Prosim o pomoc - Win32:Malware-gen

[Cyber_George]

Zdravim vsechny,

pred chvili mi necekane zacal blaznit Avast. Ohlasil nalezeni Win32:Malware-gen a pak i rootkitu v C:\WINDOWS\System32\Drivers\Changer.sys, ktery chtel smazat (coz jsem potvrdil). Do toho se pridala chyba systemu:

BCCode : c2 BCP1 : 00000060 BCP2 : 00000000 BCP3 : 00000000
BCP4 : 00000000 OSVer : 5_1_2600 SP : 2_0 Product : 256_1

po ktere jsem musel notebook restartovat. Prosim o radu, dekuji moc.

Logfile of random's system information tool 1.06 (written by random/random)
Run by George de Paoli at 2010-07-23 16:55:30
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 39 GB (68%) free of 57 GB
Total RAM: 502 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:55, on 23.7.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\AddOn\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\T-Mobile Communication Centre\Centre.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\George de Paoli.GEORGE\Plocha\RSIT.exe
C:\Program Files\trend micro\George de Paoli.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PSUtility] C:\AddOn\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [T-Mobile Communication Centre] C:\Program Files\T-Mobile Communication Centre\Centre.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: siszyd32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6107 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-07-08 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-08 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-08 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-07 16010240]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-03 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-03 118784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-01-05 761946]
"PSUtility"=C:\AddOn\Fujitsu\PSUtility\TrayManager.exe [2006-03-09 118784]
"LoadFUJ02E3"=C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2005-06-08 69632]
"IndicatorUtility"=C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2005-08-09 81920]
"LoadFujitsuQuickTouch"=C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe [2005-07-21 353792]
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2005-07-21 61440]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-17 88365]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2005-05-18 188416]
"ATSwpNav"=C:\Program Files\Fingerprint Sensor\ATSwpNav -run []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-08 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile Communication Centre"=C:\Program Files\T-Mobile Communication Centre\Centre.exe [2006-09-06 687163]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\George de Paoli.GEORGE\Nabídka Start\Programy\Po spuštění
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
siszyd32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-03 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PSUTY]
C:\WINDOWS\system32\PSUWNP.dll [2006-03-09 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Apprentice\Appr.exe"="C:\Program Files\Apprentice\Appr.exe:*:Enabled:Appr"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\temp\~TMCB.tmp"="C:\WINDOWS\temp\~TMCB.tmp:*:Disabled:~TMCB"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-23 16:55:35 ----D---- C:\Program Files\trend micro
2010-07-23 16:44:05 ----D---- C:\WINDOWS\LastGood
2010-07-14 06:43:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$

======List of files/folders modified in the last 1 months======

2010-07-23 16:55:38 ----D---- C:\WINDOWS\Prefetch
2010-07-23 16:55:37 ----D---- C:\WINDOWS\system32\drivers
2010-07-23 16:55:35 ----RD---- C:\Program Files
2010-07-23 16:52:22 ----D---- C:\WINDOWS\temp
2010-07-23 16:47:30 ----D---- C:\Documents and Settings\George de Paoli.GEORGE\Data aplikací\OpenOffice.org2
2010-07-23 16:45:28 ----D---- C:\WINDOWS\system32\Lang
2010-07-23 16:44:05 ----D---- C:\WINDOWS
2010-07-23 16:43:03 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-23 16:40:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-23 16:33:41 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-07-22 05:28:46 ----D---- C:\Program Files\Mozilla Firefox
2010-07-14 06:44:04 ----HD---- C:\WINDOWS\inf
2010-07-14 06:43:51 ----D---- C:\WINDOWS\system32
2010-07-14 06:43:27 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-29 14:00:14 ----A---- C:\WINDOWS\WORDPAD.INI
2010-06-29 13:53:40 ----D---- C:\Program Files\ICQ6.5

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 39936]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-20 1158816]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-11-19 117874]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 CSRBC01;CSRBC01.Sys CSR test driver; C:\WINDOWS\System32\Drivers\CSRBC01.sys [2005-12-19 85307]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [2004-10-18 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 4864]
R3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX; C:\WINDOWS\system32\DRIVERS\gtwl5.sys [2005-01-28 266496]
R3 GTEDGWModem;Option NV GTEDGWModem; C:\WINDOWS\system32\DRIVERS\GTEDG.sys [2005-01-28 107904]
R3 GTEDGWWNIC;Option NV GTEDGWWNIC; C:\WINDOWS\system32\DRIVERS\GTEDGNet.sys [2005-01-28 52864]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-03 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 OptionWWSC;GT Combo EDGE SIM Card Reader; C:\WINDOWS\system32\DRIVERS\GTEDGSC.sys [2005-01-28 21888]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-01-05 191936]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-12-09 243712]
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-17 5504]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-08 152984]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

