fraudpack.kva.39 - sshnas21.dll

[kotelna15]

Ahoj.
Mám antivir Avira a ten mi dnes nahlásil vir v názvu tématu umístěný v system32. Tak jsem dal přesun do karantény a tak bych se chtěl poradit co bych stím měl dělat? NTB jsem od uzamčení viru do karantény nerestartoval.
Děkuji za pomoc.
Přikládám Vám zde log z RSIT - HJT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-10-05 22:38:18
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (34%) free of 68 GB
Total RAM: 991 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:38:27, on 5.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/skins7/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Hard Disk Sentinel] "C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe

--
End of file - 8166 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AWC Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1326574676-1417001333-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1326574676-1417001333-500UA.job
C:\WINDOWS\tasks\SmartDefrag.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-22 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-04-13 1018616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-10-14 110592]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2007-01-16 843776]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-09-01 421160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Hard Disk Sentinel"=C:\Program Files\Hard Disk Sentinel\HDSentinel.exe [2010-09-11 3850752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-09-06 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-07-04 161064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-04 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\Administrator\Plocha\Hack WI-FI\aircrack-ng-1.1-win\bin\buddy-ng.exe"="C:\Documents and Settings\Administrator\Plocha\Hack WI-FI\aircrack-ng-1.1-win\bin\buddy-ng.exe:*:Enabled:buddy-ng"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Administrator\Plocha\uConfig.exe"="C:\Documents and Settings\Administrator\Plocha\uConfig.exe:*:Enabled:uConfig"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-10-05 22:38:19 ----D---- C:\Program Files\trend micro
2010-10-05 22:38:18 ----D---- C:\rsit
2010-10-05 07:41:09 ----A---- C:\wepkeys.txt
2010-10-03 23:30:53 ----D---- C:\Documents and Settings\Administrator\Data aplikací\HD Tune Pro
2010-10-03 23:29:27 ----D---- C:\Program Files\Xenocode
2010-10-03 23:28:48 ----D---- C:\Program Files\HD Tune Pro
2010-10-03 23:25:37 ----A---- C:\WINDOWS\Ipytia.exe
2010-09-30 22:53:39 ----D---- C:\WINDOWS\Acronis
2010-09-29 18:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-28 22:09:23 ----D---- C:\Program Files\FlatOut2
2010-09-26 10:05:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Acronis
2010-09-25 18:58:36 ----A---- C:\WINDOWS\system32\drivers\snapman.sys
2010-09-25 18:57:52 ----D---- C:\Program Files\Acronis
2010-09-25 18:57:48 ----D---- C:\Program Files\Common Files\Acronis
2010-09-15 22:32:08 ----D---- C:\WINDOWS\Performance
2010-09-15 22:31:41 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2010-09-15 18:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2124261$
2010-09-15 18:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-15 18:13:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-15 18:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-15 18:12:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-15 18:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-15 18:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2290570$
2010-09-15 18:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 18:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-11 19:44:08 ----D---- C:\Program Files\Hard Disk Sentinel
2010-09-10 12:24:08 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$

