Problem so security tool

[jozibaci]

Zdravim,sestra je z toho zufala....skusime sa na to pozriet?

Prikladam log z RSIT....

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-09-06 21:00:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 212 GB (89%) free of 238 GB
Total RAM: 2937 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:00:26, on 6. 9. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Toshiba\3GUty\tw3gsvc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Documents and Settings\Juraj Porubčanský\Plocha\riesenie so security tool\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TOSHIBA_3G_UTY] C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3820294173-2854779616-2356886999-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Juraj Porubčanský')
O4 - HKUS\S-1-5-21-3820294173-2854779616-2356886999-1005\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized (User 'Juraj Porubčanský')
O4 - HKUS\S-1-5-21-3820294173-2854779616-2356886999-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Juraj Porubčanský')
O4 - HKUS\S-1-5-21-3820294173-2854779616-2356886999-1005\..\Run: [mscjm.exe] C:\Documents and Settings\Juraj Porubčanský\Data aplikací\MSA\mscjm.exe (User 'Juraj Porubčanský')
O4 - HKUS\S-1-5-21-3820294173-2854779616-2356886999-1005\..\Run: [mscj.exe] C:\Documents and Settings\Juraj Porubčanský\Data aplikací\MSA\mscj.exe (User 'Juraj Porubčanský')
O4 - HKUS\S-1-5-21-3820294173-2854779616-2356886999-1005\..\RunOnce: [51917] "C:\Documents and Settings\Juraj Porubčanský\Local Settings\Data aplikací\51917.exe" 3 30 (User 'Juraj Porubčanský')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: TosBtNP - TosBtNP.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Konfigurační služba Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: 3G RF Power Control Utility (TW3GSVC) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\3GUty\tw3gsvc.exe

--
End of file - 8462 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-07-22 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-07 16860672]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"00THotkey"=C:\WINDOWS\system32\00THotkey.exe [2006-08-11 253952]
"TAudEffect"=C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe [2006-08-09 344144]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"SmoothView"=C:\Program Files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe [2007-05-11 143360]
"TPSODDCtl"=C:\WINDOWS\system32\TPSODDCtl.exe [2007-12-12 118784]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2007-12-12 299008]
"TMERzCtl.EXE"=C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE [2008-05-19 86016]
"TMESRV.EXE"=C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [2006-01-27 118784]
"TOSDCR"=C:\WINDOWS\system32\TOSDCR.EXE [2005-12-12 57344]
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2007-10-05 172032]
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2007-04-26 495616]
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-06-04 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-06-04 170520]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-06-04 141848]
"ThpSrv"=C:\WINDOWS\system32\thpsrv /logon []
"TOSHIBA_3G_UTY"=C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe [2008-07-17 1581056]
"DpUtil"=C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe [2005-08-08 155648]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"TPCHWMsg"=C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [2008-05-27 451944]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-16 2065760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-12 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"TPCHSrv"=2
"Tmesrv"=2
"NMIndexingService"=3
"idsvc"=3
"IDriverT"=3
"gupdate1c98f7879fc2eec"=2
"avg9wd"=2
"avg9emc"=2
"Authentec memory manager"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ATFUS]
C:\WINDOWS\system32\FpWinLogonNp.dll [2008-03-25 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-16 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-05-21 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TosBtNP]
C:\WINDOWS\system32\TosBtNP.dll [2006-07-21 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-09-06 21:00:11 ----D---- C:\Program Files\trend micro
2010-09-06 20:59:33 ----D---- C:\rsit
2010-08-27 17:46:20 ----D---- C:\WINDOWS\pss
2010-08-12 12:24:18 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-12 12:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-12 12:23:04 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-12 12:22:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-12 12:21:19 ----SHD---- C:\Config.Msi
2010-08-12 12:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-12 12:19:56 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-12 12:18:07 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-12 12:18:00 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$

======List of files/folders modified in the last 1 months======

2010-09-06 21:00:14 ----D---- C:\WINDOWS\Prefetch
2010-09-06 21:00:12 ----D---- C:\WINDOWS\Temp
2010-09-06 21:00:11 ----RD---- C:\Program Files
2010-09-06 20:43:18 ----AD---- C:\WINDOWS\system32
2010-09-06 20:43:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-06 20:41:42 ----SD---- C:\WINDOWS\Tasks
2010-09-06 20:40:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-06 20:37:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-06 18:56:03 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-03 12:05:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-27 17:54:22 ----RASH---- C:\boot.ini
2010-08-27 17:54:22 ----A---- C:\WINDOWS\win.ini
2010-08-27 17:54:22 ----A---- C:\WINDOWS\system.ini
2010-08-27 17:51:51 ----D---- C:\Program Files\DivX
2010-08-27 17:46:20 ----D---- C:\WINDOWS
2010-08-27 17:19:40 ----HD---- C:\WINDOWS\inf
2010-08-27 14:35:26 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-08-18 20:27:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-08-13 10:46:16 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-13 10:46:13 ----RSD---- C:\WINDOWS\assembly
2010-08-12 18:17:24 ----D---- C:\Program Files\Internet Explorer
2010-08-12 12:24:23 ----D---- C:\WINDOWS\system32\drivers
2010-08-12 12:24:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-12 12:24:14 ----A---- C:\WINDOWS\imsins.BAK
2010-08-12 12:24:07 ----SHD---- C:\WINDOWS\Installer
2010-08-12 12:22:16 ----D---- C:\WINDOWS\WinSxS
2010-08-12 12:18:09 ----D---- C:\Program Files\Movie Maker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AlfaFF;AlfaFF mini-filter driver; C:\WINDOWS\system32\Drivers\AlfaFF.sys [2008-03-01 42608]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-04-15 312344]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-11-14 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-01-24 685816]
R0 Thpdrv;TOSHIBA HDD Protection Driver; C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2008-01-11 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver; C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2007-09-04 6528]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\WINDOWS\system32\DRIVERS\tos_sps32.sys [2008-06-04 279376]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\WINDOWS\system32\DRIVERS\TVALZ.SYS [2007-02-15 16768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-16 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-03 29584]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-16 243024]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 TMEI3E;TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.SYS [2004-06-16 5888]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver; C:\WINDOWS\system32\DRIVERS\trudf.sys [2007-02-19 134016]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\WINDOWS\system32\DRIVERS\TVALZFL.sys [2008-04-30 4992]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-04-08 1309504]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2008-04-25 146688]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-03-27 244368]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-05-21 6018464]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-07-24 41216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-09 4703744]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 Sony_EricssonWWSC;Toshiba F3507g Mobile Broadband USIM Port; C:\WINDOWS\system32\DRIVERS\toshscard.sys [2008-07-02 24232]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2007-02-22 16128]
R3 TEchoCan;Toshiba Audio Effect; C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2007-02-21 435072]
R3 toshbus;Toshiba F3507g Mobile Broadband Device driver (WDM); C:\WINDOWS\system32\DRIVERS\toshbus.sys [2008-07-08 300544]
R3 toshcard;Toshiba F3507g Mobile Broadband Device Management; C:\WINDOWS\system32\DRIVERS\toshcard.sys [2008-07-08 376960]
R3 toshgps;Toshiba F3507g Mobile Broadband GPS Port; C:\WINDOWS\system32\DRIVERS\toshgps.sys [2008-07-23 72232]
R3 toshmdfl;Toshiba F3507g Mobile Broadband Modem Filter; C:\WINDOWS\system32\DRIVERS\toshmdfl.sys [2008-07-08 14976]
R3 toshmdfl2;Toshiba F3507g Mobile Broadband Data Modem Filter; C:\WINDOWS\system32\DRIVERS\toshmdfl2.sys [2008-07-08 14976]
R3 toshmdm;Toshiba F3507g Mobile Broadband Modem Driver; C:\WINDOWS\system32\DRIVERS\toshmdm.sys [2008-07-08 385536]
R3 toshmdm2;Toshiba F3507g Mobile Broadband Data Modem Driver; C:\WINDOWS\system32\DRIVERS\toshmdm2.sys [2008-07-08 430080]
R3 toshunic;Toshiba F3507g Mobile Broadband Network Adapter (WDM); C:\WINDOWS\system32\DRIVERS\toshunic.sys [2008-07-08 402816]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-04-23 131712]
R3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
R3 tosrfec;Bluetooth ACPI; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112]
R3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Chicony USB 2.0 Camera; C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 UVCFTR;UVCFTR; C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
S3 a9tnuhyf;a9tnuhyf; C:\WINDOWS\system32\drivers\a9tnuhyf.sys []
S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-12-24 68696]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 toshnd5;Toshiba F3507g Mobile Broadband Network Adapter (NDIS); C:\WINDOWS\system32\DRIVERS\toshnd5.sys [2008-07-08 25856]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Konfigurační služba Atheros; C:\WINDOWS\system32\acs.exe [2008-04-14 467028]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 Thpsrv;Ochrana HDD TOSHIBA; C:\WINDOWS\system32\ThpSrv.exe [2008-05-05 552312]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-06-04 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2007-11-21 129632]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-04-11 124264]
R2 TW3GSVC;3G RF Power Control Utility; C:\Program Files\Toshiba\3GUty\tw3gsvc.exe [2008-07-17 110592]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FingerprintServer;Fingerprint Server; C:\WINDOWS\system32\FpLogonServ.exe [2007-11-02 106496]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Authentec memory manager;Authentec memory manager service; C:\WINDOWS\system32\TAMSvr.exe []
S4 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-22 921952]
S4 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S4 gupdate1c98f7879fc2eec;Služba Google Update (gupdate1c98f7879fc2eec); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S4 Tmesrv;Tmesrv3; C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe [2006-01-27 118784]
S4 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2008-05-27 628072]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[jozibaci]

ospravedlnujem sa za zdrzanie.......tu je log-

ComboFix 10-09-06.02 - Juraj Porubčanský . 09. 2010 21:37:10.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2937.2422 [GMT 2:00]
Spuštěný z: c:\documents and settings\Juraj PorubŔanskř\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Juraj Porubčanský\Data aplikací\MSA
c:\documents and settings\Juraj Porubčanský\Data aplikací\MSA\download.list
c:\documents and settings\Juraj Porubčanský\Data aplikací\MSA\mscj.exe
c:\documents and settings\Juraj Porubčanský\Data aplikací\MSA\mscjm.exe
c:\documents and settings\Juraj Porubčanský\Data aplikací\MSA\w2_0.exe
c:\documents and settings\Juraj Porubčanský\Nabídka Start\Programy\Security Tool.lnk
c:\windows\system32\lowsec

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-06 do 2010-09-06 )))))))))))))))))))))))))))))))
.

2010-09-06 19:00 . 2010-09-06 19:00 -------- d-----w- c:\program files\trend micro
2010-09-06 19:00 . 2010-09-06 19:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-06 18:59 . 2010-09-06 19:00 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 19:33 . 2008-08-25 11:09 78250 ----a-w- c:\windows\system32\perfc005.dat
2010-09-06 19:33 . 2008-08-25 11:09 429262 ----a-w- c:\windows\system32\perfh005.dat
2010-08-27 15:51 . 2010-01-07 16:53 -------- d-----w- c:\program files\DivX
2010-07-31 20:24 . 2008-08-25 11:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-22 08:42 . 2010-07-22 08:42 -------- d-----w- c:\program files\Common Files\Skype
2010-07-16 15:03 . 2009-03-01 11:54 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 15:03 . 2010-07-16 15:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 15:03 . 2009-03-01 11:54 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:33 . 2008-08-25 11:09 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2008-08-25 11:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-08-25 11:09 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-08-25 11:09 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-08-25 11:09 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-08-25 11:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2008-08-25 11:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-02-26 07:48 . 2010-02-26 07:48 8652600 -c--a-w- c:\program files\Firefox Setup 3.6.exe
2010-01-17 10:14 . 2010-01-17 10:14 2020136 -c--a-w- c:\program files\SkypeSetup.exe
2010-01-07 16:52 . 2010-01-07 16:51 23801112 ----a-w- c:\program files\DivXInstaller.exe
2010-01-01 13:23 . 2010-01-01 13:18 79383048 -c--a-w- c:\program files\avg_free_stf_en_90_716a1803.exe
2009-07-24 09:16 . 2009-07-24 09:16 5159424 -c--a-w- c:\program files\WindowsDefender.msi
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 09:40 118784 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"kbdcryptd9"="c:\documents and settings\Juraj Porubčanský\Local Settings\Data aplikací\kbdcryptd9\kbdcryptd9.dll" [2010-01-07 77824]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"51917"="c:\documents and settings\Juraj Porubčanský\Local Settings\Data aplikací\51917.exe" [2010-09-01 1148928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-08-11 253952]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-09 344144]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SmoothView"="c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"TPSODDCtl"="TPSODDCtl.exe" [2007-12-12 118784]
"TPSMain"="TPSMain.exe" [2007-12-12 299008]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2008-05-19 86016]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2006-01-27 118784]
"TOSDCR"="TOSDCR.EXE" [2005-12-12 57344]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2007-10-05 172032]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 141848]
"TOSHIBA_3G_UTY"="c:\program files\Toshiba\3GUty\TW3GCTRL.exe" [2008-07-17 1581056]
"DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-08-08 155648]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2008-05-27 451944]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"fiuropuefwpmnqguhujvTaskMgr"= 0 (0x0)
"xkopzwvpzmnnhrsprkanTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-03-25 19:06 176128 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 15:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]
2006-07-21 17:54 65536 ----a-w- c:\windows\system32\TosBtNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TPCHSrv"=2 (0x2)
"Tmesrv"=2 (0x2)
"NMIndexingService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdate1c98f7879fc2eec"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"Authentec memory manager"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [25. 8. 2008 14:03 42608]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [11. 1. 2008 23:58 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [4. 9. 2007 11:14 6528]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1. 3. 2009 13:54 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1. 3. 2009 13:54 243024]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [25. 8. 2008 13:55 5888]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26. 3. 2007 12:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19. 2. 2007 12:15 134016]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30. 4. 2008 21:09 4992]
R2 TW3GSVC;3G RF Power Control Utility;c:\program files\Toshiba\3GUty\tw3gsvc.exe [24. 1. 2009 5:13 110592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3. 11. 2006 19:19 13592]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [25. 8. 2008 13:10 244368]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [25. 8. 2008 13:28 41216]
R3 Sony_EricssonWWSC;Toshiba F3507g Mobile Broadband USIM Port;c:\windows\system32\drivers\toshscard.sys [25. 8. 2008 14:29 24232]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [25. 8. 2008 13:44 435072]
R3 toshbus;Toshiba F3507g Mobile Broadband Device driver (WDM);c:\windows\system32\drivers\toshbus.sys [25. 8. 2008 14:29 300544]
R3 toshcard;Toshiba F3507g Mobile Broadband Device Management;c:\windows\system32\drivers\toshcard.sys [25. 8. 2008 14:29 376960]
R3 toshgps;Toshiba F3507g Mobile Broadband GPS Port;c:\windows\system32\drivers\toshgps.sys [25. 8. 2008 14:29 72232]
R3 toshmdfl;Toshiba F3507g Mobile Broadband Modem Filter;c:\windows\system32\drivers\toshmdfl.sys [25. 8. 2008 14:29 14976]
R3 toshmdfl2;Toshiba F3507g Mobile Broadband Data Modem Filter;c:\windows\system32\drivers\toshmdfl2.sys [25. 8. 2008 14:29 14976]
R3 toshmdm;Toshiba F3507g Mobile Broadband Modem Driver;c:\windows\system32\drivers\toshmdm.sys [25. 8. 2008 14:29 385536]
R3 toshmdm2;Toshiba F3507g Mobile Broadband Data Modem Driver;c:\windows\system32\drivers\toshmdm2.sys [25. 8. 2008 14:29 430080]
R3 toshunic;Toshiba F3507g Mobile Broadband Network Adapter (WDM);c:\windows\system32\drivers\toshunic.sys [25. 8. 2008 14:29 402816]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [25. 8. 2008 14:03 106496]
S3 toshnd5;Toshiba F3507g Mobile Broadband Network Adapter (NDIS);c:\windows\system32\drivers\toshnd5.sys [25. 8. 2008 14:29 25856]
S4 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe --> c:\windows\system32\TAMSvr.exe [?]
S4 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [16. 7. 2010 17:03 921952]
S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16. 7. 2010 17:03 308136]
S4 gupdate1c98f7879fc2eec;Služba Google Update (gupdate1c98f7879fc2eec);c:\program files\Google\Update\GoogleUpdate.exe [15. 2. 2009 16:19 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24. 1. 2009 0:30 685816]
S4 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [25. 8. 2008 13:55 118784]
S4 TPCHSrv;TPCH Service;c:\program files\Toshiba\TPHM\TPCHSrv.exe [27. 5. 2008 13:12 628072]
.
Obsah adresáře 'Naplánované úlohy'

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 14:19]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 14:19]

2010-09-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Juraj Porubčanský\Data aplikací\Mozilla\Firefox\Profiles\k5xtytqc.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-mscjm.exe - c:\documents and settings\Juraj Porubčanský\Data aplikací\MSA\mscjm.exe
HKCU-Run-mscj.exe - c:\documents and settings\Juraj Porubčanský\Data aplikací\MSA\mscj.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1476)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\TrueSuite Access Manager\FpSuites.dll
c:\program files\TrueSuite Access Manager\SharedResources.dll
c:\program files\TrueSuite Access Manager\FPResource.dll
c:\windows\system32\authTpm.dll
.
Celkový čas: 2010-09-06 21:44:57
ComboFix-quarantined-files.txt 2010-09-06 19:44

Před spuštěním: Volných bajtů: 222 089 175 040
Po spuštění: Volných bajtů: 224 547 131 392

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /forceresetreg

- - End Of File - - 6ED0BE1B93C2D77C588B73B9034D92D5

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"fiuropuefwpmnqguhujvTaskMgr"=-
"xkopzwvpzmnnhrsprkanTaskMgr"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[jozibaci]

vykonane......security tool je stale aktivny,predpokladam,ze sme este neskoncili...prikladam log

ComboFix 10-09-06.02 - Administrator . 09. 2010 22:37:15.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2937.2353 [GMT 2:00]
Spuštěný z: c:\documents and settings\Juraj Porubčanský\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Juraj Porubčanský\Nabídka Start\Programy\Security Tool.lnk

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-06 do 2010-09-06 )))))))))))))))))))))))))))))))
.

2010-09-06 19:00 . 2010-09-06 19:00 -------- d-----w- c:\program files\trend micro
2010-09-06 19:00 . 2010-09-06 19:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-06 18:59 . 2010-09-06 19:00 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 20:34 . 2008-08-25 11:09 78250 ----a-w- c:\windows\system32\perfc005.dat
2010-09-06 20:34 . 2008-08-25 11:09 429262 ----a-w- c:\windows\system32\perfh005.dat
2010-08-27 15:51 . 2010-01-07 16:53 -------- d-----w- c:\program files\DivX
2010-07-31 20:24 . 2008-08-25 11:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-22 08:42 . 2010-07-22 08:42 -------- d-----w- c:\program files\Common Files\Skype
2010-07-16 15:03 . 2009-03-01 11:54 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 15:03 . 2010-07-16 15:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 15:03 . 2009-03-01 11:54 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:33 . 2008-08-25 11:09 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2008-08-25 11:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-08-25 11:09 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-08-25 11:09 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-08-25 11:09 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-08-25 11:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2008-08-25 11:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-02-26 07:48 . 2010-02-26 07:48 8652600 -c--a-w- c:\program files\Firefox Setup 3.6.exe
2010-01-17 10:14 . 2010-01-17 10:14 2020136 -c--a-w- c:\program files\SkypeSetup.exe
2010-01-07 16:52 . 2010-01-07 16:51 23801112 ----a-w- c:\program files\DivXInstaller.exe
2010-01-01 13:23 . 2010-01-01 13:18 79383048 -c--a-w- c:\program files\avg_free_stf_en_90_716a1803.exe
2009-07-24 09:16 . 2009-07-24 09:16 5159424 -c--a-w- c:\program files\WindowsDefender.msi
.

((((((((((((((((((((((((((((( SnapShot@2010-09-06_19.42.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-25 11:09 . 2010-09-06 19:33 67646 c:\windows\system32\perfc009.dat
+ 2008-08-25 11:09 . 2010-09-06 20:34 67646 c:\windows\system32\perfc009.dat
+ 2008-08-25 11:09 . 2010-09-06 20:34 432690 c:\windows\system32\perfh009.dat
- 2008-08-25 11:09 . 2010-09-06 19:33 432690 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 09:40 118784 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-08-11 253952]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-09 344144]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SmoothView"="c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"TPSODDCtl"="TPSODDCtl.exe" [2007-12-12 118784]
"TPSMain"="TPSMain.exe" [2007-12-12 299008]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2008-05-19 86016]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2006-01-27 118784]
"TOSDCR"="TOSDCR.EXE" [2005-12-12 57344]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2007-10-05 172032]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 141848]
"TOSHIBA_3G_UTY"="c:\program files\Toshiba\3GUty\TW3GCTRL.exe" [2008-07-17 1581056]
"DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-08-08 155648]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2008-05-27 451944]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-03-25 19:06 176128 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 15:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]
2006-07-21 17:54 65536 ----a-w- c:\windows\system32\TosBtNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TPCHSrv"=2 (0x2)
"Tmesrv"=2 (0x2)
"NMIndexingService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdate1c98f7879fc2eec"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"Authentec memory manager"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [25. 8. 2008 14:03 42608]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [11. 1. 2008 23:58 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [4. 9. 2007 11:14 6528]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1. 3. 2009 13:54 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1. 3. 2009 13:54 243024]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [25. 8. 2008 13:55 5888]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26. 3. 2007 12:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19. 2. 2007 12:15 134016]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30. 4. 2008 21:09 4992]
R2 TW3GSVC;3G RF Power Control Utility;c:\program files\Toshiba\3GUty\tw3gsvc.exe [24. 1. 2009 5:13 110592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3. 11. 2006 19:19 13592]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [25. 8. 2008 13:10 244368]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [25. 8. 2008 13:28 41216]
R3 Sony_EricssonWWSC;Toshiba F3507g Mobile Broadband USIM Port;c:\windows\system32\drivers\toshscard.sys [25. 8. 2008 14:29 24232]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [25. 8. 2008 13:44 435072]
R3 toshbus;Toshiba F3507g Mobile Broadband Device driver (WDM);c:\windows\system32\drivers\toshbus.sys [25. 8. 2008 14:29 300544]
R3 toshcard;Toshiba F3507g Mobile Broadband Device Management;c:\windows\system32\drivers\toshcard.sys [25. 8. 2008 14:29 376960]
R3 toshgps;Toshiba F3507g Mobile Broadband GPS Port;c:\windows\system32\drivers\toshgps.sys [25. 8. 2008 14:29 72232]
R3 toshmdfl;Toshiba F3507g Mobile Broadband Modem Filter;c:\windows\system32\drivers\toshmdfl.sys [25. 8. 2008 14:29 14976]
R3 toshmdfl2;Toshiba F3507g Mobile Broadband Data Modem Filter;c:\windows\system32\drivers\toshmdfl2.sys [25. 8. 2008 14:29 14976]
R3 toshmdm;Toshiba F3507g Mobile Broadband Modem Driver;c:\windows\system32\drivers\toshmdm.sys [25. 8. 2008 14:29 385536]
R3 toshmdm2;Toshiba F3507g Mobile Broadband Data Modem Driver;c:\windows\system32\drivers\toshmdm2.sys [25. 8. 2008 14:29 430080]
R3 toshunic;Toshiba F3507g Mobile Broadband Network Adapter (WDM);c:\windows\system32\drivers\toshunic.sys [25. 8. 2008 14:29 402816]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [25. 8. 2008 14:03 106496]
S3 toshnd5;Toshiba F3507g Mobile Broadband Network Adapter (NDIS);c:\windows\system32\drivers\toshnd5.sys [25. 8. 2008 14:29 25856]
S4 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe --> c:\windows\system32\TAMSvr.exe [?]
S4 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [16. 7. 2010 17:03 921952]
S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16. 7. 2010 17:03 308136]
S4 gupdate1c98f7879fc2eec;Služba Google Update (gupdate1c98f7879fc2eec);c:\program files\Google\Update\GoogleUpdate.exe [15. 2. 2009 16:19 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24. 1. 2009 0:30 685816]
S4 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [25. 8. 2008 13:55 118784]
S4 TPCHSrv;TPCH Service;c:\program files\Toshiba\TPHM\TPCHSrv.exe [27. 5. 2008 13:12 628072]
.
Obsah adresáře 'Naplánované úlohy'

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 14:19]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 14:19]

2010-09-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1480)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\TrueSuite Access Manager\FpSuites.dll
c:\program files\TrueSuite Access Manager\SharedResources.dll
c:\program files\TrueSuite Access Manager\FPResource.dll
c:\windows\system32\authTpm.dll
.
Celkový čas: 2010-09-06 22:42:53
ComboFix-quarantined-files.txt 2010-09-06 20:42
ComboFix2.txt 2010-09-06 19:44

Před spuštěním: Volných bajtů: 224 536 985 600
Po spuštění: Volných bajtů: 224 528 015 360

- - End Of File - - 9173B33BDAE1182D5EBF8426ECF0B3B8

[jozibaci]

prebehlo obnovenie systemu do predchadzajuceho stavu........nova uvodna obrazovka,no security tool mi stale vyskakuje

[davide44]

Ahoj nie je nič jednoduchšie než takáto kravinka.Nemusíš ako bolo spomenuté prepisovať rozne adresáre.Jednoducho chod do núdzového režimu vyhľadaj security tool (pod číslom 89473) a vyhod ho do koša a zmaž ho nastálo.Program sa vymaže nastálo a už ty pojde všetko ....

[jozibaci]

tomu vyhladaniu security tool pod cislom 89473 nerozumiem............myslis vyhladat kde? ako?

[vyosek]

Zdravim a omlouvam se kolegovi za vstup (viz SZ Rudy)

2 davide44: prectete si prosim pravidla fora a hlavne clanek o lezeni do tematu a poskytovani rad...

2 jozibaci: nic nehledejte, tady mate dalsi postup nez prijde Rudy
Stahnete na plochu RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[jozibaci]

nic sa nedeje..........este som nic nepodnikol,nakolko nie som pri infik.compe..........pokracovat mozem vecer.....spominany log vlozim.......zatial vdaka

[vyosek]

Vecer tu bude i Rudy, ja mam nocni, takze to s nim dorazite
Za me nemate zac, preji pekny den a uspesne leceni..

[jozibaci]

2 rudy - zdravim,postupujem podla pokynu vasho kolegu ..........prikladam log z MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4563

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7. 9. 2010 21:40:33
mbam-log-2010-09-07 (21-40-33).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 190100
Uplynulý čas: 35 min, 27 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 6
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 1
Infikované súbory: 7

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.

Infikované súbory:
C:\Documents and Settings\Juraj Porubčanský\Dokumenty\Inštalačky\Nero 8.1.1.0.cz\crack.exe (RiskWare.Tool.CK) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\Juraj Porubčanský\Data aplikací\MSA\mscj.exe.vir (Backdoor.Bot) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\Juraj Porubčanský\Data aplikací\MSA\mscjm.exe.vir (Trojan.VB) -> No action taken.
C:\System Volume Information\_restore{69485F63-24F3-4980-92EA-E2DB07CB4C78}\RP124\A0024050.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{69485F63-24F3-4980-92EA-E2DB07CB4C78}\RP124\A0024051.exe (Trojan.VB) -> No action taken.
C:\System Volume Information\_restore{69485F63-24F3-4980-92EA-E2DB07CB4C78}\RP125\A0024972.exe (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Juraj Porubčanský\Data aplikací\MSA\w2_0.exe (Rogue.MSAntiVirus) -> No action taken.

[Rudy]

Vše, co MBAM nalezl, smažte.

[jozibaci]

OK,zmazane..........vyzera to uz slubne.......ziadne znamky po security tool..........este nejake kroky?

[Rudy]

Pokud PC korektně funguje, je to vše.