- D:\Documents and Settings\passy\Data aplikací\Google
2010-07-07 15:46:35 ----D---- D:\Program Files\Google
2010-07-06 12:36:45 ----A---- D:\WINDOWS\ODBC.INI
2010-07-06 12:36:26 ----A---- D:\WINDOWS\system32\mdimon.dll
2010-07-06 12:34:28 ----D---- D:\Program Files\Microsoft.NET
2010-07-06 12:33:19 ----D---- D:\Program Files\Common Files\DESIGNER
2010-07-06 12:32:45 ----D---- D:\WINDOWS\SHELLNEW
2010-07-06 12:32:34 ----D---- D:\Program Files\Microsoft Office
2010-07-06 12:29:30 ----RHD---- D:\MSOCache
2010-07-06 08:35:11 ----D---- D:\Documents and Settings\passy\Data aplikací\GHISLER
2010-07-06 08:35:11 ----A---- D:\WINDOWS\UC.PIF
2010-07-06 08:35:11 ----A---- D:\WINDOWS\RAR.PIF
2010-07-06 08:35:11 ----A---- D:\WINDOWS\PKZIP.PIF
2010-07-06 08:35:11 ----A---- D:\WINDOWS\PKUNZIP.PIF
2010-07-06 08:35:11 ----A---- D:\WINDOWS\NOCLOSE.PIF
2010-07-06 08:35:11 ----A---- D:\WINDOWS\LHA.PIF
2010-07-06 08:35:11 ----A---- D:\WINDOWS\ARJ.PIF
2010-07-05 11:19:17 ----D---- D:\Documents and Settings\passy\Data aplikací\COWON
2010-07-05 11:16:27 ----D---- D:\Documents and Settings\passy\Data aplikací\WinRAR
2010-07-04 13:08:31 ----A---- D:\WINDOWS\system32\h323log.txt
2010-07-04 13:07:09 ----A---- D:\WINDOWS\system32\drivers\splitter.sys
2010-07-04 13:07:07 ----A---- D:\WINDOWS\system32\drivers\drmkaud.sys
2010-07-04 13:07:05 ----A---- D:\WINDOWS\system32\drivers\aec.sys
2010-07-04 13:07:03 ----A---- D:\WINDOWS\system32\drivers\MSPQM.sys
2010-07-04 13:07:01 ----A---- D:\WINDOWS\system32\drivers\wdmaud.sys
2010-07-04 13:06:59 ----A---- D:\WINDOWS\system32\drivers\kmixer.sys
2010-07-04 13:06:57 ----A---- D:\WINDOWS\system32\drivers\swmidi.sys
2010-07-04 13:06:54 ----A---- D:\WINDOWS\system32\drivers\DMusic.sys
2010-07-04 13:06:52 ----A---- D:\WINDOWS\system32\drivers\sysaudio.sys
2010-07-04 13:06:50 ----A---- D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010-07-04 13:06:47 ----A---- D:\WINDOWS\system32\drivers\MSKSSRV.sys
2010-07-04 13:06:41 ----A---- D:\WINDOWS\system32\drivers\audstub.sys
2010-07-04 13:06:05 ----A---- D:\WINDOWS\system32\drivers\redbook.sys
2010-07-04 13:05:48 ----A---- D:\WINDOWS\system32\drivers\e100b325.sys
2010-07-04 13:05:35 ----A---- D:\WINDOWS\system32\drivers\gameenum.sys
2010-07-04 13:05:24 ----A---- D:\WINDOWS\system32\drivers\nv4_mini.sys
2010-07-04 13:05:23 ----A---- D:\WINDOWS\system32\nv4_disp.dll
2010-07-04 13:05:15 ----A---- D:\WINDOWS\system32\drivers\AGP440.SYS
2010-07-04 13:05:09 ----A---- D:\WINDOWS\system32\usbui.dll
2010-07-04 13:05:04 ----A---- D:\WINDOWS\system32\ksuser.dll
2010-07-04 13:05:04 ----A---- D:\WINDOWS\system32\drivers\portcls.sys
2010-07-04 13:05:04 ----A---- D:\WINDOWS\system32\drivers\ac97intc.sys
2010-07-04 13:05:03 ----A---- D:\WINDOWS\system32\drivers\drmk.sys
2010-07-04 13:03:10 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2010-07-04 13:03:09 ----SHD---- D:\WINDOWS\Installer
2010-07-04 13:03:08 ----D---- D:\Program Files\Common Files\ODBC
2010-07-04 13:03:08 ----A---- D:\WINDOWS\ODBCINST.INI
2010-07-04 13:03:04 ----D---- D:\Program Files\Common Files\SpeechEngines
2010-07-04 13:03:04 ----D---- D:\Program Files\Common Files\Microsoft Shared
2010-07-04 13:03:03 ----RD---- D:\Program Files
2010-07-04 13:03:03 ----D---- D:\Program Files\Common Files
2010-07-04 13:02:59 ----RA---- D:\WINDOWS\system32\kbdtuq.dll
2010-07-04 13:02:59 ----RA---- D:\WINDOWS\system32\kbdtuf.dll
2010-07-04 13:02:59 ----RA---- D:\WINDOWS\system32\kbdazel.dll
2010-07-04 13:02:57 ----RA---- D:\WINDOWS\system32\kbdycc.dll
2010-07-04 13:02:57 ----RA---- D:\WINDOWS\system32\kbduzb.dll
2010-07-04 13:02:57 ----RA---- D:\WINDOWS\system32\kbdur.dll
2010-07-04 13:02:57 ----RA---- D:\WINDOWS\system32\kbdtat.dll
2010-07-04 13:02:57 ----RA---- D:\WINDOWS\system32\kbdru1.dll
2010-07-04 13:02:57 ----RA---- D:\WINDOWS\system32\kbdru.dll
2010-07-04 13:02:57 ----RA---- D:\WINDOWS\system32\kbdmon.dll
2010-07-04 13:02:57 ----RA---- D:\WINDOWS\system32\kbdkyr.dll
2010-07-04 13:02:57 ----RA---- D:\WINDOWS\system32\kbdkaz.dll
2010-07-04 13:02:57 ----RA---- D:\WINDOWS\system32\kbdbu.dll
2010-07-04 13:02:57 ----RA---- D:\WINDOWS\system32\kbdblr.dll
2010-07-04 13:02:57 ----RA---- D:\WINDOWS\system32\kbdaze.dll
2010-07-04 13:02:55 ----RA---- D:\WINDOWS\system32\kbdhept.dll
2010-07-04 13:02:55 ----RA---- D:\WINDOWS\system32\kbdhela3.dll
2010-07-04 13:02:55 ----RA---- D:\WINDOWS\system32\kbdhela2.dll
2010-07-04 13:02:55 ----RA---- D:\WINDOWS\system32\kbdhe319.dll
2010-07-04 13:02:55 ----RA---- D:\WINDOWS\system32\kbdhe220.dll
2010-07-04 13:02:55 ----RA---- D:\WINDOWS\system32\kbdhe.dll
2010-07-04 13:02:55 ----RA---- D:\WINDOWS\system32\kbdgkl.dll
2010-07-04 13:02:54 ----RA---- D:\WINDOWS\system32\kbdlv1.dll
2010-07-04 13:02:54 ----RA---- D:\WINDOWS\system32\kbdlv.dll
2010-07-04 13:02:54 ----RA---- D:\WINDOWS\system32\kbdlt1.dll
2010-07-04 13:02:54 ----RA---- D:\WINDOWS\system32\kbdlt.dll
2010-07-04 13:02:54 ----RA---- D:\WINDOWS\system32\kbdest.dll
2010-07-04 13:02:50 ----A---- D:\WINDOWS\system32\kbdsl1.dll
2010-07-04 13:02:49 ----A---- D:\WINDOWS\system32\kbdycl.dll
2010-07-04 13:02:49 ----A---- D:\WINDOWS\system32\kbdsl.dll
2010-07-04 13:02:49 ----A---- D:\WINDOWS\system32\kbdro.dll
2010-07-04 13:02:49 ----A---- D:\WINDOWS\system32\kbdpl1.dll
2010-07-04 13:02:49 ----A---- D:\WINDOWS\system32\kbdpl.dll
2010-07-04 13:02:49 ----A---- D:\WINDOWS\system32\kbdhu1.dll
2010-07-04 13:02:49 ----A---- D:\WINDOWS\system32\kbdhu.dll
2010-07-04 13:02:49 ----A---- D:\WINDOWS\system32\kbdcr.dll
2010-07-04 13:02:49 ----A---- D:\WINDOWS\system32\KBDAL.DLL
2010-07-04 13:02:48 ----A---- D:\WINDOWS\system32\irclass.dll
2010-07-04 13:02:48 ----A---- D:\WINDOWS\system32\dgrpsetu.dll
2010-07-04 13:02:47 ----A---- D:\WINDOWS\system32\spxcoins.dll
2010-07-04 13:02:47 ----A---- D:\WINDOWS\system32\EqnClass.Dll
2010-07-04 13:02:47 ----A---- D:\WINDOWS\system32\dgsetup.dll
2010-07-04 13:02:46 ----A---- D:\WINDOWS\TASKMAN.EXE
2010-07-04 13:02:45 ----N---- D:\WINDOWS\system32\CONFIG.TMP
2010-07-04 13:02:45 ----A---- D:\WINDOWS\system32\drivers\irenum.sys
2010-07-04 13:02:45 ----A---- D:\WINDOWS\system32\batt.dll
2010-07-04 13:02:45 ----A---- D:\WINDOWS\NOTEPAD.EXE
2010-07-04 13:02:43 ----A---- D:\WINDOWS\system32\storprop.dll
2010-07-04 13:02:30 ----ASH---- D:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-07-04 13:02:26 ----RA---- D:\WINDOWS\SET8.tmp
2010-07-04 13:02:23 ----RA---- D:\WINDOWS\SET4.tmp
2010-07-04 13:02:21 ----RA---- D:\WINDOWS\SET3.tmp
2010-07-04 13:02:14 ----D---- D:\WINDOWS\system32\CatRoot2
2010-07-04 13:02:14 ----D---- D:\WINDOWS\system32\CatRoot
2010-07-04 13:02:08 ----SD---- D:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-07-04 13:01:42 ----D---- D:\Documents and Settings
2010-07-04 13:00:35 ----D---- D:\Documents and Settings\All Users\Data aplikací\Nokia
2010-07-04 12:56:44 ----ASH---- D:\pagefile.sys
2010-07-04 12:49:47 ----D---- D:\Documents and Settings\passy\Data aplikací\Macromedia