======List of files/folders modified in the last 1 months======

2010-10-05 22:38:28 ----D---- C:\WINDOWS\Prefetch
2010-10-05 22:38:19 ----RD---- C:\Program Files
2010-10-05 22:20:25 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2010-10-05 22:18:33 ----D---- C:\WINDOWS\Temp
2010-10-05 22:18:24 ----D---- C:\WINDOWS\system32\NtmsData
2010-10-05 22:18:08 ----AD---- C:\WINDOWS\system32
2010-10-05 22:17:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-05 22:17:08 ----D---- C:\WINDOWS\system32\inetsrv
2010-10-05 07:42:10 ----SD---- C:\WINDOWS\Tasks
2010-10-04 19:48:21 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2010-10-03 23:30:06 ----SHD---- C:\System Volume Information
2010-10-03 23:29:53 ----D---- C:\WINDOWS\Registration
2010-10-03 23:25:37 ----D---- C:\WINDOWS
2010-10-03 22:50:47 ----A---- C:\WINDOWS\NeroDigital.ini
2010-10-03 17:28:15 ----A---- C:\moduleName.txt
2010-10-03 11:35:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-01 18:35:41 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-01 18:35:30 ----RSD---- C:\WINDOWS\assembly
2010-10-01 18:10:38 ----SHD---- C:\WINDOWS\Installer
2010-10-01 18:06:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-01 18:03:44 ----D---- C:\WINDOWS\WinSxS
2010-09-29 23:19:33 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2010-09-29 18:00:28 ----HD---- C:\WINDOWS\inf
2010-09-29 16:00:30 ----D---- C:\Documents and Settings\Administrator\Data aplikací\skypePM
2010-09-28 22:45:14 ----D---- C:\WINDOWS\system32\DirectX
2010-09-27 14:10:07 ----D---- C:\Documents and Settings\Administrator\Data aplikací\dvdcss
2010-09-27 13:00:47 ----D---- C:\Program Files\uTorrent
2010-09-25 18:58:43 ----D---- C:\WINDOWS\system32\drivers
2010-09-25 18:57:48 ----D---- C:\Program Files\Common Files
2010-09-24 21:02:08 ----SHD---- C:\WINDOWS\CSC
2010-09-23 23:39:49 ----A---- C:\LOGFILE.TXT
2010-09-17 21:30:34 ----D---- C:\Program Files\Mozilla Firefox
2010-09-15 22:25:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-09-15 18:14:23 ----A---- C:\WINDOWS\imsins.BAK
2010-09-15 18:14:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-15 18:13:26 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-15 18:03:45 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-07 22:44:24 ----D---- C:\Documents and Settings\Administrator\Data aplikací\IObit
2010-09-07 22:44:23 ----D---- C:\Program Files\IObit

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 risdptsk;risdptsk; C:\WINDOWS\system32\DRIVERS\risdptsk.sys [2005-07-14 27904]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-09-25 170080]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-07-22 691696]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys []
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\ATK0100\ASNDIS5.SYS []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-04 2304000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-28 5760]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7; C:\WINDOWS\system32\DRIVERS\ts_athw.sys [2010-03-02 1605864]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-07-17 494080]
S3 aylp8nhr;aylp8nhr; C:\WINDOWS\system32\drivers\aylp8nhr.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CV2K1;CommView Network Monitor; C:\WINDOWS\system32\DRIVERS\cv2k1.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-09-25 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2007-09-25 20520]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 RT61;Hawking HWPG1 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 wlags48d;Agere Wireless PCCard Service; C:\WINDOWS\system32\DRIVERS\wlags48d.sys [2003-09-22 154624]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-07-22 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-04 483328]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-04-13 246520]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-22 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2006-12-28 123248]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-07-07 2156952]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 820008]
S2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-07-04 779560]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-07-04 267560]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny den preji

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[kotelna15]

Ahoj.
Tady je log:

ComboFix 10-10-05.06 - Administrator 06.10.2010 22:17:45.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.991.634 [GMT 3:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Cache
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-06 do 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-05 19:38 . 2010-10-05 19:38 -------- d-----w- c:\program files\trend micro
2010-10-05 19:38 . 2010-10-05 19:38 -------- d-----w- C:\rsit
2010-10-03 20:29 . 2010-10-03 20:29 -------- d-----w- c:\program files\Xenocode
2010-10-03 20:28 . 2010-10-03 20:28 -------- d-----w- c:\program files\HD Tune Pro
2010-10-03 20:25 . 2010-10-03 20:25 201728 ----a-w- c:\windows\Ipytia.exe
2010-09-30 19:53 . 2010-09-30 21:01 -------- d-----w- c:\windows\Acronis
2010-09-28 19:09 . 2010-09-28 19:39 -------- d-----w- c:\program files\FlatOut2
2010-09-25 15:58 . 2010-09-25 15:58 170080 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-09-25 15:57 . 2010-09-25 15:57 -------- d-----w- c:\program files\Acronis
2010-09-25 15:57 . 2010-09-25 15:58 -------- d-----w- c:\program files\Common Files\Acronis
2010-09-18 14:56 . 2010-06-29 21:13 52224 ----a-w- c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-09-18 14:56 . 2010-06-29 21:13 101376 ----a-w- c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-09-15 19:32 . 2010-09-15 19:32 -------- d-----w- c:\windows\Performance
2010-09-15 19:31 . 2010-09-15 19:31 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-09-11 16:44 . 2010-10-06 11:53 -------- d-----w- c:\program files\Hard Disk Sentinel