-----------------EOF-----------------

[1danab]

zdravím

stáhněte a uložte nejlépe na plochu ComboFix

spusťte aplikaci pod účtem s administrátorským oprávněním
po startu se zobrazí obrazovka s licenčními podmínkami, klikněte na tlačítko Ano:



může dojít k varování ohledně rezidentního štítu Vašeho antiviru a upozornění na nenainstalovanou konzoli pro zotavení; zatím jí neinstalujte

sken trvá cca 10 minut (může trvat i déle, podle množství souborů a rychlosti pc); během skenu nespouštějte žádné aplikace

během skenování může být Vaše pc restartováno, proto nepropadejte panice

upozornění: pokud používate antispyware s rezidentním štítem, deaktivujte jeho rezidentní štít, protože dochází při skenu a výmazu případného malware k nežádoucím kolizím Combofixu s rezidentem antispyware

po restartování vytvoří aplikace log, uložený na C:/Combofix.txt jeho obsah vložte sem

[Cyber_George]

ComboFix 10-07-22.06 - George de Paoli 23.07.2010 18:01:06.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.502.276 [GMT 2:00]
Spuštěný z: c:\documents and settings\George de Paoli.GEORGE\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 100723-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-23 do 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-23 14:55 . 2010-07-23 14:55 -------- d-----w- c:\program files\trend micro
2010-07-23 14:44 . 2010-07-23 16:13 -------- d-----w- c:\windows\LastGood
2010-07-23 14:35 . 2010-07-23 16:13 565280 ----a-w- c:\windows\system32\drivers\Changer.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 16:16 . 2010-07-23 14:35 565280 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-07-23 14:35 . 2010-07-23 14:35 0 ----a-w- c:\windows\system32\drivers\SETA6.tmp
2010-07-23 14:33 . 2006-02-14 11:37 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2010-06-29 11:53 . 2009-07-14 20:07 -------- d-----w- c:\program files\ICQ6.5
2010-06-14 14:30 . 2006-02-14 11:52 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-02 08:27 . 2006-02-14 11:37 1850880 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile Communication Centre"="c:\program files\T-Mobile Communication Centre\Centre.exe" [2006-09-06 687163]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-07 16010240]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 761946]
"PSUtility"="c:\addon\Fujitsu\PSUtility\TrayManager.exe" [2006-03-09 118784]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-06-08 69632]
"IndicatorUtility"="c:\addon\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-08-09 81920]
"LoadFujitsuQuickTouch"="c:\addon\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 353792]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 88365]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-05-18 188416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-08 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\George de Paoli.GEORGE\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-6-27 393216]
siszyd32.exe [2004-8-18 34304]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSUTY]
2006-03-09 14:58 32768 ----a-w- c:\windows\system32\PSUWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Apprentice\\Appr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.10.2008 11:30 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.10.2008 11:30 20560]
R3 CSRBC01;CSRBC01.Sys CSR test driver;c:\windows\system32\drivers\csrbc01.sys [24.8.2006 15:36 85307]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [24.8.2006 15:36 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [24.8.2006 15:36 4864]
R3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX;c:\windows\system32\drivers\gtwl5.SYS [28.1.2005 19:31 266496]
R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\drivers\GTEDG.sys [28.1.2005 19:30 107904]
R3 GTEDGWWNIC;Option NV GTEDGWWNIC;c:\windows\system32\drivers\GTEDGNet.sys [28.1.2005 19:30 52864]
R3 OptionWWSC;GT Combo EDGE SIM Card Reader;c:\windows\system32\drivers\GTEDGSC.sys [28.1.2005 19:30 21888]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - Changer
.
Obsah adresáře 'Naplánované úlohy'

2010-07-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mLocal Page =
FF - ProfilePath - c:\documents and settings\George de Paoli.GEORGE\Data aplikací\Mozilla\Firefox\Profiles\6ffuu75o.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 18:12
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3142915322-4000231922-4088024260-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8B453850-A38E-BB38-FC71-626D68BA4D65}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1368)
c:\windows\system32\PSUWNP.dll
c:\program files\Option\Odyssey\odLogin.dll
.
Celkový čas: 2010-07-23 18:20:21
ComboFix-quarantined-files.txt 2010-07-23 16:20
ComboFix2.txt 2009-12-02 19:55
ComboFix3.txt 2009-12-02 18:41
ComboFix4.txt 2009-07-08 12:42