2010-07-04 12:49:46 ----D---- D:\Documents and Settings\passy\Data aplikací\Adobe
2010-07-04 12:28:55 ----A---- D:\WINDOWS\iun6002.exe
2010-07-04 12:28:38 ----D---- D:\Program Files\Codec Pack - All In 1
2010-07-04 12:14:01 ----D---- D:\Documents and Settings\passy\Data aplikací\Nokia Ovi Suite
2010-07-04 12:10:08 ----HDC---- D:\WINDOWS\$NtUninstallWudf01009$
2010-07-04 12:09:35 ----A---- D:\WINDOWS\system32\drivers\usbser.sys
2010-07-04 12:09:00 ----N---- D:\WINDOWS\system32\spmsgXP_2k3.dll
2010-07-04 12:08:48 ----HDC---- D:\WINDOWS\$NtUninstallWdf01009$
2010-07-04 12:07:49 ----D---- D:\Documents and Settings\passy\Data aplikací\Nokia
2010-07-04 12:06:54 ----D---- D:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-07-04 12:06:47 ----D---- D:\Documents and Settings\passy\Data aplikací\PC Suite
2010-07-04 12:02:37 ----D---- D:\Program Files\Common Files\Nokia
2010-07-04 12:01:29 ----D---- D:\Program Files\DIFX
2010-07-04 12:01:26 ----A---- D:\WINDOWS\system32\drivers\pccsmcfd.sys
2010-07-04 12:01:04 ----D---- D:\Program Files\PC Connectivity Solution
2010-07-04 11:51:37 ----A---- D:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2010-07-04 11:51:37 ----A---- D:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2010-07-04 11:51:35 ----A---- D:\WINDOWS\system32\drivers\ccdcmbo.sys
2010-07-04 11:51:33 ----DC---- D:\WINDOWS\system32\DRVSTORE
2010-07-04 11:51:33 ----A---- D:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-07-04 11:51:33 ----A---- D:\WINDOWS\system32\nmwcdcocls.dll
2010-07-04 11:51:33 ----A---- D:\WINDOWS\system32\drivers\ccdcmb.sys
2010-07-04 11:51:30 ----A---- D:\WINDOWS\system32\nmwcdcls.dll
2010-07-04 11:50:22 ----D---- D:\Program Files\MSXML 6.0
2010-07-04 11:50:00 ----N---- D:\WINDOWS\system32\spmsg.dll
2010-07-04 11:49:51 ----HDC---- D:\WINDOWS\$NtUninstallKB926239$
2010-07-04 11:49:10 ----HDC---- D:\WINDOWS\$NtUninstallWMFDist11$
2010-07-04 11:48:25 ----D---- D:\WINDOWS\system32\LogFiles
2010-07-04 11:48:25 ----D---- D:\WINDOWS\system32\drivers\UMDF
2010-07-04 11:48:13 ----A---- D:\WINDOWS\system32\spupdsvc.exe
2010-07-04 11:48:10 ----HDC---- D:\WINDOWS\$NtUninstallWudf01000$
2010-07-04 11:47:04 ----D---- D:\Program Files\Nokia
2010-07-04 11:47:04 ----D---- D:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache
2010-07-04 11:45:54 ----D---- D:\Program Files\Common Files\COWON
2010-07-04 11:45:52 ----HD---- D:\Program Files\InstallShield Installation Information
2010-07-04 11:45:52 ----D---- D:\Program Files\JetAudio
2010-07-04 11:45:37 ----D---- D:\Documents and Settings\passy\Data aplikací\InstallShield
2010-07-04 11:45:02 ----D---- D:\Program Files\WinRAR
2010-07-04 11:43:25 ----D---- D:\Documents and Settings\passy\Data aplikací\Mozilla
2010-07-04 11:37:40 ----A---- D:\WINDOWS\system32\NVUNINST.EXE
2010-07-04 11:35:50 ----A---- D:\WINDOWS\system32\XAudio2_2.dll
2010-07-04 11:35:50 ----A---- D:\WINDOWS\system32\XAPOFX1_1.dll
2010-07-04 11:35:50 ----A---- D:\WINDOWS\system32\xactengine3_2.dll
2010-07-04 11:35:49 ----A---- D:\WINDOWS\system32\d3dx10_39.dll
2010-07-04 11:35:49 ----A---- D:\WINDOWS\system32\D3DCompiler_39.dll
2010-07-04 11:35:48 ----A---- D:\WINDOWS\system32\xactengine2_9.dll
2010-07-04 11:35:48 ----A---- D:\WINDOWS\system32\x3daudio1_2.dll
2010-07-04 11:35:48 ----A---- D:\WINDOWS\system32\D3DX9_39.dll
2010-07-04 11:35:47 ----A---- D:\WINDOWS\system32\d3dx10_35.dll
2010-07-04 11:35:47 ----A---- D:\WINDOWS\system32\D3DCompiler_35.dll
2010-07-04 11:35:46 ----A---- D:\WINDOWS\system32\xinput1_3.dll
2010-07-04 11:35:46 ----A---- D:\WINDOWS\system32\d3dx9_35.dll
2010-07-04 11:35:45 ----A---- D:\WINDOWS\system32\xactengine2_7.dll
2010-07-04 11:35:44 ----A---- D:\WINDOWS\system32\d3dx10_33.dll
2010-07-04 11:35:44 ----A---- D:\WINDOWS\system32\D3DCompiler_33.dll
2010-07-04 11:35:43 ----A---- D:\WINDOWS\system32\d3dx9_33.dll
2010-07-04 11:35:42 ----A---- D:\WINDOWS\system32\xactengine2_6.dll
2010-07-04 11:35:42 ----A---- D:\WINDOWS\system32\xactengine2_5.dll
2010-07-04 11:35:41 ----A---- D:\WINDOWS\system32\d3dx9_32.dll
2010-07-04 11:35:40 ----A---- D:\WINDOWS\system32\xinput1_2.dll
2010-07-04 11:35:40 ----A---- D:\WINDOWS\system32\xactengine2_4.dll
2010-07-04 11:35:40 ----A---- D:\WINDOWS\system32\xactengine2_3.dll
2010-07-04 11:35:40 ----A---- D:\WINDOWS\system32\x3daudio1_1.dll
2010-07-04 11:35:39 ----A---- D:\WINDOWS\system32\xinput1_1.dll
2010-07-04 11:35:39 ----A---- D:\WINDOWS\system32\xactengine2_1.dll
2010-07-04 11:35:38 ----A---- D:\WINDOWS\system32\xactengine2_0.dll
2010-07-04 11:35:38 ----A---- D:\WINDOWS\system32\x3daudio1_0.dll
2010-07-04 11:35:38 ----A---- D:\WINDOWS\system32\d3dx9_30.dll
2010-07-04 11:35:37 ----A---- D:\WINDOWS\system32\d3dx9_29.dll
2010-07-04 11:35:37 ----A---- D:\WINDOWS\system32\d3dx9_28.dll
2010-07-04 11:35:36 ----A---- D:\WINDOWS\system32\d3dx9_27.dll
2010-07-04 11:35:36 ----A---- D:\WINDOWS\system32\d3dx9_25.dll
2010-07-04 11:35:34 ----A---- D:\WINDOWS\system32\d3dx9_24.dll
2010-07-04 11:35:20 ----D---- D:\WINDOWS\Logs
2010-07-04 11:26:30 ----A---- D:\WINDOWS\ModemLog_Vertex Wireless CDC Modem.txt
2010-07-04 11:25:50 ----A---- D:\WINDOWS\system32\drivers\vwmfwhnt.sys
2010-07-04 11:25:50 ----A---- D:\WINDOWS\system32\drivers\vwmfwh.sys
2010-07-04 11:25:50 ----A---- D:\WINDOWS\system32\drivers\vwmfserd.sys
2010-07-04 11:25:50 ----A---- D:\WINDOWS\system32\drivers\vwmfmdm.sys
2010-07-04 11:25:50 ----A---- D:\WINDOWS\system32\drivers\vwmfmdfl.sys
2010-07-04 11:25:50 ----A---- D:\WINDOWS\system32\drivers\vwmfdiag.sys
2010-07-04 11:25:50 ----A---- D:\WINDOWS\system32\drivers\vwmfcmnt.sys
2010-07-04 11:25:50 ----A---- D:\WINDOWS\system32\drivers\vwmfcm.sys
2010-07-04 11:25:50 ----A---- D:\WINDOWS\system32\drivers\vwmfbus.sys
2010-07-04 11:25:29 ----D---- D:\Program Files\Vertex Wireless
2010-07-04 11:25:27 ----D---- D:\Documents and Settings\All Users\Data aplikací\Vertex Wireless
2010-07-04 11:24:16 ----D---- D:\Documents and Settings\passy\Data aplikací\Identities
2010-07-04 11:24:13 ----HD---- D:\Program Files\Uninstall Information
2010-07-04 11:24:06 ----ASH---- D:\Documents and Settings\passy\Data aplikací\desktop.ini
2010-07-04 11:24:05 ----SD---- D:\Documents and Settings\passy\Data aplikací\Microsoft
2010-07-04 11:24:03 ----ASH---- D:\hiberfil.sys
2010-07-04 11:23:00 ----D---- D:\WINDOWS\SoftwareDistribution
2010-07-04 11:22:57 ----D---- D:\WINDOWS\Prefetch
2010-07-04 11:22:56 ----SD---- D:\WINDOWS\system32\Microsoft
2010-07-04 11:22:56 ----N---- D:\WINDOWS\SchedLgU.Txt
2010-07-04 11:17:18 ----D---- D:\WINDOWS\system32\xircom
2010-07-04 11:17:18 ----D---- D:\Program Files\xerox
2010-07-04 11:17:18 ----D---- D:\Program Files\microsoft frontpage
2010-07-04 11:16:40 ----A---- D:\WINDOWS\control.ini
2010-07-04 11:16:09 ----A---- D:\WINDOWS\system32\mapi32.dll
2010-07-04 11:14:29 ----SD---- D:\WINDOWS\Downloaded Program Files