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 20:45 . 2010-07-22 20:39 1 ----a-w- c:\documents and settings\Administrator\Data aplikací\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-10-01 15:06 . 2001-10-25 14:00 94564 ----a-w- c:\windows\system32\perfc005.dat
2010-10-01 15:06 . 2001-10-25 14:00 483846 ----a-w- c:\windows\system32\perfh005.dat
2010-09-27 10:00 . 2010-07-22 20:24 -------- d-----w- c:\program files\uTorrent
2010-09-10 09:24 . 2010-09-10 09:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2010-09-10 09:24 . 2010-09-10 09:24 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-09-07 19:44 . 2010-07-29 20:03 -------- d-----w- c:\program files\IObit
2010-09-05 09:19 . 2010-08-21 20:00 -------- d-----w- c:\program files\Safari
2010-09-05 09:18 . 2010-09-05 09:18 72488 ----a-w- c:\documents and settings\All Users\Data aplikací\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-09-05 09:18 . 2010-09-05 09:16 -------- d-----w- c:\program files\iTunes
2010-09-05 09:16 . 2010-09-05 09:16 -------- d-----w- c:\program files\iPod
2010-09-05 09:16 . 2010-08-17 18:55 -------- d-----w- c:\program files\Common Files\Apple
2010-09-05 09:13 . 2010-09-05 09:12 -------- d-----w- c:\program files\QuickTime
2010-09-05 09:09 . 2010-09-05 09:09 -------- d-----w- c:\program files\Bonjour
2010-09-05 09:07 . 2010-09-05 09:07 73000 ----a-w- c:\documents and settings\All Users\Data aplikací\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-25 09:49 . 2010-07-22 16:23 -------- d-----w- c:\program files\ICQ7.2
2010-08-25 09:06 . 2010-08-25 09:06 17020 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-20 18:37 . 2010-08-02 08:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-17 18:56 . 2010-08-17 18:56 -------- d-----w- c:\program files\Apple Software Update
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 08:59 . 2010-07-29 08:59 299008 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\TrnWord.dll
2010-07-29 08:59 . 2010-07-29 08:59 798771 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
2010-07-29 08:59 . 2010-07-29 08:59 356352 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOutl.dll
2010-07-28 21:49 . 2010-07-22 12:23 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-28 21:49 . 2010-07-22 12:23 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-07-28 21:45 . 2010-07-22 12:23 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-07-27 15:44 . 2010-07-27 15:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 15:44 . 2010-07-27 15:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 16:03 . 2010-07-22 16:03 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-22 16:00 . 2010-07-22 16:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-22 15:50 . 2010-07-22 15:50 737280 ----a-w- c:\windows\iun6002.exe
2010-07-22 15:46 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 14:02 . 2010-07-22 14:02 0 ----a-w- c:\windows\nsreg.dat
2010-07-22 13:35 . 2010-07-22 13:35 503808 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6c19f930-n\msvcp71.dll
2010-07-22 13:35 . 2010-07-22 13:35 499712 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6c19f930-n\jmc.dll
2010-07-22 13:35 . 2010-07-22 13:35 348160 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6c19f930-n\msvcr71.dll
2010-07-22 13:35 . 2010-07-22 13:35 61440 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7fcc0a27-n\decora-sse.dll
2010-07-22 13:35 . 2010-07-22 13:35 12800 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7fcc0a27-n\decora-d3d.dll
2010-07-22 13:34 . 2010-07-22 13:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{2D50DC1F-FCEC-D970-1DFB-E73CF2404451}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{97F5E039-D2F5-18C0-F0C9-6981F73514CC}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{5B464CAC-76BD-BDBB-8066-318D05D171DF}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{2C6D0ACD-DD2B-BFE5-A005-53AFD4AA3175}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{84C89CF4-F64E-6820-375C-24963DDF99C9}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{0AD37499-3D5D-12F0-EBEA-46EE9AD02DBF}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{4B50D80D-A482-DECD-B584-EB054EBA878A}\ARPPRODUCTICON.exe
2010-07-22 12:20 . 2010-07-22 12:20 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.