Před spuštěním: Volných bajtů: 40 513 966 080
Po spuštění: Volných bajtů: 40 729 530 368

- - End Of File - - 1E623FCD4D58419BD96C0710BD557028

[1danab]

c:\windows\system32\drivers\Changer.sys otestujte na VIRUSTOTALu

jednoduchý návod: po načtení stránky, kliknout na Procházet, najít cestu k výše zmíněnému souboru a kliknout na tlačítko Odeslat soubor; pokud vyskočí hláška, že soubor byl už testován, ignorujte to a proveďte sken znova; po ukončení skenu sem vložte výsledky buď zkopírováním textu nebo vložením odkazu

[Cyber_George]

Me to porad pise toto: 0 bytes size received / Se ha recibido un archivo vacio

[1danab]

uploadněte c:\windows\system32\drivers\Changer.sys sem http://www.james008.net/havet/

během zítřka provedu analýzu

[1danab]

tak ten soubor má opravdu nulovou hodnotu, proto nemůže být škodlivý

stáhněte si SP3 a až to budete mít udělejte následující:

stáhněte si OTL z tohoto odkazu http://oldtimer.geekstogo.com/OTL.exe


stažený soubor spusťte jako správce

v otevřeném okně stiskněte tlačítko Prohledat, čímž spustíte sken; vyčkejte prosím dokončení skenu (cca 5 minut); poté se vám otevře okno Poznámkového bloku s logem, jehož obsah sem zkopírujte

[Cyber_George]

Ten soubor mozna ma nulovou hodnotu, nicmene mi neumozni SP3 nainstalovat...
Pozaduje to ukonceni aplikace ktera ho vyuziva....

[1danab]

dobře, tak tedy nejdřív stáhněte OTL a vložte mi sem výsledný log
návod a link jsem vám psala o řádek výš

[Cyber_George]

OTL logfile created on: 25.7.2010 20:17:02 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Stažené soubory
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

502,00 Mb Total Physical Memory | 184,00 Mb Available Physical Memory | 37,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,88 Gb Total Space | 37,60 Gb Free Space | 67,29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEORGE
Current User Name: George de Paoli
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.07.25 20:16:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Stažené soubory\OTL.exe
PRC - [2010.07.25 05:49:03 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.07.25 05:49:02 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.07.08 19:44:02 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008.09.10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008.07.23 16:25:45 | 000,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008.07.19 16:38:34 | 000,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008.07.19 16:38:28 | 000,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008.07.19 16:38:04 | 000,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008.07.19 16:25:06 | 000,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.09.06 19:04:12 | 000,687,163 | ---- | M] (Gemfor s.r.o., Czech Republic) -- C:\Program Files\T-Mobile Communication Centre\Centre.exe
PRC - [2006.06.28 22:58:24 | 002,478,080 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2006.06.28 22:58:24 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006.03.09 10:39:34 | 000,118,784 | ---- | M] (FUJITSU LIMITED) -- C:\Addon\Fujitsu\PSUtility\TrayManager.exe
PRC - [2005.11.04 01:35:18 | 001,052,672 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
PRC - [2005.08.09 10:53:06 | 000,081,920 | ---- | M] (FUJITSU LIMITED) -- C:\Addon\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2005.07.21 14:21:58 | 000,353,792 | ---- | M] (FUJITSU LIMITED) -- C:\Addon\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2005.07.21 14:20:46 | 000,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2005.06.08 09:20:32 | 000,069,632 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2005.05.18 14:57:36 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (SafeList) ==========