2010-07-04 11:14:29 ----RD---- D:\WINDOWS\Offline Web Pages
2010-07-04 11:14:29 ----RAH---- D:\WINDOWS\system32\logonui.exe.manifest
2010-07-04 11:14:17 ----RAH---- D:\WINDOWS\system32\cdplayer.exe.manifest
2010-07-04 11:14:07 ----HD---- D:\Program Files\WindowsUpdate
2010-07-04 11:14:00 ----D---- D:\Program Files\Online Services
2010-07-04 11:13:37 ----D---- D:\WINDOWS\system32\DirectX
2010-07-04 11:13:19 ----A---- D:\WINDOWS\system32\atrace.dll
2010-07-04 11:13:17 ----A---- D:\WINDOWS\system32\desktop.ini
2010-07-04 11:13:17 ----A---- D:\WINDOWS\desktop.ini
2010-07-04 11:13:11 ----A---- D:\WINDOWS\system32\nmevtmsg.dll
2010-07-04 11:13:10 ----D---- D:\Program Files\Common Files\Services
2010-07-04 11:13:10 ----A---- D:\WINDOWS\system32\acctres.dll
2010-07-04 11:13:08 ----SD---- D:\WINDOWS\Tasks
2010-07-04 11:13:07 ----D---- D:\Program Files\Common Files\MSSoap
2010-07-04 11:13:07 ----A---- D:\WINDOWS\system32\icfgnt5.dll
2010-07-04 11:13:04 ----D---- D:\WINDOWS\srchasst
2010-07-04 11:13:03 ----D---- D:\WINDOWS\system32\Macromed
2010-07-04 11:13:00 ----A---- D:\WINDOWS\system32\wuweb.dll
2010-07-04 11:13:00 ----A---- D:\WINDOWS\system32\wups.dll
2010-07-04 11:13:00 ----A---- D:\WINDOWS\system32\wucltui.dll
2010-07-04 11:13:00 ----A---- D:\WINDOWS\system32\wuauserv.dll
2010-07-04 11:13:00 ----A---- D:\WINDOWS\system32\wuaueng1.dll
2010-07-04 11:13:00 ----A---- D:\WINDOWS\system32\wuaueng.dll
2010-07-04 11:13:00 ----A---- D:\WINDOWS\system32\wuauclt1.exe
2010-07-04 11:13:00 ----A---- D:\WINDOWS\system32\wuauclt.exe
2010-07-04 11:13:00 ----A---- D:\WINDOWS\system32\wuapi.dll
2010-07-04 11:12:59 ----A---- D:\WINDOWS\system32\qmgrprxy.dll
2010-07-04 11:12:59 ----A---- D:\WINDOWS\system32\qmgr.dll
2010-07-04 11:12:59 ----A---- D:\WINDOWS\system32\bitsprx3.dll
2010-07-04 11:12:59 ----A---- D:\WINDOWS\system32\bitsprx2.dll
2010-07-04 11:12:56 ----D---- D:\Program Files\Movie Maker
2010-07-04 11:12:53 ----A---- D:\WINDOWS\system32\safrslv.dll
2010-07-04 11:12:53 ----A---- D:\WINDOWS\system32\safrdm.dll
2010-07-04 11:12:53 ----A---- D:\WINDOWS\system32\safrcdlg.dll
2010-07-04 11:12:53 ----A---- D:\WINDOWS\system32\racpldlg.dll
2010-07-04 11:12:50 ----A---- D:\WINDOWS\system32\fltMc.exe
2010-07-04 11:12:50 ----A---- D:\WINDOWS\system32\fltlib.dll
2010-07-04 11:12:50 ----A---- D:\WINDOWS\system32\drivers\fltMgr.sys
2010-07-04 11:12:49 ----D---- D:\WINDOWS\system32\Restore
2010-07-04 11:12:49 ----A---- D:\WINDOWS\system32\srsvc.dll
2010-07-04 11:12:49 ----A---- D:\WINDOWS\system32\srrstr.dll
2010-07-04 11:12:49 ----A---- D:\WINDOWS\system32\srclient.dll
2010-07-04 11:12:49 ----A---- D:\WINDOWS\system32\drivers\sr.sys
2010-07-04 11:12:48 ----A---- D:\WINDOWS\system32\nmmkcert.dll
2010-07-04 11:12:48 ----A---- D:\WINDOWS\system32\msconf.dll
2010-07-04 11:12:48 ----A---- D:\WINDOWS\system32\mnmsrvc.exe
2010-07-04 11:12:48 ----A---- D:\WINDOWS\system32\mnmdd.dll
2010-07-04 11:12:48 ----A---- D:\WINDOWS\system32\isrdbg32.dll
2010-07-04 11:12:48 ----A---- D:\WINDOWS\system32\ils.dll
2010-07-04 11:12:46 ----D---- D:\Program Files\NetMeeting
2010-07-04 11:12:46 ----A---- D:\WINDOWS\system32\msoert2.dll
2010-07-04 11:12:46 ----A---- D:\WINDOWS\system32\msoeacct.dll
2010-07-04 11:12:45 ----A---- D:\WINDOWS\system32\inetres.dll
2010-07-04 11:12:45 ----A---- D:\WINDOWS\system32\inetcomm.dll
2010-07-04 11:12:43 ----D---- D:\Program Files\Outlook Express
2010-07-04 11:12:43 ----A---- D:\WINDOWS\system32\schedsvc.dll
2010-07-04 11:12:43 ----A---- D:\WINDOWS\system32\mstinit.exe
2010-07-04 11:12:43 ----A---- D:\WINDOWS\system32\mstask.dll
2010-07-04 11:12:43 ----A---- D:\WINDOWS\system32\isign32.dll
2010-07-04 11:12:43 ----A---- D:\WINDOWS\system32\icwphbk.dll
2010-07-04 11:12:43 ----A---- D:\WINDOWS\system32\icwdial.dll
2010-07-04 11:12:42 ----A---- D:\WINDOWS\system32\inetcfg.dll
2010-07-04 11:12:37 ----D---- D:\Program Files\Common Files\System
2010-07-04 11:12:36 ----D---- D:\Program Files\Internet Explorer
2010-07-04 11:11:22 ----D---- D:\Program Files\ComPlus Applications
2010-07-04 11:11:18 ----A---- D:\WINDOWS\vbaddin.ini
2010-07-04 11:11:18 ----A---- D:\WINDOWS\vb.ini
2010-07-04 11:11:09 ----D---- D:\WINDOWS\Registration
2010-07-04 11:10:56 ----D---- D:\Program Files\Windows Media Player
2010-07-04 11:10:48 ----D---- D:\Program Files\Messenger
2010-07-04 11:10:44 ----D---- D:\Program Files\MSN Gaming Zone
2010-07-04 11:10:44 ----A---- D:\WINDOWS\system32\write.exe
2010-07-04 11:10:35 ----A---- D:\WINDOWS\system32\winchat.exe
2010-07-04 11:10:35 ----A---- D:\WINDOWS\system32\sndvol32.exe
2010-07-04 11:10:35 ----A---- D:\WINDOWS\system32\hticons.dll
2010-07-04 11:10:35 ----A---- D:\WINDOWS\system32\avwav.dll
2010-07-04 11:10:35 ----A---- D:\WINDOWS\system32\avtapi.dll
2010-07-04 11:10:35 ----A---- D:\WINDOWS\system32\avmeter.dll
2010-07-04 11:10:28 ----A---- D:\WINDOWS\system32\sol.exe
2010-07-04 11:10:28 ----A---- D:\WINDOWS\system32\charmap.exe
2010-07-04 11:10:28 ----A---- D:\WINDOWS\system32\getuname.dll
2010-07-04 11:10:28 ----A---- D:\WINDOWS\system32\calc.exe
2010-07-04 11:10:27 ----A---- D:\WINDOWS\system32\winmine.exe
2010-07-04 11:10:27 ----A---- D:\WINDOWS\system32\usrlogon.cmd
2010-07-04 11:10:27 ----A---- D:\WINDOWS\system32\tsshutdn.exe
2010-07-04 11:10:27 ----A---- D:\WINDOWS\system32\tslabels.ini
2010-07-04 11:10:27 ----A---- D:\WINDOWS\system32\tskill.exe
2010-07-04 11:10:27 ----A---- D:\WINDOWS\system32\tsdiscon.exe
2010-07-04 11:10:27 ----A---- D:\WINDOWS\system32\tscon.exe
2010-07-04 11:10:27 ----A---- D:\WINDOWS\system32\reset.exe
2010-07-04 11:10:27 ----A---- D:\WINDOWS\system32\mshearts.exe
2010-07-04 11:10:27 ----A---- D:\WINDOWS\system32\freecell.exe
2010-07-04 11:10:26 ----A---- D:\WINDOWS\system32\shadow.exe
2010-07-04 11:10:26 ----A---- D:\WINDOWS\system32\rwinsta.exe
2010-07-04 11:10:26 ----A---- D:\WINDOWS\system32\regini.exe
2010-07-04 11:10:26 ----A---- D:\WINDOWS\system32\rdpcfgex.dll
2010-07-04 11:10:26 ----A---- D:\WINDOWS\system32\qwinsta.exe
2010-07-04 11:10:26 ----A---- D:\WINDOWS\system32\qappsrv.exe
2010-07-04 11:10:26 ----A---- D:\WINDOWS\system32\msg.exe
2010-07-04 11:10:26 ----A---- D:\WINDOWS\system32\msdtcprf.ini
2010-07-04 11:10:26 ----A---- D:\WINDOWS\system32\logoff.exe
2010-07-04 11:10:26 ----A---- D:\WINDOWS\system32\cdmodem.dll
2010-07-04 11:10:25 ----A---- D:\WINDOWS\system32\stclient.dll
2010-07-04 11:10:25 ----A---- D:\WINDOWS\system32\mtxlegih.dll
2010-07-04 11:10:25 ----A---- D:\WINDOWS\system32\mtxex.dll
2010-07-04 11:10:25 ----A---- D:\WINDOWS\system32\mtxdm.dll
2010-07-04 11:10:25 ----A---- D:\WINDOWS\system32\dcomcnfg.exe
2010-07-04 11:10:25 ----A---- D:\WINDOWS\system32\comrepl.dll
2010-07-04 11:10:25 ----A---- D:\WINDOWS\system32\comaddin.dll
2010-07-04 11:10:24 ----A---- D:\WINDOWS\system32\comsnap.dll
2010-07-04 11:10:20 ----A---- D:\WINDOWS\system32\wmimgmt.msc
2010-07-04 11:10:19 ----A---- D:\WINDOWS\system32\sndrec32.exe