------- Sigcheck -------

[-] 2009-08-31 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-09-06 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-01-16 843776]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2010-09-11 3850752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-07-04 12:20 161064 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Hack WI-FI\\aircrack-ng-1.1-win\\bin\\buddy-ng.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\uConfig.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22.7.2010 21:05 135336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [22.7.2010 19:32 246520]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [7.7.2010 16:17 2156952]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\drivers\ts_athw.sys [1.8.2010 17:30 1605864]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys --> c:\windows\system32\DRIVERS\cv2k1.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [23.7.2010 22:04 13352]
S3 wlags48d;Agere Wireless PCCard Service;c:\windows\system32\drivers\wlags48d.sys [31.7.2010 15:13 154624]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.7.2010 19:00 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-10-04 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-07-29 08:08]

2010-09-27 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-09-07 15:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/skins7/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=
FF - component: c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-839522115-1326574676-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,bd,66,19,ae,57,87,40,87,22,c4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,bd,66,19,ae,57,87,40,87,22,c4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2564)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-10-06 22:28:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-06 19:28

Před spuštěním: Volných bajtů: 24 394 420 224
Po spuštění: Volných bajtů: 24 616 468 480

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 9E0B96D461C5C719D84E6A85F9DCD6CF

[vyosek]

Co je prosim tohle "c:\\Documents and Settings\\Administrator\\Plocha\\Hack WI-FI\\aircrack-ng-1.1-win\\bin\\buddy-ng.exe"=

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Folder::
  C:\Program Files\ICQ6Toolbar
  
  Driver::
  ICQ Service
  
  File::
  C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1326574676-1417001333-500Core.job
  C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1326574676-1417001333-500UA.job
  C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
  C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Google Update"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  "iTunesHelper"=-
  "Adobe Reader Speed Launcher"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
  
  DDS::
  uStart Page = hxxp://start.icq.com/skins7/
  
  FireFox::
  FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.2&q=
  
  RegLock::
  [HKEY_USERS\S-1-5-21-839522115-1326574676-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[kotelna15]

Co je to za program to nevím ale je to součástí balíku na unpacking paket z mé WI-FI sítě.
Přikládám log:

ComboFix 10-10-05.06 - Administrator 06.10.2010 22:50:51.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.991.477 [GMT 3:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
"c:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1326574676-1417001333-500Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1326574676-1417001333-500UA.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-06 do 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-05 19:38 . 2010-10-05 19:38 -------- d-----w- c:\program files\trend micro
2010-10-05 19:38 . 2010-10-05 19:38 -------- d-----w- C:\rsit
2010-10-03 20:29 . 2010-10-03 20:29 -------- d-----w- c:\program files\Xenocode
2010-10-03 20:28 . 2010-10-03 20:28 -------- d-----w- c:\program files\HD Tune Pro
2010-10-03 20:25 . 2010-10-03 20:25 201728 ----a-w- c:\windows\Ipytia.exe
2010-09-30 19:53 . 2010-09-30 21:01 -------- d-----w- c:\windows\Acronis
2010-09-28 19:09 . 2010-09-28 19:39 -------- d-----w- c:\program files\FlatOut2
2010-09-25 15:58 . 2010-09-25 15:58 170080 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-09-25 15:57 . 2010-09-25 15:57 -------- d-----w- c:\program files\Acronis
2010-09-25 15:57 . 2010-09-25 15:58 -------- d-----w- c:\program files\Common Files\Acronis
2010-09-18 14:56 . 2010-06-29 21:13 52224 ----a-w- c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-09-18 14:56 . 2010-06-29 21:13 101376 ----a-w- c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-09-15 19:32 . 2010-09-15 19:32 -------- d-----w- c:\windows\Performance
2010-09-15 19:31 . 2010-09-15 19:31 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-09-11 16:44 . 2010-10-06 11:53 -------- d-----w- c:\program files\Hard Disk Sentinel

