kontrola logu prosim

Zpráva

aslex · #1 Příspěvek od **aslex** » 15 zář 2010 22:41

vim ze je tam akorat nevim ktere...

Logfile of HijackThis v1.99.1
Scan saved at 23:25:16, on 15.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\AVG\AVG9\avgchsvx.exe
D:\Program Files\AVG\AVG9\avgrsx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\Program Files\AVG\AVG9\avgemc.exe
D:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\QIP\qip.exe
D:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
D:\Program Files\PC Tools Security\BDT\FGuard.exe
D:\Program Files\PC Tools Security\pctsSvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\alexik\Plocha\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\alexik\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - D:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
O2 - BHO: (no name) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\alexik\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [PCTools FGuard] D:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nod32] D:\DOCUME~1\alexik\LOCALS~1\Temp\nodqq.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Need for Speed™ Undercover Registration.lnk = D:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Program Files\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: d:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\pc tools\lsp\pctlsp.dll
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://vexcast.com/download/vexcast.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - D:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NMSAccess - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\PC Tools Security\pctsSvc.exe

#2 Příspěvek od **cernohous13** » 16 zář 2010 04:53

Vítám tě u nás Obrázek

Potřebuji log RSIT viz http://www.viry.cz/forum/viewtopic.php?f=13&t=82743

aslex · #3 Příspěvek od **aslex** » 16 zář 2010 11:02

vcera sem delal s combofixem ale k dalsi kontrole sem se jeste nedostal planuji dnes no uvidime co ty na to

Logfile of random's system information tool 1.08 (written by random/random)
Run by alexik at 2010-09-16 12:01:14
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 81 GB (53%) free of 153 GB
Total RAM: 1023 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:01:28, on 16.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\AVG\AVG9\avgchsvx.exe
D:\Program Files\AVG\AVG9\avgrsx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\PC Tools Security\BDT\FGuard.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
D:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\Program Files\AVG\AVG9\avgemc.exe
D:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\alexik\Plocha\RSIT.exe
D:\Program Files\trend micro\alexik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\alexik\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - D:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\alexik\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCTools FGuard] D:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Need for Speed™ Undercover Registration.lnk = D:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://vexcast.com/download/vexcast.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - D:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7246 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - D:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll [2010-09-02 522192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\AVG9\avgssie.dll [2010-09-15 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - D:\Documents and Settings\alexik\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-24 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - D:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll [2010-09-02 522192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"=D:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-09-15 2065760]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2010-06-07 13902440]
"PCTools FGuard"=D:\Program Files\PC Tools Security\BDT\FGuard.exe [2010-09-02 108496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

D:\Documents and Settings\alexik\Nabídka Start\Programy\Po spuštění
Need for Speed™ Undercover Registration.lnk - D:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
D:\WINDOWS\system32\avgrsstx.dll [2010-09-15 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\AVG\AVG9\avgemc.exe"="D:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"D:\Program Files\AVG\AVG9\avgupd.exe"="D:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"D:\Program Files\AVG\AVG9\avgnsx.exe"="D:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"D:\Program Files\Steam\Steam.exe"="D:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\QIP\qip.exe"="D:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\Program Files\Ventrilo\Ventrilo.exe"="D:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Program Files\Valve\hl.exe"="D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="D:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"D:\Program Files\EA Sports\NHL 09\nhl2009.exe"="D:\Program Files\EA Sports\NHL 09\nhl2009.exe:*:Enabled:nhl2009"
"D:\WINDOWS\system32\dpvsetup.exe"="D:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\Program Files\Sierra\FEAR\FEAR.exe"="D:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
"D:\Program Files\Steam\steamapps\skidomyl\counter-strike\hl.exe"="D:\Program Files\Steam\steamapps\skidomyl\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - "D:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-09-16 12:01:15 ----D---- D:\Program Files\trend micro
2010-09-16 12:01:14 ----D---- D:\rsit
2010-09-16 00:08:40 ----SHD---- D:\RECYCLER
2010-09-16 00:03:22 ----A---- D:\ComboFix.txt
2010-09-15 23:56:59 ----A---- D:\Boot.bak
2010-09-15 23:56:53 ----RASHD---- D:\cmdcons
2010-09-15 23:54:46 ----A---- D:\WINDOWS\zip.exe
2010-09-15 23:54:46 ----A---- D:\WINDOWS\SWSC.exe
2010-09-15 23:54:46 ----A---- D:\WINDOWS\SWREG.exe
2010-09-15 23:54:46 ----A---- D:\WINDOWS\sed.exe
2010-09-15 23:54:46 ----A---- D:\WINDOWS\PEV.exe
2010-09-15 23:54:46 ----A---- D:\WINDOWS\NIRCMD.exe
2010-09-15 23:54:46 ----A---- D:\WINDOWS\MBR.exe
2010-09-15 23:54:46 ----A---- D:\WINDOWS\grep.exe
2010-09-15 23:54:45 ----A---- D:\WINDOWS\SWXCACLS.exe
2010-09-15 23:54:25 ----D---- D:\WINDOWS\ERDNT
2010-09-15 23:52:32 ----D---- D:\Qoobox
2010-09-15 23:18:16 ----A---- D:\WINDOWS\BDTSupport.dll
2010-09-15 23:18:15 ----A---- D:\WINDOWS\SGDetectionTool.dll
2010-09-15 23:18:15 ----A---- D:\WINDOWS\PCTBDRes.dll
2010-09-15 23:18:15 ----A---- D:\WINDOWS\PCTBDCore.dll
2010-09-15 23:13:01 ----D---- D:\Program Files\PC Tools Security
2010-09-15 23:12:57 ----AD---- D:\Documents and Settings\All Users\Data aplikací\TEMP
2010-09-15 23:09:39 ----D---- D:\Documents and Settings\All Users\Data aplikací\PC Tools
2010-09-15 17:25:08 ----D---- D:\Program Files\Spybot - Search & Destroy
2010-08-29 23:29:58 ----D---- D:\Program Files\ICQ6Toolbar
2010-08-29 23:29:44 ----D---- D:\Documents and Settings\All Users\Data aplikací\ICQ
2010-08-29 20:10:51 ----SHD---- D:\WINDOWS\CSC
2010-08-21 19:04:31 ----D---- D:\Program Files\VVSN
2010-08-21 19:03:38 ----D---- D:\Program Files\DAEMON Tools
2010-08-21 19:03:38 ----A---- D:\WINDOWS\system32\drivers\dtscsi.sys
2010-08-21 18:54:23 ----D---- D:\Program Files\EA GAMES
2010-08-21 18:51:46 ----D---- D:\WINDOWS\RegisteredPackages
2010-08-21 18:51:17 ----A---- D:\WINDOWS\system32\psisdecd.dll
2010-08-21 18:51:17 ----A---- D:\WINDOWS\system32\drivers\wstcodec.sys
2010-08-21 18:51:17 ----A---- D:\WINDOWS\system32\drivers\streamip.sys
2010-08-21 18:51:17 ----A---- D:\WINDOWS\system32\drivers\slip.sys
2010-08-21 18:51:17 ----A---- D:\WINDOWS\system32\drivers\ndisip.sys
2010-08-21 18:51:17 ----A---- D:\WINDOWS\system32\drivers\nabtsfec.sys
2010-08-21 18:51:17 ----A---- D:\WINDOWS\system32\drivers\msdv.sys
2010-08-21 18:51:17 ----A---- D:\WINDOWS\system32\drivers\mpe.sys
2010-08-21 18:51:17 ----A---- D:\WINDOWS\system32\drivers\ccdecode.sys
2010-08-21 18:51:17 ----A---- D:\WINDOWS\system32\drivers\bdasup.sys
2010-08-21 18:51:16 ----A---- D:\WINDOWS\system32\drivers\mstee.sys
2010-08-21 18:51:12 ----A---- D:\WINDOWS\system32\dxdllreg.exe
2010-08-21 18:36:05 ----D---- D:\Program Files\Sierra