2010-07-04 11:10:19 ----A---- D:\WINDOWS\system32\mplay32.exe
2010-07-04 11:10:19 ----A---- D:\WINDOWS\system32\accwiz.exe
2010-07-04 11:10:18 ----D---- D:\Program Files\Windows NT
2010-07-04 11:10:18 ----A---- D:\WINDOWS\system32\spider.exe
2010-07-04 11:10:18 ----A---- D:\WINDOWS\system32\mspaint.exe
2010-07-04 11:10:18 ----A---- D:\WINDOWS\system32\hypertrm.dll
2010-07-04 11:10:18 ----A---- D:\WINDOWS\system32\clipbrd.exe
2010-07-04 11:10:17 ----A---- D:\WINDOWS\system32\tscfgwmi.dll
2010-07-04 11:10:17 ----A---- D:\WINDOWS\system32\remotepg.dll
2010-07-04 11:10:17 ----A---- D:\WINDOWS\system32\rdshost.exe
2010-07-04 11:10:17 ----A---- D:\WINDOWS\system32\rdsaddin.exe
2010-07-04 11:10:17 ----A---- D:\WINDOWS\system32\mstscax.dll
2010-07-04 11:10:17 ----A---- D:\WINDOWS\system32\mstsc.exe
2010-07-04 11:10:17 ----A---- D:\WINDOWS\system32\drivers\tdtcp.sys
2010-07-04 11:10:17 ----A---- D:\WINDOWS\system32\drivers\tdpipe.sys
2010-07-04 11:10:17 ----A---- D:\WINDOWS\system32\drivers\rdpwd.sys
2010-07-04 11:10:16 ----A---- D:\WINDOWS\system32\tscupgrd.exe
2010-07-04 11:10:16 ----A---- D:\WINDOWS\system32\termsrv.dll
2010-07-04 11:10:16 ----A---- D:\WINDOWS\system32\sessmgr.exe
2010-07-04 11:10:16 ----A---- D:\WINDOWS\system32\rdpwsx.dll
2010-07-04 11:10:16 ----A---- D:\WINDOWS\system32\rdpsnd.dll
2010-07-04 11:10:16 ----A---- D:\WINDOWS\system32\rdpclip.exe
2010-07-04 11:10:16 ----A---- D:\WINDOWS\system32\rdchost.dll
2010-07-04 11:10:16 ----A---- D:\WINDOWS\system32\qprocess.exe
2010-07-04 11:10:16 ----A---- D:\WINDOWS\system32\icaapi.dll
2010-07-04 11:10:16 ----A---- D:\WINDOWS\system32\cfgbkend.dll
2010-07-04 11:10:15 ----D---- D:\WINDOWS\system32\MsDtc
2010-07-04 11:10:15 ----A---- D:\WINDOWS\system32\xolehlp.dll
2010-07-04 11:10:15 ----A---- D:\WINDOWS\system32\mtxoci.dll
2010-07-04 11:10:15 ----A---- D:\WINDOWS\system32\msdtcuiu.dll
2010-07-04 11:10:15 ----A---- D:\WINDOWS\system32\msdtctm.dll
2010-07-04 11:10:15 ----A---- D:\WINDOWS\system32\msdtcprx.dll
2010-07-04 11:10:15 ----A---- D:\WINDOWS\system32\msdtclog.dll
2010-07-04 11:10:15 ----A---- D:\WINDOWS\system32\msdtc.exe
2010-07-04 11:10:14 ----D---- D:\WINDOWS\system32\Com
2010-07-04 11:10:14 ----A---- D:\WINDOWS\system32\colbact.dll
2010-07-04 11:10:14 ----A---- D:\WINDOWS\system32\clbcatex.dll
2010-07-04 11:10:14 ----A---- D:\WINDOWS\system32\catsrvut.dll
2010-07-04 11:10:14 ----A---- D:\WINDOWS\system32\catsrvps.dll
2010-07-04 11:10:14 ----A---- D:\WINDOWS\system32\catsrv.dll
2010-07-04 11:10:13 ----A---- D:\WINDOWS\system32\comuid.dll
2010-07-04 11:10:13 ----A---- D:\WINDOWS\system32\comsvcs.dll
2010-07-04 11:10:13 ----A---- D:\WINDOWS\system32\clbcatq.dll
2010-07-04 11:10:07 ----A---- D:\WINDOWS\system32\servdeps.dll
2010-07-04 11:10:07 ----A---- D:\WINDOWS\system32\mmfutil.dll
2010-07-04 11:10:07 ----A---- D:\WINDOWS\system32\licwmi.dll
2010-07-04 11:10:07 ----A---- D:\WINDOWS\system32\cmprops.dll
2010-07-04 11:10:04 ----A---- D:\WINDOWS\system32\drivers\rdpdr.sys
2010-07-04 11:10:03 ----A---- D:\WINDOWS\system32\drivers\termdd.sys
2010-07-03 13:15:27 ----SH---- D:\boot.ini
2010-07-03 13:08:54 ----RSHDC---- D:\WINDOWS\system32\dllcache
2010-07-03 13:08:54 ----RSD---- D:\WINDOWS\Fonts
2010-07-03 13:08:54 ----RD---- D:\WINDOWS\Web
2010-07-03 13:08:54 ----HD---- D:\WINDOWS\inf
2010-07-03 13:08:54 ----D---- D:\WINDOWS\WinSxS
2010-07-03 13:08:54 ----D---- D:\WINDOWS\twain_32
2010-07-03 13:08:54 ----D---- D:\WINDOWS\Temp
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\wins
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\wbem
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\usmt
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\spool
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\ShellExt
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\Setup
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\ras
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\oobe
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\npp
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\mui
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\inetsrv
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\IME
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\icsxml
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\ias
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\export
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\drivers\etc
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\drivers\disdn
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\drivers
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\dhcp
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\config
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\3com_dmi
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\3076
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\2052
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\1054
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\1042
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\1041
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\1037
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\1033
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\1031
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\1029
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\1028
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32\1025
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system32
2010-07-03 13:08:54 ----D---- D:\WINDOWS\system
2010-07-03 13:08:54 ----D---- D:\WINDOWS\security
2010-07-03 13:08:54 ----D---- D:\WINDOWS\Resources
2010-07-03 13:08:54 ----D---- D:\WINDOWS\repair
2010-07-03 13:08:54 ----D---- D:\WINDOWS\Provisioning
2010-07-03 13:08:54 ----D---- D:\WINDOWS\pchealth
2010-07-03 13:08:54 ----D---- D:\WINDOWS\PeerNet
2010-07-03 13:08:54 ----D---- D:\WINDOWS\mui
2010-07-03 13:08:54 ----D---- D:\WINDOWS\msapps
2010-07-03 13:08:54 ----D---- D:\WINDOWS\msagent
2010-07-03 13:08:54 ----D---- D:\WINDOWS\Media
2010-07-03 13:08:54 ----D---- D:\WINDOWS\java
2010-07-03 13:08:54 ----D---- D:\WINDOWS\ime
2010-07-03 13:08:54 ----D---- D:\WINDOWS\Help
2010-07-03 13:08:54 ----D---- D:\WINDOWS\ehome
2010-07-03 13:08:54 ----D---- D:\WINDOWS\Driver Cache
2010-07-03 13:08:54 ----D---- D:\WINDOWS\Debug
2010-07-03 13:08:54 ----D---- D:\WINDOWS\Cursors
2010-07-03 13:08:54 ----D---- D:\WINDOWS\Connection Wizard
2010-07-03 13:08:54 ----D---- D:\WINDOWS\Config
2010-07-03 13:08:54 ----D---- D:\WINDOWS\AppPatch
2010-07-03 13:08:54 ----D---- D:\WINDOWS\addins
2010-07-03 13:08:54 ----D---- D:\WINDOWS
2010-06-29 22:52:46 ----SHD---- D:\RECYCLER
2010-06-26 14:04:54 ----A---- D:\heslo.txt
2010-06-26 13:25:00 ----A---- D:\Codecs6030_allin1.exe
2010-06-26 11:12:41 ----A---- D:\tcmd755.exe
2010-06-21 13:59:36 ----AD---- D:\Split.Second.Velocity-RELOADED
2010-06-21 12:49:26 ----SHD---- D:\$RECYCLE.BIN
2010-06-21 12:49:23 ----SHD---- D:\System Volume Information