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 20:45 . 2010-07-22 20:39 1 ----a-w- c:\documents and settings\Administrator\Data aplikací\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-10-01 15:06 . 2001-10-25 14:00 94564 ----a-w- c:\windows\system32\perfc005.dat
2010-10-01 15:06 . 2001-10-25 14:00 483846 ----a-w- c:\windows\system32\perfh005.dat
2010-09-27 10:00 . 2010-07-22 20:24 -------- d-----w- c:\program files\uTorrent
2010-09-10 09:24 . 2010-09-10 09:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2010-09-10 09:24 . 2010-09-10 09:24 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-09-07 19:44 . 2010-07-29 20:03 -------- d-----w- c:\program files\IObit
2010-09-05 09:19 . 2010-08-21 20:00 -------- d-----w- c:\program files\Safari
2010-09-05 09:18 . 2010-09-05 09:18 72488 ----a-w- c:\documents and settings\All Users\Data aplikací\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-09-05 09:18 . 2010-09-05 09:16 -------- d-----w- c:\program files\iTunes
2010-09-05 09:16 . 2010-09-05 09:16 -------- d-----w- c:\program files\iPod
2010-09-05 09:16 . 2010-08-17 18:55 -------- d-----w- c:\program files\Common Files\Apple
2010-09-05 09:13 . 2010-09-05 09:12 -------- d-----w- c:\program files\QuickTime
2010-09-05 09:09 . 2010-09-05 09:09 -------- d-----w- c:\program files\Bonjour
2010-09-05 09:07 . 2010-09-05 09:07 73000 ----a-w- c:\documents and settings\All Users\Data aplikací\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-25 09:49 . 2010-07-22 16:23 -------- d-----w- c:\program files\ICQ7.2
2010-08-25 09:06 . 2010-08-25 09:06 17020 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-20 18:37 . 2010-08-02 08:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-17 18:56 . 2010-08-17 18:56 -------- d-----w- c:\program files\Apple Software Update
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 08:59 . 2010-07-29 08:59 299008 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\TrnWord.dll
2010-07-29 08:59 . 2010-07-29 08:59 798771 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
2010-07-29 08:59 . 2010-07-29 08:59 356352 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOutl.dll
2010-07-28 21:49 . 2010-07-22 12:23 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-28 21:49 . 2010-07-22 12:23 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-07-28 21:45 . 2010-07-22 12:23 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-07-27 15:44 . 2010-07-27 15:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 15:44 . 2010-07-27 15:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 16:03 . 2010-07-22 16:03 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-22 16:00 . 2010-07-22 16:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-22 15:50 . 2010-07-22 15:50 737280 ----a-w- c:\windows\iun6002.exe
2010-07-22 15:46 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 14:02 . 2010-07-22 14:02 0 ----a-w- c:\windows\nsreg.dat
2010-07-22 13:35 . 2010-07-22 13:35 503808 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6c19f930-n\msvcp71.dll
2010-07-22 13:35 . 2010-07-22 13:35 499712 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6c19f930-n\jmc.dll
2010-07-22 13:35 . 2010-07-22 13:35 348160 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6c19f930-n\msvcr71.dll
2010-07-22 13:35 . 2010-07-22 13:35 61440 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7fcc0a27-n\decora-sse.dll
2010-07-22 13:35 . 2010-07-22 13:35 12800 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7fcc0a27-n\decora-d3d.dll
2010-07-22 13:34 . 2010-07-22 13:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{2D50DC1F-FCEC-D970-1DFB-E73CF2404451}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{97F5E039-D2F5-18C0-F0C9-6981F73514CC}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{5B464CAC-76BD-BDBB-8066-318D05D171DF}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{2C6D0ACD-DD2B-BFE5-A005-53AFD4AA3175}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{84C89CF4-F64E-6820-375C-24963DDF99C9}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{0AD37499-3D5D-12F0-EBEA-46EE9AD02DBF}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{4B50D80D-A482-DECD-B584-EB054EBA878A}\ARPPRODUCTICON.exe
2010-07-22 12:20 . 2010-07-22 12:20 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.