======List of files/folders modified in the last 1 months======

2010-09-16 12:01:15 ----RD---- D:\Program Files
2010-09-16 11:59:28 ----D---- D:\Program Files\Mozilla Firefox
2010-09-16 11:55:40 ----D---- D:\WINDOWS\system32\drivers\Avg
2010-09-16 11:49:45 ----D---- D:\WINDOWS\Temp
2010-09-16 11:49:45 ----D---- D:\WINDOWS
2010-09-16 01:36:48 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-09-16 00:09:11 ----D---- D:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-09-16 00:01:25 ----A---- D:\WINDOWS\system.ini
2010-09-16 00:01:17 ----D---- D:\WINDOWS\system32\drivers\etc
2010-09-15 23:59:15 ----D---- D:\WINDOWS\system32\drivers
2010-09-15 23:59:15 ----D---- D:\WINDOWS\system32
2010-09-15 23:59:15 ----D---- D:\WINDOWS\AppPatch
2010-09-15 23:59:10 ----D---- D:\Program Files\Common Files
2010-09-15 23:57:27 ----D---- D:\WINDOWS\system32\CatRoot2
2010-09-15 23:56:59 ----RASH---- D:\boot.ini
2010-09-15 23:54:10 ----SHD---- D:\System Volume Information
2010-09-15 23:53:12 ----D---- D:\WINDOWS\Prefetch
2010-09-15 23:43:19 ----D---- D:\WINDOWS\Minidump
2010-09-15 23:13:51 ----SHD---- D:\WINDOWS\Installer
2010-09-15 23:13:48 ----D---- D:\Config.Msi
2010-09-15 23:13:44 ----D---- D:\WINDOWS\WinSxS
2010-09-15 17:12:44 ----A---- D:\WINDOWS\system32\avgrsstx.dll
2010-09-15 17:11:01 ----D---- D:\Documents and Settings\All Users\Data aplikací\avg9
2010-09-14 17:08:03 ----D---- D:\Program Files\Steam
2010-08-29 23:29:59 ----HD---- D:\Program Files\InstallShield Installation Information
2010-08-21 19:04:31 ----HD---- D:\WINDOWS\inf
2010-08-21 18:52:03 ----RSD---- D:\WINDOWS\assembly
2010-08-21 18:51:50 ----RSHDC---- D:\WINDOWS\system32\dllcache
2010-08-21 18:51:02 ----D---- D:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; D:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-11-14 43528]
R0 uagp35;Filtr Microsoft AGPv3.5; D:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK7;Ovladač procesoru AMD K7; D:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; D:\WINDOWS\System32\Drivers\avgldx86.sys [2010-09-15 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; D:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-09-15 29584]
R1 AvgTdiX;AVG Free Network Redirector; D:\WINDOWS\System32\Drivers\avgtdix.sys [2010-09-15 243024]
R1 SCDEmu;SCDEmu; D:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 ctljystk;Game port pro zařízení Creative SB Live!; D:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hamachi;Hamachi Network Interface; D:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-07-10 25280]
R3 hidusb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-06-08 10531200]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ALSysIO;ALSysIO; \??\D:\DOCUME~1\alexik\LOCALS~1\Temp\ALSysIO.sys []
S3 catchme;catchme; \??\D:\DOCUME~1\alexik\LOCALS~1\Temp\catchme.sys []
S3 dtscsi;dtscsi; D:\WINDOWS\System32\Drivers\dtscsi.sys [2010-08-21 223128]
S3 StarOpen;StarOpen; D:\WINDOWS\system32\drivers\StarOpen.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys [2010-02-14 691696]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG Free E-mail Scanner; D:\Program Files\AVG\AVG9\avgemc.exe [2010-09-15 921952]
R2 avg9wd;AVG Free WatchDog; D:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-09-15 308136]
R2 Browser Defender Update Service;Browser Defender Update Service; D:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe [2010-09-02 235472]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-01-25 153376]
R2 NMSAccess;NMSAccess; D:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 nvsvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2010-06-07 154728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 vvdsvc;VJVodClientServices; D:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-03-20 72704]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-02-20 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; d:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#4 Příspěvek od **cernohous13** » 16 zář 2010 18:04

mohlo to jít i šetrněji

když už jsi dal ComboFix, tak mi dej log D:\ComboFix.txt

aslex · #5 Příspěvek od **aslex** » 16 zář 2010 19:59

no ja uz sem snim hodnekrat delal jakoze kdyz sem dal spybot kontrolu pred combofixem naslo me to 8 trojanu..a po me to nenaslo zadneho akorat me v avg me porad naskakuje ze byla nalezena infekce takze tu jeste nekde bude :O

log:

ComboFix 10-09-15.01 - alexik 15.09.2010 23:57:47.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.630 [GMT 2:00]
Spuštěný z: d:\documents and settings\alexik\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-15 do 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-09-15 15:25 . 2010-09-15 15:25 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-08-29 21:29 . 2010-08-29 21:29 -------- d-----w- d:\program files\ICQ6Toolbar
2010-08-21 17:04 . 2010-09-01 14:48 -------- d-----w- d:\program files\VVSN
2010-08-21 17:03 . 2010-09-15 21:35 -------- d-----w- d:\program files\DAEMON Tools
2010-08-21 17:03 . 2010-08-21 17:03 223128 ----a-w- d:\windows\system32\drivers\dtscsi.sys
2010-08-21 16:54 . 2010-08-21 16:54 -------- d-----w- d:\program files\EA GAMES
2010-08-21 16:36 . 2010-08-21 16:36 -------- d-----w- d:\program files\Sierra

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 21:54 . 2010-09-15 21:13 -------- d-----w- d:\program files\PC Tools Security
2010-09-15 21:14 . 2010-09-15 21:14 566480 ----a-w- d:\windows\system32\drivers\Cat.DB
2010-09-15 15:13 . 2010-01-15 13:47 243024 ----a-w- d:\windows\system32\drivers\avgtdix.sys
2010-09-15 15:13 . 2010-01-15 13:47 29584 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
2010-09-15 15:13 . 2010-01-15 13:47 216400 ----a-w- d:\windows\system32\drivers\avgldx86.sys
2010-09-15 15:12 . 2010-03-17 07:35 12536 ----a-w- d:\windows\system32\avgrsstx.dll
2010-09-14 15:08 . 2010-01-15 14:07 -------- d-----w- d:\program files\Steam
2010-09-12 15:41 . 2004-10-19 23:15 217308 ----a-w- d:\windows\system32\nvdrsdb1.bin
2010-09-12 15:41 . 2004-10-19 23:15 1 ----a-w- d:\windows\system32\nvdrssel.bin
2010-09-02 13:00 . 2010-09-15 21:18 739280 ----a-w- d:\windows\PCTBDRes.dll
2010-09-02 13:00 . 2010-09-15 21:18 1865680 ----a-w- d:\windows\PCTBDCore.dll
2010-08-30 11:57 . 2010-09-15 21:18 767952 ----a-w- d:\windows\BDTSupport.dll
2010-08-29 21:29 . 2010-01-15 14:37 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-08-26 07:30 . 2010-09-15 21:18 2074 ----a-w- d:\windows\UDB.zip
2010-08-23 07:36 . 2010-09-15 21:18 149456 ----a-w- d:\windows\SGDetectionTool.dll
2010-08-15 15:57 . 2010-08-06 15:21 -------- d-----w- d:\program files\The KMPlayer
2010-08-06 15:24 . 2010-02-10 11:01 -------- d-----w- d:\program files\DivX
2010-08-06 15:24 . 2010-08-06 15:24 -------- d-----w- d:\program files\Common Files\DivX Shared
2010-08-06 15:24 . 2010-08-06 15:24 -------- d-----w- d:\program files\Realtek AC97
2010-08-06 15:24 . 2010-08-06 15:24 -------- d-----w- d:\program files\ACE Mega CoDecS Pack
2010-08-06 15:24 . 2010-08-03 15:10 -------- d-----w- d:\program files\ACE Mega CoDecS Pack(2)
2010-08-06 15:22 . 2010-08-06 15:22 -------- d-----w- d:\program files\Ventrilo
2010-08-06 15:22 . 2010-01-15 15:06 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2010-08-06 15:22 . 2010-08-03 17:46 -------- d-----w- d:\program files\Ventrilo(2)
2010-07-10 10:07 . 2010-07-10 10:07 754 ----a-w- d:\windows\system32\ealregsnapshot1.reg
2010-07-10 09:59 . 2010-07-10 09:59 25280 ----a-w- d:\windows\system32\drivers\hamachi.sys
2010-06-26 23:57 . 2010-01-15 12:46 440310 ----a-w- d:\windows\system32\perfh005.dat
2010-06-26 23:57 . 2010-01-15 12:46 83630 ----a-w- d:\windows\system32\perfc005.dat
2010-06-26 23:53 . 2010-01-15 13:31 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-26 23:53 . 2010-01-15 13:31 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-25 08:52 . 2004-10-19 23:15 217308 ----a-w- d:\windows\system32\nvdrsdb0.bin
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="d:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-15 2065760]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"NvMediaCenter"="NvMCTray.dll" [2010-06-07 110696]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"PCTools FGuard"="d:\program files\PC Tools Security\BDT\FGuard.exe" [2010-09-02 108496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-15 15:12 12536 ----a-w- d:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"d:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"d:\\Program Files\\Steam\\steamapps\\skidomyl\\counter-strike\\hl.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [15.1.2010 15:47 216400]
R1 AvgTdiX;AVG Free Network Redirector;d:\windows\system32\drivers\avgtdix.sys [15.1.2010 15:47 243024]
R2 avg9emc;AVG Free E-mail Scanner;d:\program files\AVG\AVG9\avgemc.exe [17.3.2010 9:34 921952]
R2 avg9wd;AVG Free WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [17.3.2010 9:35 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;d:\program files\PC Tools Security\BDT\BDTUpdateService.exe [15.9.2010 23:18 235472]
S3 ALSysIO;ALSysIO;\??\d:\docume~1\alexik\LOCALS~1\Temp\ALSysIO.sys --> d:\docume~1\alexik\LOCALS~1\Temp\ALSysIO.sys [?]
S4 sptd;sptd;d:\windows\system32\drivers\sptd.sys [14.2.2010 23:02 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - d:\documents and settings\alexik\Data aplikací\Mozilla\Firefox\Profiles\aouyxv66.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - component: d:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: d:\program files\PC Tools Security\BDT\Firefox\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - plugin: d:\program files\DivX\DivX Plus Web Player\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
BHO-{6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 00:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1715567821-706699826-1343024091-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ad,4e,de,3d,50,0b,f0,fb,ac,ec,e4,a3,fc,58,fa,83,21,3e,e9,de,cd,ec,7d,
27,d2,cd,3f,bb,ae,21,f3,f7,9d,30,66,e4,03,9e,23,b1,db,3b,e9,70,42,3c,27,f7,\
"??"=hex:71,8b,eb,73,ce,16,a0,8c,1f,95,17,93,03,33,97,45

[HKEY_USERS\S-1-5-21-1715567821-706699826-1343024091-1003\Software\SecuROM\License information*]
"datasecu"=hex:ea,4d,79,88,d1,1e,2e,97,a3,15,76,89,c7,b8,3a,6f,77,ad,6b,dd,81,
90,15,3c,65,5d,6b,5f,6a,3f,6c,ab,54,92,eb,00,82,82,fd,99,38,28,cf,02,b2,16,\
"rkeysecu"=hex:0c,bc,06,08,8d,d0,41,32,be,6f,10,02,dc,b0,be,e5
.
Celkový čas: 2010-09-16 00:03:21
ComboFix-quarantined-files.txt 2010-09-15 22:03

Před spuštěním: Volných bajtů: 79 924 490 240
Po spuštění: Volných bajtů: 79 901 237 248

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F416D93DECB6841FC05CED968F8CCAB5

#6 Příspěvek od **cernohous13** » 17 zář 2010 02:48

nic tam nevidím.

akorat me v avg me porad naskakuje ze byla nalezena infekce

a prozradíš mi, kde ji AVG nachází?