MOD - [2010.07.25 20:16:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Stažené soubory\OTL.exe
MOD - [2006.08.25 17:51:20 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004.08.18 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2008.09.10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008.07.23 16:25:45 | 000,348,344 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008.07.19 16:38:28 | 000,147,640 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008.07.19 16:38:04 | 000,250,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008.07.19 16:25:06 | 000,016,056 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\GEORGE~1.GEO\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2008.07.19 16:37:42 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008.07.19 16:37:21 | 000,094,416 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008.07.19 16:35:18 | 000,078,416 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008.07.19 16:33:42 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008.07.19 16:32:36 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008.07.19 16:32:15 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006.03.08 04:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.01.20 15:56:40 | 001,158,816 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.01.05 08:40:42 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005.12.19 15:12:16 | 000,085,307 | ---- | M] (CSR) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\csrbc01.sys -- (CSRBC01)
DRV - [2005.12.09 07:48:00 | 000,243,712 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005.12.04 23:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005.11.19 13:18:10 | 000,117,874 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005.07.21 14:20:46 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)
DRV - [2005.01.28 19:31:08 | 000,266,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtwl5.SYS -- (GT43XX)
DRV - [2005.01.28 19:30:56 | 000,021,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GTEDGSC.sys -- (OptionWWSC)
DRV - [2005.01.28 19:30:42 | 000,052,864 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GTEDGNet.sys -- (GTEDGWWNIC)
DRV - [2005.01.28 19:30:34 | 000,107,904 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GTEDG.sys -- (GTEDGWModem)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.10.18 23:08:00 | 000,005,632 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1)
DRV - [2004.08.04 00:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2004.08.04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004.08.04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004.01.17 12:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2001.10.24 12:54:40 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.10.24 12:04:44 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001.08.17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.01 20:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 05:49:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 05:49:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.09 09:25:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010.05.26 14:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George de Paoli.GEORGE\Data aplikací\Mozilla\Extensions
[2010.04.09 09:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George de Paoli.GEORGE\Data aplikací\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2006.09.07 17:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George de Paoli.GEORGE\Data aplikací\Mozilla\Firefox\Profiles\6ffuu75o.default\extensions
[2010.07.22 21:55:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Data aplikací\Mozilla\Firefox\Profiles\6ffuu75o.default\searchplugins\icqplugin-1.xml
[2010.05.27 06:08:45 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Data aplikací\Mozilla\Firefox\Profiles\6ffuu75o.default\searchplugins\icqplugin-2.xml
[2010.05.28 05:21:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Data aplikací\Mozilla\Firefox\Profiles\6ffuu75o.default\searchplugins\icqplugin-3.xml
[2010.07.22 05:29:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Data aplikací\Mozilla\Firefox\Profiles\6ffuu75o.default\searchplugins\icqplugin-4.xml
[2010.07.25 05:50:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Data aplikací\Mozilla\Firefox\Profiles\6ffuu75o.default\searchplugins\icqplugin-5.xml
[2009.07.14 22:09:41 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Data aplikací\Mozilla\Firefox\Profiles\6ffuu75o.default\searchplugins\icqplugin.gif
[2009.07.14 22:09:42 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Data aplikací\Mozilla\Firefox\Profiles\6ffuu75o.default\searchplugins\icqplugin.src
[2010.05.18 08:05:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Data aplikací\Mozilla\Firefox\Profiles\6ffuu75o.default\searchplugins\icqplugin.xml
[2010.07.25 19:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.14 22:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.07.23 12:27:11 | 002,889,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2010.07.21 05:24:32 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.07.21 05:24:32 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.07.21 05:24:32 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.07.21 05:24:32 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.07.21 05:24:32 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.12.02 21:43:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [IndicatorUtility] C:\Addon\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Addon\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [PSUtility] C:\Addon\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKCU..\Run: [T-Mobile Communication Centre] C:\Program Files\T-Mobile Communication Centre\Centre.exe (Gemfor s.r.o., Czech Republic)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\George de Paoli.GEORGE\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PSUTY: DllName - PSUWNP.dll - C:\WINDOWS\System32\PSUWNP.dll (FUJITSU LIMITED)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\George de Paoli.GEORGE\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\George de Paoli.GEORGE\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.02.14 13:55:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.07.25 18:52:41 | 322,523,176 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\George de Paoli.GEORGE\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
[2010.07.25 05:46:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.07.23 19:16:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.07.23 17:57:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.07.23 17:57:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.07.23 17:57:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.07.23 17:57:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.07.23 16:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.07.22 09:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\DIGITALNIK
[2010.07.21 14:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Stažené soubory
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.07.25 20:22:36 | 000,565,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\Changer.sys
[2010.07.25 19:21:36 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\ntuser.dat
[2010.07.25 18:57:00 | 322,523,176 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\George de Paoli.GEORGE\Plocha\WindowsXP-KB936929-SP3-x86-CSY.exe
[2010.07.25 18:40:33 | 000,165,929 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Licence doplnek.rtf
[2010.07.25 15:25:15 | 000,016,285 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Digitalnik doporucuje.rtf
[2010.07.25 05:44:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010.07.25 05:44:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.25 05:44:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.25 05:44:14 | 526,372,864 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.25 05:42:36 | 001,930,896 | -H-- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Local Settings\Data aplikací\IconCache.db
[2010.07.24 20:50:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\ntuser.ini
[2010.07.24 11:27:12 | 000,023,605 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Digitalnik.cz - clanky k 24. 7..rtf
[2010.07.24 11:02:58 | 000,007,813 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Digitalnik poznamky.rtf
[2010.07.23 18:12:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.23 17:56:47 | 003,742,303 | R--- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Plocha\ComboFix.exe
[2010.07.23 16:33:32 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asyncmac.sys
[2010.07.22 10:32:34 | 000,002,454 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Digitalnik.cz - honorare.rtf
[2010.07.21 20:06:55 | 000,032,296 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\odhadni.cz II.rtf
[2010.07.18 19:44:45 | 000,311,035 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\tv v iphonu.zip
[2010.07.17 16:43:53 | 000,004,432 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Digitalnik.cz cervenec.rtf
[2010.07.16 21:22:27 | 000,021,610 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\herni legendy.rtf
[2010.07.13 18:59:07 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Fe03.xls
[2010.07.13 18:50:02 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\červen 2010.xls
[2010.07.13 18:47:28 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\květen 2010.xls
[2010.07.13 11:28:20 | 000,035,205 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\11th Edition.rtf
[2010.07.05 14:12:44 | 000,419,078 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\mandatni-smlouva.pdf
[2010.07.05 12:25:08 | 000,008,403 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\zaloba.rtf
[2010.07.02 17:32:45 | 000,001,339 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Digitalnik cervenec II.rtf
[2010.07.01 14:49:34 | 000,023,220 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Digitalnik.cz - report.rtf
[2010.06.30 20:17:00 | 000,004,746 | ---- | M] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Digitalnik.cz - clanky.rtf
[2010.06.29 14:00:14 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.07.25 10:09:52 | 000,016,285 | ---- | C] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Digitalnik doporucuje.rtf
[2010.07.25 05:44:14 | 526,372,864 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.24 11:02:41 | 000,023,605 | ---- | C] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Digitalnik.cz - clanky k 24. 7..rtf
[2010.07.23 17:57:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.23 17:57:35 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.23 17:57:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.23 17:57:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.23 17:57:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.07.23 16:35:32 | 000,565,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\Changer.sys
[2010.07.18 19:44:42 | 000,311,035 | ---- | C] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\tv v iphonu.zip
[2010.07.15 12:51:19 | 000,002,454 | ---- | C] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Digitalnik.cz - honorare.rtf
[2010.07.13 18:59:05 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Fe03.xls
[2010.07.13 18:50:02 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\červen 2010.xls
[2010.07.13 18:47:27 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\květen 2010.xls
[2010.07.11 15:17:53 | 000,035,205 | ---- | C] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\11th Edition.rtf
[2010.07.05 14:12:40 | 000,419,078 | ---- | C] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\mandatni-smlouva.pdf
[2010.07.05 11:01:02 | 000,008,403 | ---- | C] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\zaloba.rtf
[2010.07.05 08:39:44 | 000,021,610 | ---- | C] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\herni legendy.rtf
[2010.07.01 13:50:12 | 000,023,220 | ---- | C] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Digitalnik.cz - report.rtf
[2010.06.29 12:21:28 | 000,001,339 | ---- | C] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Digitalnik cervenec II.rtf
[2010.06.27 16:20:18 | 000,032,296 | ---- | C] () -- C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\odhadni.cz II.rtf
[2007.09.10 17:42:17 | 000,000,836 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.09.10 17:39:33 | 000,003,855 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006.09.13 22:32:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006.08.24 15:36:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.02.14 13:38:18 | 000,000,976 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >

[1danab]

spusťte OTL, klikněte na tlačítko Nic a do prázdného spodního pole vložte tento skript:

Kód: Vybrat vše

/md5start
Changer.sys
/md5stop

poté klikněte na tlačítko Prohledat
log opět vložte sem

[Cyber_George]

OTL logfile created on: 25.7.2010 20:51:59 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\George de Paoli.GEORGE\Dokumenty\Stažené soubory
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

502,00 Mb Total Physical Memory | 123,00 Mb Available Physical Memory | 25,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 50,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,88 Gb Total Space | 37,60 Gb Free Space | 67,29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEORGE
Current User Name: George de Paoli
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========



< MD5 for: CHANGER.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\changer.sys
[2010.07.25 20:54:05 | 000,565,280 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Changer.sys
< End of report >

[1danab]

tak, teď znovu spusťte OTL, do prázdného spodního pole zkopírujte toto:

Kód: Vybrat vše

:Files
C:\WINDOWS\I386\sp2.cab:Changer.sys /E

a poté klikněte na tlačítko Opravit
znovu sem vložte log

[Cyber_George]

========== FILES ==========
Changer.sys extracted to C:\

OTL by OldTimer - Version 3.2.9.1 log created on 07252010_213144

[1danab]

tak znovu spustíte OTL, do prázdného pole zkopírujete toto:

Kód: Vybrat vše

:Files
C:\WINDOWS\system32\drivers\Changer.sys|C:\Changer.sys /replace

a kliknete na tlačítko Opravit