------- Sigcheck -------

[-] 2009-08-31 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-10-06_19.23.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-06 19:57 . 2010-10-06 19:57 16384 c:\windows\Temp\Perflib_Perfdata_228.dat
+ 2010-07-22 12:19 . 2010-10-06 19:57 211845 c:\windows\system32\inetsrv\MetaBase.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-01-16 843776]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2010-09-11 3850752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Hack WI-FI\\aircrack-ng-1.1-win\\bin\\buddy-ng.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\uConfig.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22.7.2010 21:05 135336]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [7.7.2010 16:17 2156952]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\drivers\ts_athw.sys [1.8.2010 17:30 1605864]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys --> c:\windows\system32\DRIVERS\cv2k1.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [23.7.2010 22:04 13352]
S3 wlags48d;Agere Wireless PCCard Service;c:\windows\system32\drivers\wlags48d.sys [31.7.2010 15:13 154624]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.7.2010 19:00 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe


.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2180)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\ACEngSvr.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-10-06 23:01:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-06 20:01
ComboFix2.txt 2010-10-06 19:28

Před spuštěním: Volných bajtů: 24 625 393 664
Po spuštění: Volných bajtů: 24 611 954 688

- - End Of File - - 8256DB9585DD647D27C9DE6FB8936C2D

[vyosek]

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• c:\windows\system32\sfcfiles.dll
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
• Kliknete na Otestovat soubor
• Vysledek analyzy sem vlozte (jako odkaz)

Co je prosim tohle "c:\\Documents and Settings\\Administrator\\Plocha\\Hack WI-FI\\aircrack-ng-1.1-win\\bin\\buddy-ng.exe"=

Jak se chova PC

[kotelna15]

Tak test proběhl úspěšně.
http://www.virustotal.com/file-scan/rep ... 1286399922
Jinak na Vaši otázku ohledně toho programu jsem Vám již psal že nevím co je to zač jen vím že je to součástí programu na monitoring WI-FI.
Jinak při hledání toho souboru na otestování mi Avira začala hláásit vir ve Windows, přiložím pbrázek.

[kotelna15]

Obrázek hlášení.

[vyosek]

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[kotelna15]

Tak sken proveden.
Jinak mi MBAM nenašel ten vir ve windows na který jsem Vám posílal obrázek.
Zde přikládám výpis z MBAM:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4759

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7.10.2010 0:28:04
mbam-log-2010-10-07 (00-28-04).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 185262
Uplynulý čas: 54 minuta(y), 11 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\JCFSE7V7Z1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Xenocode\Sandbox\1.0.0.0\2010.05.27T15.45\Virtual\STUBEXE\8.0.1112\@PROFILE@\Local Settings\Temp\Rar$EX06.265\khota.exe (Backdoor.Bifrose) -> No action taken.
C:\Documents and Settings\Administrator\Plocha\For mobile\FAR+JDF\Plugins\jdflasher\2020_52\qamaker.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\chrtmp (Malware.Trace) -> No action taken.