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Skener" > Provést rychlý sken > Skenovat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

aslex · #7 Příspěvek od **aslex** » 17 zář 2010 08:07

mm toe divne combofix sem delal 15 ale 16 me tam naskocili dalsi dva...tak nvm :O mm dodelam ten test a poslu log

aslex · #8 Příspěvek od **aslex** » 17 zář 2010 08:09

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4636

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

17.9.2010 9:08:49
mbam-log-2010-09-17 (09-08-49).txt

Typ skenu: Rychlý sken
Skenované objekty: 133643
Uplynulý čas: 11 minuta(y), 26 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
D:\Program Files\VVSN (Adware.WhenU) -> No action taken.

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

#9 Příspěvek od **cernohous13** » 17 zář 2010 15:12

Screenem z AVG jsi měl začít (teď už známe soupeře)

Klik na SVI v mém podpisu tě hodí na návod jak vyčistit Body obnovy

Zapoj do PC všechny USB kíče (flashky, ext. disky apod.)
Stáhni a ulož na plochu UsbFix - návod zde: http://www.viry.cz/forum/viewtopic.php?f=24&t=102308

Spusť a klikni na Deletion

Po dokončení sem vlož log, pokud se sám neotevře, najdeš jej zde C:\UsbFix.txt

MBAM spustit znovu - dát Kompletní kontrola
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych taky rád viděl

aslex · #10 Příspěvek od **aslex** » 18 zář 2010 09:44

sice sem uz preinstaloval windows ale porad skakal to jako fakt tou fleshkou?:P tue log

############################## | UsbFix 7.025 | [Deletion]

User: alex (Administrator) # ALEXIIIK [ ]
Updated 15/09/10 by El Desaparecido / C_XX
Started at 10:40:54 | 18/09/2010
Website: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: AMD Athlon(tm) XP 2500+
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180

Windows Firewall: Enabled
Antivirus: AVG Anti-Virus Free 9.0 [Enabled | Updated]
RAM -> 1023 Mb
C:\ (%systemdrive%) -> Fixed drive # 149 Gb (143 Mb free - 96%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [KINGSTON] # FAT32

################## | Files # Infected Folders |

Deleted ! E:\Autorun.inf

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

################## | Listing |

[17/09/2010 - 14:00:23 | HD ] C:\$AVG
[17/09/2010 - 13:16:03 | A | 0] C:\AUTOEXEC.BAT
[17/09/2010 - 13:11:14 | SH | 211] C:\boot.ini
[25/10/2001 - 16:00:00 | RASH | 4952] C:\Bootfont.bin
[17/09/2010 - 17:49:10 | D ] C:\ComboFix
[17/09/2010 - 13:16:03 | A | 0] C:\CONFIG.SYS
[17/09/2010 - 13:20:24 | D ] C:\Documents and Settings
[17/09/2010 - 13:16:03 | RASH | 0] C:\IO.SYS
[17/09/2010 - 13:16:03 | RASH | 0] C:\MSDOS.SYS
[03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM
[03/08/2004 - 22:59:38 | RASH | 250048] C:\ntldr
[17/09/2010 - 13:54:05 | D ] C:\NVIDIA
[18/09/2010 - 10:20:31 | ASH | 1610612736] C:\pagefile.sys
[17/09/2010 - 18:34:55 | RD ] C:\Program Files
[17/09/2010 - 15:26:37 | D ] C:\Qoobox
[17/09/2010 - 13:26:02 | SHD ] C:\RECYCLER
[17/09/2010 - 13:19:26 | SHD ] C:\System Volume Information
[18/09/2010 - 10:41:09 | D ] C:\UsbFix
[18/09/2010 - 10:41:10 | A | 779] C:\UsbFix.txt
[18/09/2010 - 10:21:01 | D ] C:\WINDOWS

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_ALEXIIIK.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

#11 Příspěvek od **cernohous13** » 18 zář 2010 20:32

Malé objasnění toho, co USBFix mazal (kde se to vzalo po nové instalaci?)

Stále častěji se vyskytuje trik s použitím klíče registrů: HKLM / SOFTWARE / Microsoft / Windows NT / CurrentVersion / Image File Execution Options / Image File Execution Options. Pokud zde havěť vytvoří například podklíč s názvem "antivirus.exe" a do proměnné "Debugger" zapíše hodnotu "já_virus.exe", při jákemkoliv spuštění souboru "antivirus.exe", dojde v reálu nejprve ke spuštění "já_virus.exe" a až od tohoto podstrčeného souboru se očekává, že spustí "antivirus.exe". Nicméně to co se stane v reálu, rozhoduje až samotný podstrčený soubor. Ve výsledku nemusí provést žádnou další činnost, tudíž pro uživatele se bude "antivirus.exe" jevit jako nefunkční, stejně tak další vybrané programy. Takto může virus předem zablokovat skupinu nejpopulárnějších EXE souborů jednotlivých antivirů a třebas i regedit.exe, což je editor registrů, který umožňuje jednoduše celou situaci v registrech napravit.

Mimo jiné smazal soubor E:\Autorun.inf a nahradil ho svým, který už nebude škodit a nebude napadený.

Spusť znovu USBFix a dej Uninstall - uklidí po sobě.