======List of files/folders modified in the last 1 months======

2010-07-06 12:35:40 ----A---- D:\WINDOWS\win.ini
2010-07-04 13:03:02 ----A---- D:\WINDOWS\system.ini
2010-07-04 11:15:44 ----ASH---- D:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; D:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
R0 AvgRkx86;avgrkx86.sys; D:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-07-11 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86; D:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-11 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; D:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-07-11 27784]
R1 AvgTdiX;AVG8 Network Redirector; D:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-11 108552]
R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R3 Avgfwdx;Avgfwdx; D:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-07-04 29208]
R3 E100B;Intel(R) PRO Adapter Driver; D:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 vwmfbus;Vertex Wireless Composite Device driver (WDM); D:\WINDOWS\system32\DRIVERS\vwmfbus.sys [2009-11-11 98560]
R3 vwmfdiag;Vertex Wireless Diagnostic Monitor Port Driver (WDM); D:\WINDOWS\system32\DRIVERS\vwmfdiag.sys [2009-11-11 100224]
R3 vwmfmdfl;~Vertex Wireless CDC Modem Filter~; D:\WINDOWS\system32\DRIVERS\vwmfmdfl.sys [2009-11-11 14848]
R3 vwmfmdm;Vertex Wireless CDC Modem Driver; D:\WINDOWS\system32\DRIVERS\vwmfmdm.sys [2009-11-11 123776]
R3 vwmfserd;Vertex Wireless Device Management Port Driver (WDM); D:\WINDOWS\system32\DRIVERS\vwmfserd.sys [2009-11-11 100224]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S3 Avgfwfd;AVG network filter service; D:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-07-04 29208]
S3 nmwcd;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbser;USB Modem Driver; D:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2010-07-11 297752]
R2 avgfws8;AVG8 Firewall; D:\PROGRA~1\AVG\AVG8\avgfws8.exe [2010-07-04 1370488]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-07 136176]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

eda
VIP
VIP
Příspěvky: 576
Registrován: 24 srp 2006 10:35
Bydliště: Kroměříž

Re: AVG našel Trojana

#2 Příspěvek od eda »

Dobrej den,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna :!:

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Obrázek
ObrázekObrázek
Jestli se Vám líbím, můžete mě kontaktovat na eda@forum.viry.cz :-)

passy
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 03 lis 2006 12:40

Re: AVG našel Trojana

#3 Příspěvek od passy »

Provedeno



ComboFix 10-07-16.01 - passy 18.07.2010 11:34:39.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.256.119 [GMT 2:00]
Spuštěný z: d:\documents and settings\passy\Dokumenty\Stažené soubory\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-18 do 2010-07-18 )))))))))))))))))))))))))))))))
.

2010-07-18 08:42 . 2010-07-18 08:43 -------- d-----w- d:\program files\CCleaner
2010-07-18 08:32 . 2010-07-18 08:49 -------- d-----w- d:\program files\trend micro
2010-07-18 08:32 . 2010-07-18 08:33 -------- d-----w- D:\rsit
2010-07-18 05:43 . 2008-10-31 16:43 -------- d-----w- D:\Scotti
2010-07-18 05:20 . 2009-04-22 05:26 -------- d-----w- D:\Sp.Club.p4f
2010-07-17 08:58 . 2009-02-19 07:13 -------- d-----w- D:\Roughman
2010-07-17 08:41 . 2010-07-17 08:41 -------- d-----w- D:\M.Lewi
2010-07-17 08:33 . 2010-07-17 08:33 -------- d-----w- D:\M.P.H.B
2010-07-16 13:39 . 2010-07-16 13:39 -------- d-----w- D:\Lps.GarPar
2010-07-11 13:16 . 2010-07-11 13:40 -------- d-----w- D:\$AVG8.VAULT$
2010-07-11 09:10 . 2010-07-11 09:10 11952 ----a-w- d:\windows\system32\avgrsstx.dll
2010-07-11 09:10 . 2010-07-11 09:10 12552 ----a-w- d:\windows\system32\drivers\avgrkx86.sys
2010-07-11 09:10 . 2010-07-11 09:10 108552 ----a-w- d:\windows\system32\drivers\avgtdix.sys
2010-07-11 09:10 . 2010-07-11 09:10 335240 ----a-w- d:\windows\system32\drivers\avgldx86.sys
2010-07-11 09:10 . 2010-07-11 09:10 27784 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
2010-07-11 09:10 . 2010-07-17 22:32 -------- d-----w- d:\windows\system32\drivers\Avg
2010-07-11 07:30 . 2010-07-04 07:05 29208 ----a-w- d:\windows\system32\drivers\avgfwdx.sys
2010-07-11 07:30 . 2010-07-04 07:05 50968 ----a-w- d:\windows\system32\avgfwdx.dll
2010-07-11 07:30 . 2010-07-11 07:30 -------- d-----w- d:\program files\AVG
2010-07-11 06:47 . 2010-07-11 09:54 -------- d-----w- d:\program files\Seznam.cz
2010-07-11 04:52 . 2010-07-11 04:52 -------- d-----w- D:\JudCan_II
2010-07-11 04:46 . 2010-07-11 04:46 -------- d-----w- D:\Judcan_3
2010-07-08 19:25 . 2010-07-08 19:25 -------- d-----w- d:\program files\AskBarDis
2010-07-08 19:25 . 2010-07-08 19:25 -------- d-----w- d:\program files\Foxit Software
2010-07-07 13:46 . 2010-07-07 13:56 -------- d-----w- d:\program files\Google
2010-07-06 10:36 . 2003-06-18 23:31 18944 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-07-06 10:36 . 2003-06-18 23:31 17920 ----a-w- d:\windows\system32\mdimon.dll
2010-07-06 10:34 . 2010-07-06 10:34 -------- d-----w- d:\program files\Microsoft.NET
2010-07-06 10:32 . 2010-07-06 10:34 -------- d-----w- d:\windows\SHELLNEW
2010-07-06 10:29 . 2010-07-06 10:29 -------- d-----r- D:\MSOCache
2010-07-06 06:35 . 2010-06-17 05:55 545 ----a-w- d:\windows\UC.PIF
2010-07-06 06:35 . 2010-06-17 05:55 545 ----a-w- d:\windows\RAR.PIF
2010-07-06 06:35 . 2010-06-17 05:55 545 ----a-w- d:\windows\PKZIP.PIF
2010-07-06 06:35 . 2010-06-17 05:55 545 ----a-w- d:\windows\PKUNZIP.PIF
2010-07-06 06:35 . 2010-06-17 05:55 545 ----a-w- d:\windows\NOCLOSE.PIF
2010-07-06 06:35 . 2010-06-17 05:55 545 ----a-w- d:\windows\LHA.PIF
2010-07-06 06:35 . 2010-06-17 05:55 545 ----a-w- d:\windows\ARJ.PIF
2010-07-04 11:07 . 2004-08-03 23:07 6400 ----a-w- d:\windows\system32\drivers\splitter.sys
2010-07-04 11:07 . 2004-08-03 23:07 2944 ----a-w- d:\windows\system32\drivers\drmkaud.sys
2010-07-04 11:07 . 2004-08-03 22:39 142464 ----a-w- d:\windows\system32\drivers\aec.sys
2010-07-04 11:07 . 2004-08-03 22:58 4992 ----a-w- d:\windows\system32\drivers\MSPQM.sys
2010-07-04 11:07 . 2004-08-03 23:15 82944 ----a-w- d:\windows\system32\drivers\wdmaud.sys
2010-07-04 11:06 . 2004-08-03 23:07 171776 ----a-w- d:\windows\system32\drivers\kmixer.sys
2010-07-04 11:06 . 2001-08-17 22:00 54272 ----a-w- d:\windows\system32\drivers\swmidi.sys
2010-07-04 11:06 . 2004-08-03 23:07 52864 ----a-w- d:\windows\system32\drivers\DMusic.sys
2010-07-04 11:06 . 2004-08-03 23:15 60800 ----a-w- d:\windows\system32\drivers\sysaudio.sys
2010-07-04 11:06 . 2004-08-03 22:58 5376 ----a-w- d:\windows\system32\drivers\MSPCLOCK.sys
2010-07-04 11:06 . 2004-08-03 22:58 7552 ----a-w- d:\windows\system32\drivers\MSKSSRV.sys
2010-07-04 11:06 . 2001-08-17 21:59 3072 ----a-w- d:\windows\system32\drivers\audstub.sys
2010-07-04 11:06 . 2004-08-17 15:43 58240 ----a-w- d:\windows\system32\drivers\redbook.sys
2010-07-04 11:05 . 2001-10-24 11:46 117760 ----a-w- d:\windows\system32\drivers\e100b325.sys
2010-07-04 11:05 . 2004-08-03 23:08 10624 ----a-w- d:\windows\system32\drivers\gameenum.sys
2010-07-04 11:05 . 2004-08-03 22:29 1897408 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2010-07-04 11:05 . 2004-08-17 15:49 4274816 ----a-w- d:\windows\system32\nv4_disp.dll
2010-07-04 11:05 . 2004-08-03 23:07 42368 ----a-w- d:\windows\system32\drivers\AGP440.SYS
2010-07-04 11:05 . 2004-08-17 15:49 75264 ----a-w- d:\windows\system32\usbui.dll
2010-07-04 11:05 . 2004-08-17 15:49 4096 ----a-w- d:\windows\system32\ksuser.dll
2010-07-04 11:05 . 2004-08-03 23:15 145792 ----a-w- d:\windows\system32\drivers\portcls.sys
2010-07-04 11:05 . 2001-08-17 20:20 96256 ----a-w- d:\windows\system32\drivers\ac97intc.sys
2010-07-04 11:05 . 2004-08-03 23:08 60288 ----a-w- d:\windows\system32\drivers\drmk.sys
2010-07-04 11:03 . 2010-07-11 09:53 -------- d-sh--w- d:\windows\Installer
2010-07-04 11:03 . 2001-10-25 14:00 61440 -c--a-w- d:\windows\system32\dllcache\spcplui.dll
2010-07-04 11:03 . 2001-10-25 14:00 77824 -c--a-w- d:\windows\system32\dllcache\spcommon.dll
2010-07-04 11:03 . 2001-10-25 14:00 774144 -c--a-w- d:\windows\system32\dllcache\spttseng.dll
2010-07-04 11:03 . 2004-08-17 13:49 741376 -c--a-w- d:\windows\system32\dllcache\sapi.dll
2010-07-04 11:03 . 2001-10-25 14:00 36864 -c--a-w- d:\windows\system32\dllcache\sapisvr.exe
2010-07-04 11:03 . 2010-07-18 08:42 -------- d-----r- D:\Program Files
2010-07-04 11:03 . 2001-10-25 14:00 19456 -c--a-w- d:\windows\system32\dllcache\agt041f.dll
2010-07-04 11:01 . 2010-07-04 09:24 -------- d-----w- D:\Documents and Settings
2010-07-04 11:01 . 2010-07-04 09:16 -------- d--h--w- d:\documents and settings\Default User
2010-07-04 11:01 . 2010-07-04 09:14 -------- d-----w- d:\documents and settings\All Users
2010-07-04 11:00 . 2010-07-04 11:00 -------- d-----w- d:\documents and settings\passy\Data aplikac?
2010-07-04 10:28 . 2010-07-04 10:28 737280 ----a-w- d:\windows\iun6002.exe
2010-07-04 10:28 . 2010-07-04 10:28 -------- d-----w- d:\program files\Codec Pack - All In 1
2010-07-04 10:09 . 2004-08-03 21:08 25600 -c--a-w- d:\windows\system32\dllcache\usbser.sys
2010-07-04 10:09 . 2004-08-03 21:08 25600 ----a-w- d:\windows\system32\drivers\usbser.sys
2010-07-04 10:09 . 2008-11-07 16:55 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2010-07-04 10:02 . 2010-07-04 10:03 -------- d-----w- d:\program files\Common Files\Nokia
2010-07-04 10:01 . 2010-07-04 10:01 -------- d-----w- d:\program files\DIFX
2010-07-04 10:01 . 2008-08-26 08:26 18816 ----a-w- d:\windows\system32\drivers\pccsmcfd.sys
2010-07-04 10:01 . 2010-07-04 10:01 -------- d-----w- d:\program files\PC Connectivity Solution

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 09:44 . 2010-07-04 09:45 -------- d-----w- d:\program files\JetAudio
2010-07-05 09:51 . 2010-07-04 09:15 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-05 09:51 . 2010-07-04 09:15 2426 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-07-05 09:49 . 2010-07-04 09:15 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-07-04 10:11 . 2010-07-04 10:11 0 ---ha-w- d:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-04 10:11 . 2010-07-04 10:11 0 ---ha-w- d:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-07-04 10:09 . 2010-07-04 10:09 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-04 10:09 . 2010-07-04 10:09 0 ---ha-w- d:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-04 10:01 . 2010-07-04 09:47 -------- d-----w- d:\program files\Nokia
2010-07-04 09:50 . 2010-07-04 09:50 -------- d-----w- d:\program files\MSXML 6.0
2010-07-04 09:46 . 2010-07-04 09:45 -------- d-----w- d:\program files\Common Files\COWON
2010-07-04 09:45 . 2010-07-04 09:45 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-07-04 09:43 . 2010-07-04 09:43 0 ----a-w- d:\windows\nsreg.dat
2010-07-04 09:37 . 2001-10-25 14:00 46016 ----a-w- d:\windows\system32\perfc005.dat
2010-07-04 09:37 . 2001-10-25 14:00 309716 ----a-w- d:\windows\system32\perfh005.dat
2010-07-04 09:25 . 2010-07-04 09:25 -------- d-----w- d:\program files\Vertex Wireless
2010-07-04 09:17 . 2010-07-04 09:17 -------- d-----w- d:\program files\microsoft frontpage
2010-07-04 09:11 . 2010-07-04 09:11 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2010-06-26 11:25 . 2010-06-26 11:25 10050902 ----a-w- D:\Codecs6030_allin1.exe
2010-06-26 09:24 . 2010-06-26 09:24 9466278 ----a-w- D:\alcohol-120-v1-9-8-7612-by-djrico-www-djrico-gzk-cz.zip
2010-06-26 09:20 . 2010-06-26 09:20 1094021 ----a-w- D:\dvdshrink32setup.zip
2010-06-26 09:12 . 2010-06-26 09:12 3253816 ----a-w- D:\tcmd755.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58 333192 ----a-w- d:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "d:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="d:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-06-18 671608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="d:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-11 2048352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-11 09:10 11952 ----a-w- d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;d:\windows\system32\drivers\avgrkx86.sys [11.7.2010 11:10 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [11.7.2010 11:10 335240]
R1 AvgTdiX;AVG8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [11.7.2010 11:10 108552]
R3 Avgfwdx;Avgfwdx;d:\windows\system32\drivers\avgfwdx.sys [11.7.2010 9:30 29208]
S3 Avgfwfd;AVG network filter service;d:\windows\system32\drivers\avgfwdx.sys [11.7.2010 9:30 29208]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-17 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 13:46]

2010-07-18 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 13:46]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\passy\Data aplikací\Mozilla\Firefox\Profiles\jstuv5le.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.seznam.cz/?sourceid=FFlisticka_13&q=
FF - component: d:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: d:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-18 11:45
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1052)
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-07-18 11:49:04
ComboFix-quarantined-files.txt 2010-07-18 09:48

Před spuštěním: 8 900 009 984
Po spuštění: 8 871 591 936

- - End Of File - - 6F1CCC2ED0D07F6B167CD74DF9A77A9A

eda
VIP
VIP
Příspěvky: 576
Registrován: 24 srp 2006 10:35
Bydliště: Kroměříž

Re: AVG našel Trojana

#4 Příspěvek od eda »

Pár spíš drobností tam je, ale nic hroznýho. Klikněte ještě na MBAM v mém podpise, udělejte rychlý scan a vložte sem log.
Obrázek
ObrázekObrázek
Jestli se Vám líbím, můžete mě kontaktovat na eda@forum.viry.cz :-)

passy
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 03 lis 2006 12:40

Re: AVG našel Trojana

#5 Příspěvek od passy »

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4323

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

18.7.2010 14:25:57
mbam-log-2010-07-18 (14-25-57).txt

Typ skenu: Rychlý sken
Skenované objekty: 119655
Uplynulý čas: 18 minuta(y), 29 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)


Takže asi dobrý, ne?

eda
VIP
VIP
Příspěvky: 576
Registrován: 24 srp 2006 10:35
Bydliště: Kroměříž

Re: AVG našel Trojana

#6 Příspěvek od eda »

No, jednu věc provedeme.

pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

Folder::
d:\program files\AskBarDis

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-

ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:

Obrázek

po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem :)

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci :)
Obrázek
ObrázekObrázek
Jestli se Vám líbím, můžete mě kontaktovat na eda@forum.viry.cz :-)

passy
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 03 lis 2006 12:40

Re: AVG našel Trojana

#7 Příspěvek od passy »

Je tu, funguju ale až zítra :)
ComboFix 10-07-16.01 - passy 18.07.2010 15:15:07.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.256.133 [GMT 2:00]
Spuštěný z: d:\documents and settings\passy\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\passy\Plocha\CFScript.txt.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\program files\AskBarDis
d:\program files\AskBarDis\bar\bin\askBar.dll
d:\program files\AskBarDis\bar\bin\askPopStp.dll
d:\program files\AskBarDis\bar\bin\psvince.dll
d:\program files\AskBarDis\bar\Settings\config.dat
d:\program files\AskBarDis\bar\Settings\config.dat.bak
d:\program files\AskBarDis\unins000.dat
d:\program files\AskBarDis\unins000.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-18 do 2010-07-18 )))))))))))))))))))))))))))))))
.

2010-07-18 12:39 . 2010-07-18 12:39 -------- d-----w- d:\program files\XP_Key_Changer
2010-07-18 11:58 . 2010-04-29 13:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-07-18 11:58 . 2010-04-29 13:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-07-18 11:58 . 2010-07-18 11:58 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-07-18 08:42 . 2010-07-18 08:43 -------- d-----w- d:\program files\CCleaner
2010-07-18 08:32 . 2010-07-18 08:49 -------- d-----w- d:\program files\trend micro
2010-07-18 08:32 . 2010-07-18 08:33 -------- d-----w- D:\rsit
2010-07-18 05:43 . 2008-10-31 16:43 -------- d-----w- D:\Scotti
2010-07-18 05:20 . 2009-04-22 05:26 -------- d-----w- D:\Sp.Club.p4f
2010-07-17 08:58 . 2009-02-19 07:13 -------- d-----w- D:\Roughman
2010-07-17 08:41 . 2010-07-17 08:41 -------- d-----w- D:\M.Lewi
2010-07-17 08:33 . 2010-07-17 08:33 -------- d-----w- D:\M.P.H.B
2010-07-16 13:39 . 2010-07-16 13:39 -------- d-----w- D:\Lps.GarPar
2010-07-11 13:16 . 2010-07-11 13:40 -------- d-----w- D:\$AVG8.VAULT$
2010-07-11 09:10 . 2010-07-11 09:10 11952 ----a-w- d:\windows\system32\avgrsstx.dll
2010-07-11 09:10 . 2010-07-11 09:10 12552 ----a-w- d:\windows\system32\drivers\avgrkx86.sys
2010-07-11 09:10 . 2010-07-11 09:10 108552 ----a-w- d:\windows\system32\drivers\avgtdix.sys
2010-07-11 09:10 . 2010-07-11 09:10 335240 ----a-w- d:\windows\system32\drivers\avgldx86.sys
2010-07-11 09:10 . 2010-07-11 09:10 27784 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
2010-07-11 09:10 . 2010-07-18 10:30 -------- d-----w- d:\windows\system32\drivers\Avg
2010-07-11 07:30 . 2010-07-04 07:05 29208 ----a-w- d:\windows\system32\drivers\avgfwdx.sys
2010-07-11 07:30 . 2010-07-04 07:05 50968 ----a-w- d:\windows\system32\avgfwdx.dll
2010-07-11 07:30 . 2010-07-11 07:30 -------- d-----w- d:\program files\AVG
2010-07-11 06:47 . 2010-07-11 09:54 -------- d-----w- d:\program files\Seznam.cz
2010-07-11 04:52 . 2010-07-11 04:52 -------- d-----w- D:\JudCan_II
2010-07-11 04:46 . 2010-07-11 04:46 -------- d-----w- D:\Judcan_3
2010-07-08 19:25 . 2010-07-08 19:25 -------- d-----w- d:\program files\Foxit Software
2010-07-07 13:46 . 2010-07-07 13:56 -------- d-----w- d:\program files\Google
2010-07-06 10:36 . 2003-06-18 23:31 18944 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-07-06 10:36 . 2003-06-18 23:31 17920 ----a-w- d:\windows\system32\mdimon.dll
2010-07-06 10:34 . 2010-07-06 10:34 -------- d-----w- d:\program files\Microsoft.NET
2010-07-06 10:32 . 2010-07-06 10:34 -------- d-----w- d:\windows\SHELLNEW
2010-07-06 10:29 . 2010-07-06 10:29 -------- d-----r- D:\MSOCache
2010-07-06 06:35 . 2010-06-17 05:55 545 ----a-w- d:\windows\UC.PIF
2010-07-06 06:35 . 2010-06-17 05:55 545 ----a-w- d:\windows\RAR.PIF
2010-07-06 06:35 . 2010-06-17 05:55 545 ----a-w- d:\windows\PKZIP.PIF
2010-07-06 06:35 . 2010-06-17 05:55 545 ----a-w- d:\windows\PKUNZIP.PIF
2010-07-06 06:35 . 2010-06-17 05:55 545 ----a-w- d:\windows\NOCLOSE.PIF
2010-07-06 06:35 . 2010-06-17 05:55 545 ----a-w- d:\windows\LHA.PIF
2010-07-06 06:35 . 2010-06-17 05:55 545 ----a-w- d:\windows\ARJ.PIF
2010-07-04 11:07 . 2004-08-03 23:07 6400 ----a-w- d:\windows\system32\drivers\splitter.sys
2010-07-04 11:07 . 2004-08-03 23:07 2944 ----a-w- d:\windows\system32\drivers\drmkaud.sys
2010-07-04 11:07 . 2004-08-03 22:39 142464 ----a-w- d:\windows\system32\drivers\aec.sys
2010-07-04 11:07 . 2004-08-03 22:58 4992 ----a-w- d:\windows\system32\drivers\MSPQM.sys
2010-07-04 11:07 . 2004-08-03 23:15 82944 ----a-w- d:\windows\system32\drivers\wdmaud.sys
2010-07-04 11:06 . 2004-08-03 23:07 171776 ----a-w- d:\windows\system32\drivers\kmixer.sys
2010-07-04 11:06 . 2001-08-17 22:00 54272 ----a-w- d:\windows\system32\drivers\swmidi.sys
2010-07-04 11:06 . 2004-08-03 23:07 52864 ----a-w- d:\windows\system32\drivers\DMusic.sys
2010-07-04 11:06 . 2004-08-03 23:15 60800 ----a-w- d:\windows\system32\drivers\sysaudio.sys
2010-07-04 11:06 . 2004-08-03 22:58 5376 ----a-w- d:\windows\system32\drivers\MSPCLOCK.sys
2010-07-04 11:06 . 2004-08-03 22:58 7552 ----a-w- d:\windows\system32\drivers\MSKSSRV.sys
2010-07-04 11:06 . 2001-08-17 21:59 3072 ----a-w- d:\windows\system32\drivers\audstub.sys
2010-07-04 11:06 . 2004-08-17 15:43 58240 ----a-w- d:\windows\system32\drivers\redbook.sys
2010-07-04 11:05 . 2001-10-24 11:46 117760 ----a-w- d:\windows\system32\drivers\e100b325.sys
2010-07-04 11:05 . 2004-08-03 23:08 10624 ----a-w- d:\windows\system32\drivers\gameenum.sys
2010-07-04 11:05 . 2004-08-03 22:29 1897408 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2010-07-04 11:05 . 2004-08-17 15:49 4274816 ----a-w- d:\windows\system32\nv4_disp.dll
2010-07-04 11:05 . 2004-08-03 23:07 42368 ----a-w- d:\windows\system32\drivers\AGP440.SYS
2010-07-04 11:05 . 2004-08-17 15:49 75264 ----a-w- d:\windows\system32\usbui.dll
2010-07-04 11:05 . 2004-08-17 15:49 4096 ----a-w- d:\windows\system32\ksuser.dll
2010-07-04 11:05 . 2004-08-03 23:15 145792 ----a-w- d:\windows\system32\drivers\portcls.sys
2010-07-04 11:05 . 2001-08-17 20:20 96256 ----a-w- d:\windows\system32\drivers\ac97intc.sys
2010-07-04 11:05 . 2004-08-03 23:08 60288 ----a-w- d:\windows\system32\drivers\drmk.sys
2010-07-04 11:03 . 2010-07-11 09:53 -------- d-sh--w- d:\windows\Installer
2010-07-04 11:03 . 2001-10-25 14:00 61440 -c--a-w- d:\windows\system32\dllcache\spcplui.dll
2010-07-04 11:03 . 2001-10-25 14:00 77824 -c--a-w- d:\windows\system32\dllcache\spcommon.dll
2010-07-04 11:03 . 2001-10-25 14:00 774144 -c--a-w- d:\windows\system32\dllcache\spttseng.dll
2010-07-04 11:03 . 2004-08-17 13:49 741376 -c--a-w- d:\windows\system32\dllcache\sapi.dll
2010-07-04 11:03 . 2001-10-25 14:00 36864 -c--a-w- d:\windows\system32\dllcache\sapisvr.exe
2010-07-04 11:03 . 2010-07-18 13:24 -------- d-----r- D:\Program Files
2010-07-04 11:03 . 2001-10-25 14:00 19456 -c--a-w- d:\windows\system32\dllcache\agt041f.dll
2010-07-04 11:01 . 2010-07-18 09:49 -------- d--h--w- d:\documents and settings\Default User
2010-07-04 11:01 . 2010-07-04 09:24 -------- d-----w- D:\Documents and Settings
2010-07-04 11:01 . 2010-07-04 09:14 -------- d-----w- d:\documents and settings\All Users
2010-07-04 11:00 . 2010-07-04 11:00 -------- d-----w- d:\documents and settings\passy\Data aplikac?
2010-07-04 10:28 . 2010-07-04 10:28 737280 ----a-w- d:\windows\iun6002.exe
2010-07-04 10:28 . 2010-07-04 10:28 -------- d-----w- d:\program files\Codec Pack - All In 1
2010-07-04 10:09 . 2004-08-03 21:08 25600 -c--a-w- d:\windows\system32\dllcache\usbser.sys
2010-07-04 10:09 . 2004-08-03 21:08 25600 ----a-w- d:\windows\system32\drivers\usbser.sys
2010-07-04 10:09 . 2008-11-07 16:55 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2010-07-04 10:02 . 2010-07-04 10:03 -------- d-----w- d:\program files\Common Files\Nokia
2010-07-04 10:01 . 2010-07-04 10:01 -------- d-----w- d:\program files\DIFX
2010-07-04 10:01 . 2008-08-26 08:26 18816 ----a-w- d:\windows\system32\drivers\pccsmcfd.sys
2010-07-04 10:01 . 2010-07-04 10:01 -------- d-----w- d:\program files\PC Connectivity Solution

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 09:44 . 2010-07-04 09:45 -------- d-----w- d:\program files\JetAudio
2010-07-05 09:51 . 2010-07-04 09:15 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-05 09:51 . 2010-07-04 09:15 2426 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-07-05 09:49 . 2010-07-04 09:15 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-07-04 10:11 . 2010-07-04 10:11 0 ---ha-w- d:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-04 10:11 . 2010-07-04 10:11 0 ---ha-w- d:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-07-04 10:09 . 2010-07-04 10:09 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-04 10:09 . 2010-07-04 10:09 0 ---ha-w- d:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-04 10:01 . 2010-07-04 09:47 -------- d-----w- d:\program files\Nokia
2010-07-04 09:50 . 2010-07-04 09:50 -------- d-----w- d:\program files\MSXML 6.0
2010-07-04 09:46 . 2010-07-04 09:45 -------- d-----w- d:\program files\Common Files\COWON
2010-07-04 09:45 . 2010-07-04 09:45 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-07-04 09:43 . 2010-07-04 09:43 0 ----a-w- d:\windows\nsreg.dat
2010-07-04 09:37 . 2001-10-25 14:00 46016 ----a-w- d:\windows\system32\perfc005.dat
2010-07-04 09:37 . 2001-10-25 14:00 309716 ----a-w- d:\windows\system32\perfh005.dat
2010-07-04 09:25 . 2010-07-04 09:25 -------- d-----w- d:\program files\Vertex Wireless
2010-07-04 09:17 . 2010-07-04 09:17 -------- d-----w- d:\program files\microsoft frontpage
2010-07-04 09:11 . 2010-07-04 09:11 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2010-06-26 11:25 . 2010-06-26 11:25 10050902 ----a-w- D:\Codecs6030_allin1.exe
2010-06-26 09:24 . 2010-06-26 09:24 9466278 ----a-w- D:\alcohol-120-v1-9-8-7612-by-djrico-www-djrico-gzk-cz.zip
2010-06-26 09:20 . 2010-06-26 09:20 1094021 ----a-w- D:\dvdshrink32setup.zip
2010-06-26 09:12 . 2010-06-26 09:12 3253816 ----a-w- D:\tcmd755.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="d:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-06-18 671608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="d:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-11 2048352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-11 09:10 11952 ----a-w- d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;d:\windows\system32\drivers\avgrkx86.sys [11.7.2010 11:10 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [11.7.2010 11:10 335240]
R1 AvgTdiX;AVG8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [11.7.2010 11:10 108552]
R2 avg8wd;AVG8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [11.7.2010 9:30 297752]
R2 avgfws8;AVG8 Firewall;d:\progra~1\AVG\AVG8\avgfws8.exe [11.7.2010 9:30 1370488]
R3 Avgfwdx;Avgfwdx;d:\windows\system32\drivers\avgfwdx.sys [11.7.2010 9:30 29208]
R3 vwmfbus;Vertex Wireless Composite Device driver (WDM);d:\windows\system32\drivers\vwmfbus.sys [4.7.2010 11:25 98560]
R3 vwmfdiag;Vertex Wireless Diagnostic Monitor Port Driver (WDM);d:\windows\system32\drivers\vwmfdiag.sys [4.7.2010 11:25 100224]
R3 vwmfmdfl;~Vertex Wireless CDC Modem Filter~;d:\windows\system32\drivers\vwmfmdfl.sys [4.7.2010 11:25 14848]
R3 vwmfmdm;Vertex Wireless CDC Modem Driver;d:\windows\system32\drivers\vwmfmdm.sys [4.7.2010 11:25 123776]
R3 vwmfserd;Vertex Wireless Device Management Port Driver (WDM);d:\windows\system32\drivers\vwmfserd.sys [4.7.2010 11:25 100224]
S2 gupdate;Služba Google Update (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [7.7.2010 15:47 136176]
S3 Avgfwfd;AVG network filter service;d:\windows\system32\drivers\avgfwdx.sys [11.7.2010 9:30 29208]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-17 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 13:46]

2010-07-18 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 13:46]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {30AB73D2-58FC-4C4D-9EEC-9ACFAF9F40EE} = 78.136.128.4 78.136.128.12
FF - ProfilePath - d:\documents and settings\passy\Data aplikací\Mozilla\Firefox\Profiles\jstuv5le.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.seznam.cz/?sourceid=FFlisticka_13&q=
FF - component: d:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: d:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Ask Toolbar_is1 - d:\program files\AskBarDis\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-18 15:26
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-07-18 15:29:05
ComboFix-quarantined-files.txt 2010-07-18 13:28
ComboFix2.txt 2010-07-18 09:49

Před spuštěním: 8 286 396 416
Po spuštění: 8 279 486 464

- - End Of File - - 9AD4E865DAF6F842DB8D05DC0B43771D

eda
VIP
VIP
Příspěvky: 576
Registrován: 24 srp 2006 10:35
Bydliště: Kroměříž

Re: AVG našel Trojana

#8 Příspěvek od eda »

Už je to O.K.

Odinstalujte ComboFix: Start-Spustit-combofix /Uninstall

Co je ale proboha toto: d:\program files\XP_Key_Changer :???:
Obrázek
ObrázekObrázek
Jestli se Vám líbím, můžete mě kontaktovat na eda@forum.viry.cz :-)

passy
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 03 lis 2006 12:40

Re: AVG našel Trojana

#9 Příspěvek od passy »

Už to tam není, nevím jak se to tam mohlo dostat.
Díky za pomoc :worship: a někdy zase na psanou :James008:

eda
VIP
VIP
Příspěvky: 576
Registrován: 24 srp 2006 10:35
Bydliště: Kroměříž

Re: AVG našel Trojana

#10 Příspěvek od eda »

Rádo se stalo. :)
Obrázek
ObrázekObrázek
Jestli se Vám líbím, můžete mě kontaktovat na eda@forum.viry.cz :-)

Odpovědět