[vyosek]

Vse co nasel MBAM smazte

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• c:\windows\lpytia.exe
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
• Kliknete na Otestovat soubor
• Vysledek analyzy sem vlozte (jako odkaz)

[kotelna15]

Vše provedeno. Virustotal hlásí 30/43.
http://www.virustotal.com/file-scan/rep ... 1286429357

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Collect::
  c:\windows\lpytia.exe

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[kotelna15]

Provedeno.
Přikládám log:

ComboFix 10-10-06.02 - Administrator 07.10.2010 14:54:45.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.991.534 [GMT 3:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\hcdby.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kcnbiies


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-07 do 2010-10-07 )))))))))))))))))))))))))))))))
.

2010-10-06 20:32 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-06 20:32 . 2010-10-06 20:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-06 20:32 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-05 19:38 . 2010-10-05 19:38 -------- d-----w- c:\program files\trend micro
2010-10-05 19:38 . 2010-10-05 19:38 -------- d-----w- C:\rsit
2010-10-03 20:29 . 2010-10-03 20:29 -------- d-----w- c:\program files\Xenocode
2010-10-03 20:28 . 2010-10-03 20:28 -------- d-----w- c:\program files\HD Tune Pro
2010-10-03 20:25 . 2010-10-03 20:25 201728 ----a-w- c:\windows\Ipytia.exe
2010-09-30 19:53 . 2010-09-30 21:01 -------- d-----w- c:\windows\Acronis
2010-09-28 19:09 . 2010-09-28 19:39 -------- d-----w- c:\program files\FlatOut2
2010-09-25 15:58 . 2010-09-25 15:58 170080 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-09-25 15:57 . 2010-09-25 15:57 -------- d-----w- c:\program files\Acronis
2010-09-25 15:57 . 2010-09-25 15:58 -------- d-----w- c:\program files\Common Files\Acronis
2010-09-18 14:56 . 2010-06-29 21:13 52224 ----a-w- c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-09-18 14:56 . 2010-06-29 21:13 101376 ----a-w- c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-09-15 19:32 . 2010-09-15 19:32 -------- d-----w- c:\windows\Performance
2010-09-15 19:31 . 2010-09-15 19:31 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-09-11 16:44 . 2010-10-06 11:53 -------- d-----w- c:\program files\Hard Disk Sentinel