Nový RSIT log

aslex · #12 Příspěvek od **aslex** » 19 zář 2010 11:14

Logfile of random's system information tool 1.08 (written by random/random)
Run by alex at 2010-09-19 12:12:56
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 146 GB (96%) free of 153 GB
Total RAM: 1023 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:13, on 2010-09-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\alex\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\alex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\alex\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\alex\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4011 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-09-17 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\alex\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-09-10 149968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-09-17 2065760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-09-17 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Steam\steamapps\skidomyl\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\skidomyl\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-09-19 12:12:57 ----D---- C:\Program Files\trend micro
2010-09-19 12:12:56 ----D---- C:\rsit
2010-09-18 20:29:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-09-18 20:29:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-09-18 20:14:35 ----SD---- C:\ComboFix
2010-09-18 20:07:04 ----A---- C:\WINDOWS\system32\CF11670.exe
2010-09-18 19:53:50 ----A---- C:\WINDOWS\PEV.exe
2010-09-18 19:53:50 ----A---- C:\WINDOWS\MBR.exe
2010-09-18 19:43:01 ----D---- C:\WINDOWS\temp
2010-09-18 19:42:16 ----A---- C:\WINDOWS\system32\CF6808.exe
2010-09-18 19:40:34 ----A---- C:\WINDOWS\system32\CF4453.exe
2010-09-18 19:29:31 ----RASHD---- C:\cmdcons
2010-09-18 19:28:43 ----A---- C:\WINDOWS\system32\CF4153.exe
2010-09-18 19:26:37 ----A---- C:\WINDOWS\system32\CF3722.exe
2010-09-18 19:24:37 ----A---- C:\WINDOWS\system32\CF3304.exe
2010-09-18 19:23:51 ----RASHD---- C:\Autorun.inf
2010-09-18 10:38:35 ----D---- C:\UsbFix
2010-09-17 18:34:03 ----D---- C:\WINDOWS\system32\appmgmt
2010-09-17 17:48:27 ----A---- C:\WINDOWS\system32\CF29992.exe
2010-09-17 17:47:39 ----A---- C:\WINDOWS\system32\CF29865.exe
2010-09-17 15:39:55 ----D---- C:\Documents and Settings\alex\Data aplikací\Ventrilo
2010-09-17 15:39:45 ----D---- C:\Program Files\Ventrilo
2010-09-17 15:39:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-09-17 15:27:00 ----A---- C:\WINDOWS\zip.exe
2010-09-17 15:27:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-09-17 15:27:00 ----A---- C:\WINDOWS\SWSC.exe
2010-09-17 15:27:00 ----A---- C:\WINDOWS\SWREG.exe
2010-09-17 15:27:00 ----A---- C:\WINDOWS\sed.exe
2010-09-17 15:27:00 ----A---- C:\WINDOWS\NIRCMD.exe
2010-09-17 15:27:00 ----A---- C:\WINDOWS\grep.exe
2010-09-17 15:26:37 ----D---- C:\WINDOWS\ERDNT
2010-09-17 15:26:36 ----A---- C:\WINDOWS\system32\CF2257.exe
2010-09-17 15:26:30 ----D---- C:\Qoobox
2010-09-17 15:11:10 ----A---- C:\WINDOWS\system32\h323log.txt
2010-09-17 15:10:05 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2010-09-17 15:09:30 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2010-09-17 15:09:06 ----A---- C:\WINDOWS\system32\drivers\gameenum.sys
2010-09-17 15:09:06 ----A---- C:\WINDOWS\system32\drivers\ctljystk.sys
2010-09-17 15:09:00 ----A---- C:\WINDOWS\system32\drivers\fetnd5.sys
2010-09-17 15:08:58 ----A---- C:\WINDOWS\system32\usbui.dll
2010-09-17 15:08:55 ----A---- C:\WINDOWS\system32\drivers\UAGP35.SYS
2010-09-17 15:08:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-17 15:08:03 ----SHD---- C:\WINDOWS\Installer
2010-09-17 15:08:03 ----D---- C:\Program Files\Common Files\ODBC
2010-09-17 15:08:03 ----A---- C:\WINDOWS\ODBCINST.INI
2010-09-17 15:08:00 ----RD---- C:\Program Files
2010-09-17 15:08:00 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-09-17 15:08:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-09-17 15:08:00 ----D---- C:\Program Files\Common Files
2010-09-17 15:07:57 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-09-17 15:07:57 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-09-17 15:07:57 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-09-17 15:07:55 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-09-17 15:07:55 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-09-17 15:07:55 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-09-17 15:07:55 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-09-17 15:07:55 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-09-17 15:07:55 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-09-17 15:07:55 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-09-17 15:07:55 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-09-17 15:07:55 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-09-17 15:07:55 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-09-17 15:07:55 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-09-17 15:07:54 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-09-17 15:07:53 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-09-17 15:07:53 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-09-17 15:07:53 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-09-17 15:07:53 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-09-17 15:07:53 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-09-17 15:07:53 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-09-17 15:07:53 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-09-17 15:07:51 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-09-17 15:07:51 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-09-17 15:07:51 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-09-17 15:07:51 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-09-17 15:07:51 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-09-17 15:07:47 ----A---- C:\WINDOWS\system32\kbdycl.dll
2010-09-17 15:07:47 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2010-09-17 15:07:47 ----A---- C:\WINDOWS\system32\kbdsl.dll
2010-09-17 15:07:47 ----A---- C:\WINDOWS\system32\kbdro.dll
2010-09-17 15:07:47 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2010-09-17 15:07:47 ----A---- C:\WINDOWS\system32\kbdpl.dll
2010-09-17 15:07:47 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2010-09-17 15:07:47 ----A---- C:\WINDOWS\system32\kbdhu.dll
2010-09-17 15:07:47 ----A---- C:\WINDOWS\system32\kbdcr.dll
2010-09-17 15:07:47 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2010-09-17 15:07:46 ----A---- C:\WINDOWS\system32\irclass.dll
2010-09-17 15:07:46 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-09-17 15:07:46 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-09-17 15:07:45 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-09-17 15:07:44 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-09-17 15:07:42 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-09-17 15:07:42 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-09-17 15:07:41 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2010-09-17 15:07:41 ----A---- C:\WINDOWS\system32\batt.dll
2010-09-17 15:07:41 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-09-17 15:07:36 ----A---- C:\WINDOWS\system32\storprop.dll
2010-09-17 15:07:29 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-09-17 15:05:47 ----RA---- C:\WINDOWS\SET8.tmp
2010-09-17 15:05:44 ----RA---- C:\WINDOWS\SET4.tmp
2010-09-17 15:05:43 ----RA---- C:\WINDOWS\SET3.tmp
2010-09-17 15:05:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-17 15:05:38 ----D---- C:\WINDOWS\system32\CatRoot
2010-09-17 15:05:32 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-09-17 15:05:14 ----SHD---- C:\System Volume Information
2010-09-17 15:05:14 ----D---- C:\Documents and Settings
2010-09-17 15:04:18 ----RASH---- C:\boot.ini
2010-09-17 15:02:25 ----D---- C:\Program Files\Windows Media Connect 2
2010-09-17 15:02:15 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-09-17 15:00:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-17 15:00:40 ----RSD---- C:\WINDOWS\Fonts
2010-09-17 15:00:40 ----RD---- C:\WINDOWS\Web
2010-09-17 15:00:40 ----HD---- C:\WINDOWS\inf
2010-09-17 15:00:40 ----D---- C:\WINDOWS\WinSxS
2010-09-17 15:00:40 ----D---- C:\WINDOWS\twain_32
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\wins
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\wbem
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\usmt
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\spool
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\ShellExt
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\Setup
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\ras
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\oobe
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\npp
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\mui
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\inetsrv
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\IME
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\icsxml
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\ias
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\export
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\drivers\disdn
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\drivers
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\dhcp
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\config
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\3com_dmi
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\3076
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\2052
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\1054
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\1042
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\1041
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\1037
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\1033
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\1031
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\1029
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\1028
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32\1025
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system32
2010-09-17 15:00:40 ----D---- C:\WINDOWS\system
2010-09-17 15:00:40 ----D---- C:\WINDOWS\security
2010-09-17 15:00:40 ----D---- C:\WINDOWS\Resources
2010-09-17 15:00:40 ----D---- C:\WINDOWS\repair
2010-09-17 15:00:40 ----D---- C:\WINDOWS\Provisioning
2010-09-17 15:00:40 ----D---- C:\WINDOWS\pchealth
2010-09-17 15:00:40 ----D---- C:\WINDOWS\PeerNet
2010-09-17 15:00:40 ----D---- C:\WINDOWS\mui
2010-09-17 15:00:40 ----D---- C:\WINDOWS\msapps
2010-09-17 15:00:40 ----D---- C:\WINDOWS\msagent
2010-09-17 15:00:40 ----D---- C:\WINDOWS\Media
2010-09-17 15:00:40 ----D---- C:\WINDOWS\java
2010-09-17 15:00:40 ----D---- C:\WINDOWS\ime
2010-09-17 15:00:40 ----D---- C:\WINDOWS\Help
2010-09-17 15:00:40 ----D---- C:\WINDOWS\ehome
2010-09-17 15:00:40 ----D---- C:\WINDOWS\Driver Cache
2010-09-17 15:00:40 ----D---- C:\WINDOWS\Debug
2010-09-17 15:00:40 ----D---- C:\WINDOWS\Cursors
2010-09-17 15:00:40 ----D---- C:\WINDOWS\Connection Wizard
2010-09-17 15:00:40 ----D---- C:\WINDOWS\Config
2010-09-17 15:00:40 ----D---- C:\WINDOWS\AppPatch
2010-09-17 15:00:40 ----D---- C:\WINDOWS\addins
2010-09-17 15:00:40 ----D---- C:\WINDOWS
2010-09-17 15:00:40 ----ASH---- C:\pagefile.sys
2010-09-17 14:59:52 ----D---- C:\WINDOWS\system32\drivers\umdf
2010-09-17 14:59:41 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-09-17 14:58:11 ----D---- C:\Documents and Settings\alex\Data aplikací\WinRAR
2010-09-17 14:58:06 ----D---- C:\Program Files\WinRAR
2010-09-17 14:54:40 ----D---- C:\Program Files\CCleaner
2010-09-17 14:35:41 ----D---- C:\Program Files\QIP
2010-09-17 14:34:16 ----D---- C:\Documents and Settings\alex\Data aplikací\QIP
2010-09-17 14:32:36 ----A---- C:\WINDOWS\system32\qttask.exe
2010-09-17 14:28:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-09-17 14:27:32 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-09-17 14:27:32 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-09-17 14:27:32 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-09-17 14:27:32 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-09-17 14:27:25 ----D---- C:\WINDOWS\system32\QuickTime
2010-09-17 14:27:24 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2010-09-17 14:27:20 ----A---- C:\WINDOWS\system32\mplvw7.dll
2010-09-17 14:27:20 ----A---- C:\WINDOWS\system32\mplvpx.dll
2010-09-17 14:27:20 ----A---- C:\WINDOWS\system32\mplvm6.dll
2010-09-17 14:27:20 ----A---- C:\WINDOWS\system32\mplva6.dll
2010-09-17 14:27:20 ----A---- C:\WINDOWS\system32\mplaw7.dll
2010-09-17 14:27:20 ----A---- C:\WINDOWS\system32\mplapx.dll
2010-09-17 14:27:20 ----A---- C:\WINDOWS\system32\mplam6.dll
2010-09-17 14:27:20 ----A---- C:\WINDOWS\system32\mplaa6.dll
2010-09-17 14:27:20 ----A---- C:\WINDOWS\system32\cpuinf32.dll
2010-09-17 14:27:19 ----A---- C:\WINDOWS\system32\unrar.dll
2010-09-17 14:27:17 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-09-17 14:27:14 ----D---- C:\Program Files\ACE Mega CoDecS Pack
2010-09-17 14:13:36 ----A---- C:\WINDOWS\system32\ChCfg.exe
2010-09-17 14:13:32 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2010-09-17 14:13:31 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2010-09-17 14:13:29 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2010-09-17 14:13:28 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2010-09-17 14:13:26 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2010-09-17 14:13:25 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2010-09-17 14:13:24 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2010-09-17 14:13:23 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2010-09-17 14:13:21 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010-09-17 14:13:20 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2010-09-17 14:13:17 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010-09-17 14:13:12 ----RA---- C:\WINDOWS\system32\drivers\alcxwdm.sys
2010-09-17 14:13:11 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-09-17 14:13:10 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2010-09-17 14:13:04 ----D---- C:\Program Files\Realtek AC97
2010-09-17 14:13:04 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2010-09-17 14:13:03 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2010-09-17 14:13:03 ----A---- C:\WINDOWS\soundman.exe
2010-09-17 14:13:02 ----A---- C:\WINDOWS\alcupd.exe
2010-09-17 14:13:02 ----A---- C:\WINDOWS\Alcrmv.exe
2010-09-17 14:00:23 ----HD---- C:\$AVG
2010-09-17 13:55:09 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-09-17 13:54:34 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-09-17 13:54:22 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-09-17 13:54:05 ----D---- C:\NVIDIA
2010-09-17 13:53:26 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-09-17 13:53:13 ----D---- C:\Program Files\Realtek
2010-09-17 13:53:12 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-17 13:53:07 ----A---- C:\WINDOWS\RtlExUpd.dll
2010-09-17 13:53:02 ----D---- C:\Program Files\Common Files\InstallShield
2010-09-17 13:46:10 ----D---- C:\Program Files\Steam
2010-09-17 13:43:50 ----D---- C:\Documents and Settings\alex\Data aplikací\Macromedia
2010-09-17 13:43:50 ----D---- C:\Documents and Settings\alex\Data aplikací\Adobe
2010-09-17 13:42:38 ----D---- C:\Documents and Settings\alex\Data aplikací\Mozilla
2010-09-17 13:41:50 ----D---- C:\Program Files\Mozilla Firefox
2010-09-17 13:28:43 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-09-17 13:28:41 ----A---- C:\WINDOWS\system32\drivers\avgtdix.sys
2010-09-17 13:28:33 ----A---- C:\WINDOWS\system32\drivers\avgldx86.sys
2010-09-17 13:28:32 ----A---- C:\WINDOWS\system32\drivers\avgmfx86.sys
2010-09-17 13:28:28 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-09-17 13:28:22 ----D---- C:\Program Files\AVG
2010-09-17 13:28:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-09-17 13:26:02 ----SHD---- C:\RECYCLER
2010-09-17 13:21:50 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2010-09-17 13:20:42 ----D---- C:\Documents and Settings\alex\Data aplikací\Identities
2010-09-17 13:20:40 ----HD---- C:\Program Files\Uninstall Information
2010-09-17 13:20:25 ----SD---- C:\Documents and Settings\alex\Data aplikací\Microsoft
2010-09-17 13:20:25 ----ASH---- C:\Documents and Settings\alex\Data aplikací\desktop.ini
2010-09-17 13:19:25 ----D---- C:\WINDOWS\SoftwareDistribution
2010-09-17 13:19:25 ----D---- C:\WINDOWS\Prefetch
2010-09-17 13:19:24 ----SD---- C:\WINDOWS\system32\Microsoft
2010-09-17 13:19:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-17 13:16:25 ----D---- C:\WINDOWS\system32\xircom
2010-09-17 13:16:25 ----D---- C:\Program Files\xerox
2010-09-17 13:16:25 ----D---- C:\Program Files\microsoft frontpage
2010-09-17 13:16:03 ----RASH---- C:\MSDOS.SYS
2010-09-17 13:16:03 ----RASH---- C:\IO.SYS
2010-09-17 13:16:03 ----A---- C:\WINDOWS\control.ini
2010-09-17 13:16:03 ----A---- C:\CONFIG.SYS
2010-09-17 13:16:03 ----A---- C:\AUTOEXEC.BAT
2010-09-17 13:15:46 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-09-17 13:15:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-09-17 13:15:04 ----RD---- C:\WINDOWS\Offline Web Pages
2010-09-17 13:15:04 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-09-17 13:14:58 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-09-17 13:14:55 ----HD---- C:\Program Files\WindowsUpdate
2010-09-17 13:14:52 ----D---- C:\Program Files\Online Services
2010-09-17 13:14:39 ----D---- C:\WINDOWS\system32\DirectX
2010-09-17 13:14:19 ----A---- C:\WINDOWS\system32\atrace.dll
2010-09-17 13:14:17 ----A---- C:\WINDOWS\system32\desktop.ini
2010-09-17 13:14:17 ----A---- C:\WINDOWS\desktop.ini
2010-09-17 13:14:10 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-09-17 13:14:08 ----D---- C:\Program Files\Common Files\Services
2010-09-17 13:14:08 ----A---- C:\WINDOWS\system32\acctres.dll
2010-09-17 13:14:05 ----SD---- C:\WINDOWS\Tasks
2010-09-17 13:14:05 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-09-17 13:14:04 ----D---- C:\Program Files\Common Files\MSSoap
2010-09-17 13:14:01 ----D---- C:\WINDOWS\srchasst
2010-09-17 13:14:00 ----D---- C:\WINDOWS\system32\Macromed
2010-09-17 13:13:57 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-09-17 13:13:57 ----A---- C:\WINDOWS\system32\wups.dll
2010-09-17 13:13:57 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-09-17 13:13:57 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-09-17 13:13:57 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-09-17 13:13:57 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-09-17 13:13:57 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-09-17 13:13:57 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-09-17 13:13:57 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-09-17 13:13:56 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-09-17 13:13:56 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-09-17 13:13:56 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-09-17 13:13:56 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-09-17 13:13:53 ----D---- C:\Program Files\Movie Maker
2010-09-17 13:13:49 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-09-17 13:13:49 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-09-17 13:13:49 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-09-17 13:13:49 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-09-17 13:13:46 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-09-17 13:13:45 ----D---- C:\WINDOWS\system32\Restore
2010-09-17 13:13:45 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-09-17 13:13:45 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-09-17 13:13:45 ----A---- C:\WINDOWS\system32\srclient.dll
2010-09-17 13:13:45 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-09-17 13:13:45 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2010-09-17 13:13:45 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2010-09-17 13:13:44 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-09-17 13:13:44 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-09-17 13:13:44 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-09-17 13:13:44 ----A---- C:\WINDOWS\system32\ils.dll
2010-09-17 13:13:43 ----A---- C:\WINDOWS\system32\msconf.dll
2010-09-17 13:13:43 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-09-17 13:13:41 ----D---- C:\Program Files\NetMeeting
2010-09-17 13:13:41 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-09-17 13:13:41 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-09-17 13:13:40 ----A---- C:\WINDOWS\system32\inetres.dll
2010-09-17 13:13:39 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-09-17 13:13:37 ----D---- C:\Program Files\Outlook Express
2010-09-17 13:13:37 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-09-17 13:13:37 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-09-17 13:13:37 ----A---- C:\WINDOWS\system32\mstask.dll
2010-09-17 13:13:36 ----A---- C:\WINDOWS\system32\isign32.dll
2010-09-17 13:13:36 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-09-17 13:13:36 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-09-17 13:13:36 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-09-17 13:13:31 ----D---- C:\Program Files\Common Files\System
2010-09-17 13:13:26 ----D---- C:\Program Files\Internet Explorer
2010-09-17 13:12:56 ----D---- C:\Program Files\ComPlus Applications
2010-09-17 13:12:55 ----A---- C:\WINDOWS\vbaddin.ini
2010-09-17 13:12:55 ----A---- C:\WINDOWS\vb.ini
2010-09-17 13:12:51 ----D---- C:\WINDOWS\Registration
2010-09-17 13:12:46 ----D---- C:\Program Files\Windows Media Player
2010-09-17 13:12:41 ----D---- C:\Program Files\Messenger
2010-09-17 13:12:37 ----D---- C:\Program Files\MSN Gaming Zone
2010-09-17 13:12:37 ----A---- C:\WINDOWS\system32\write.exe
2010-09-17 13:12:29 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-09-17 13:12:29 ----A---- C:\WINDOWS\system32\hticons.dll
2010-09-17 13:12:28 ----A---- C:\WINDOWS\system32\winchat.exe
2010-09-17 13:12:28 ----A---- C:\WINDOWS\system32\avwav.dll
2010-09-17 13:12:28 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-09-17 13:12:28 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-09-17 13:12:21 ----A---- C:\WINDOWS\system32\charmap.exe
2010-09-17 13:12:21 ----A---- C:\WINDOWS\system32\getuname.dll
2010-09-17 13:12:21 ----A---- C:\WINDOWS\system32\calc.exe
2010-09-17 13:12:20 ----A---- C:\WINDOWS\system32\winmine.exe
2010-09-17 13:12:20 ----A---- C:\WINDOWS\system32\sol.exe
2010-09-17 13:12:20 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-09-17 13:12:20 ----A---- C:\WINDOWS\system32\freecell.exe
2010-09-17 13:12:19 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-09-17 13:12:19 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-09-17 13:12:19 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-09-17 13:12:19 ----A---- C:\WINDOWS\system32\tskill.exe
2010-09-17 13:12:19 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-09-17 13:12:19 ----A---- C:\WINDOWS\system32\tscon.exe
2010-09-17 13:12:19 ----A---- C:\WINDOWS\system32\shadow.exe
2010-09-17 13:12:19 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-09-17 13:12:19 ----A---- C:\WINDOWS\system32\reset.exe
2010-09-17 13:12:19 ----A---- C:\WINDOWS\system32\regini.exe
2010-09-17 13:12:19 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-09-17 13:12:19 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-09-17 13:12:19 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-09-17 13:12:19 ----A---- C:\WINDOWS\system32\msg.exe
2010-09-17 13:12:18 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-09-17 13:12:18 ----A---- C:\WINDOWS\system32\logoff.exe
2010-09-17 13:12:18 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-09-17 13:12:17 ----A---- C:\WINDOWS\system32\stclient.dll
2010-09-17 13:12:17 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-09-17 13:12:17 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-09-17 13:12:17 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-09-17 13:12:17 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-09-17 13:12:17 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-09-17 13:12:17 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-09-17 13:12:16 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-09-17 13:12:11 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-09-17 13:12:10 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-09-17 13:12:10 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-09-17 13:12:10 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-09-17 13:12:10 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-09-17 13:12:09 ----D---- C:\Program Files\Windows NT
2010-09-17 13:12:09 ----A---- C:\WINDOWS\system32\spider.exe
2010-09-17 13:12:09 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-09-17 13:12:09 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2010-09-17 13:12:09 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2010-09-17 13:12:09 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-09-17 13:12:08 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-09-17 13:12:08 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-09-17 13:12:08 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-09-17 13:12:08 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-09-17 13:12:08 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-09-17 13:12:08 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-09-17 13:12:08 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-09-17 13:12:08 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2010-09-17 13:12:07 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-09-17 13:12:07 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-09-17 13:12:07 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-09-17 13:12:07 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-09-17 13:12:07 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-09-17 13:12:07 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-09-17 13:12:07 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-09-17 13:12:07 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-09-17 13:12:07 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-09-17 13:12:06 ----D---- C:\WINDOWS\system32\MsDtc
2010-09-17 13:12:06 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-09-17 13:12:06 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-09-17 13:12:06 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-09-17 13:12:06 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-09-17 13:12:06 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-09-17 13:12:06 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-09-17 13:12:06 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-09-17 13:12:05 ----D---- C:\WINDOWS\system32\Com
2010-09-17 13:12:05 ----A---- C:\WINDOWS\system32\colbact.dll
2010-09-17 13:12:05 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-09-17 13:12:05 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-09-17 13:12:04 ----A---- C:\WINDOWS\system32\comuid.dll
2010-09-17 13:12:04 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-09-17 13:12:04 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-09-17 13:12:04 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-09-17 13:12:04 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-09-17 13:11:58 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-09-17 13:11:58 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-09-17 13:11:58 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-09-17 13:11:57 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-09-17 13:11:52 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2010-09-17 13:11:52 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

======List of files/folders modified in the last 1 months======

2010-09-17 15:02:31 ----A---- C:\WINDOWS\win.ini
2010-09-17 14:32:40 ----A---- C:\WINDOWS\system.ini
2010-09-17 13:15:38 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-04 44672]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-09-17 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-09-17 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-09-17 243024]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-09-17 921952]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-09-17 308136]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

#13 Příspěvek od **cernohous13** » 19 zář 2010 17:21

Co tam pořád vyvádíš s tím ComboFixem?
Vřele doporučujeme nepoužívat jej bez spolupráce se zdejším rádcem.
Navíc existuje dost méně invazivních utillit a postupů - CF ti taky může zrušit systém a často je po jeho použití ještě potřebný script na dočištění.
-----------------------------------------------------

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)
-----------------------------------------------------

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
spustit "Nástroje" > "Obnova systému" - 1.řádek zachovej, ostatní "Odstranit"
spustit "Nástroje" > "Start" - tady můžeš zkusit deaktivovat procesy, které při spuštění nepotřebuješ (pokud by ti potom něco nechodilo, stejným způsobem je povolíš)
Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Jaké jsou ještě problémy:

aslex · #14 Příspěvek od **aslex** » 19 zář 2010 21:32

co ja vim

nechtel se mi rozjed CF po reinstalu windows stvalo me to

aslex · #15 Příspěvek od **aslex** » 19 zář 2010 21:35

jojo ccleaner pouzivam uz dlouho jinak dalsi zadne problemy nejsou diky

)

VIRY.CZ

kontrola logu prosim

kontrola logu prosim

Re: kontrola logu prosim

Re: kontrola logu prosim

Re: kontrola logu prosim

Re: kontrola logu prosim

Re: kontrola logu prosim

Re: kontrola logu prosim

Re: kontrola logu prosim

Re: kontrola logu prosim

Re: kontrola logu prosim

Re: kontrola logu prosim

Re: kontrola logu prosim