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 20:45 . 2010-07-22 20:39 1 ----a-w- c:\documents and settings\Administrator\Data aplikací\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-10-01 15:06 . 2001-10-25 14:00 94564 ----a-w- c:\windows\system32\perfc005.dat
2010-10-01 15:06 . 2001-10-25 14:00 483846 ----a-w- c:\windows\system32\perfh005.dat
2010-09-27 10:00 . 2010-07-22 20:24 -------- d-----w- c:\program files\uTorrent
2010-09-10 09:24 . 2010-09-10 09:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2010-09-10 09:24 . 2010-09-10 09:24 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-09-07 19:44 . 2010-07-29 20:03 -------- d-----w- c:\program files\IObit
2010-09-05 09:19 . 2010-08-21 20:00 -------- d-----w- c:\program files\Safari
2010-09-05 09:18 . 2010-09-05 09:18 72488 ----a-w- c:\documents and settings\All Users\Data aplikací\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-09-05 09:18 . 2010-09-05 09:16 -------- d-----w- c:\program files\iTunes
2010-09-05 09:16 . 2010-09-05 09:16 -------- d-----w- c:\program files\iPod
2010-09-05 09:16 . 2010-08-17 18:55 -------- d-----w- c:\program files\Common Files\Apple
2010-09-05 09:13 . 2010-09-05 09:12 -------- d-----w- c:\program files\QuickTime
2010-09-05 09:09 . 2010-09-05 09:09 -------- d-----w- c:\program files\Bonjour
2010-09-05 09:07 . 2010-09-05 09:07 73000 ----a-w- c:\documents and settings\All Users\Data aplikací\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-25 09:49 . 2010-07-22 16:23 -------- d-----w- c:\program files\ICQ7.2
2010-08-25 09:06 . 2010-08-25 09:06 17020 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-20 18:37 . 2010-08-02 08:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-17 18:56 . 2010-08-17 18:56 -------- d-----w- c:\program files\Apple Software Update
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 08:59 . 2010-07-29 08:59 299008 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\TrnWord.dll
2010-07-29 08:59 . 2010-07-29 08:59 798771 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
2010-07-29 08:59 . 2010-07-29 08:59 356352 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOutl.dll
2010-07-28 21:49 . 2010-07-22 12:23 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-28 21:49 . 2010-07-22 12:23 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-07-28 21:45 . 2010-07-22 12:23 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-07-27 15:44 . 2010-07-27 15:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 15:44 . 2010-07-27 15:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 16:03 . 2010-07-22 16:03 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-22 16:00 . 2010-07-22 16:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-22 15:50 . 2010-07-22 15:50 737280 ----a-w- c:\windows\iun6002.exe
2010-07-22 15:46 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 14:02 . 2010-07-22 14:02 0 ----a-w- c:\windows\nsreg.dat
2010-07-22 13:35 . 2010-07-22 13:35 503808 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6c19f930-n\msvcp71.dll
2010-07-22 13:35 . 2010-07-22 13:35 499712 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6c19f930-n\jmc.dll
2010-07-22 13:35 . 2010-07-22 13:35 348160 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6c19f930-n\msvcr71.dll
2010-07-22 13:35 . 2010-07-22 13:35 61440 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7fcc0a27-n\decora-sse.dll
2010-07-22 13:35 . 2010-07-22 13:35 12800 ----a-w- c:\documents and settings\Administrator\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7fcc0a27-n\decora-d3d.dll
2010-07-22 13:34 . 2010-07-22 13:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{2D50DC1F-FCEC-D970-1DFB-E73CF2404451}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{97F5E039-D2F5-18C0-F0C9-6981F73514CC}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{5B464CAC-76BD-BDBB-8066-318D05D171DF}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{2C6D0ACD-DD2B-BFE5-A005-53AFD4AA3175}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{84C89CF4-F64E-6820-375C-24963DDF99C9}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{0AD37499-3D5D-12F0-EBEA-46EE9AD02DBF}\ARPPRODUCTICON.exe
2010-07-22 13:17 . 2010-07-22 13:17 10134 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{4B50D80D-A482-DECD-B584-EB054EBA878A}\ARPPRODUCTICON.exe
2010-07-22 12:20 . 2010-07-22 12:20 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.

------- Sigcheck -------

[-] 2009-08-31 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-10-06_19.23.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-07 12:00 . 2010-10-07 12:00 16384 c:\windows\temp\Perflib_Perfdata_434.dat
+ 2010-07-22 12:19 . 2010-10-07 12:01 211844 c:\windows\system32\inetsrv\MetaBase.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-01-16 843776]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2010-09-11 3850752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Hack WI-FI\\aircrack-ng-1.1-win\\bin\\buddy-ng.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\uConfig.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22.7.2010 21:05 135336]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [7.7.2010 16:17 2156952]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\drivers\ts_athw.sys [1.8.2010 17:30 1605864]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys --> c:\windows\system32\DRIVERS\cv2k1.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [23.7.2010 22:04 13352]
S3 wlags48d;Agere Wireless PCCard Service;c:\windows\system32\drivers\wlags48d.sys [31.7.2010 15:13 154624]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.7.2010 19:00 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=
FF - component: c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\g7hxvhnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\ACEngSvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-10-07 15:04:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-07 12:04
ComboFix2.txt 2010-10-06 20:01
ComboFix3.txt 2010-10-06 19:28

Před spuštěním: Volných bajtů: 24 889 278 464
Po spuštění: Volných bajtů: 24 876 888 064

- - End Of File - - 4E1D14217FF8EDB8C5C304D75B31CCAA

[vyosek]

CFko ten soubor nenaslo Nesmazla ho avira ci Vy

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :filefind
  *lpytia*.exe

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte