Rozesílání spamů

Zpráva

brkys · #1 Příspěvek od **brkys** » 23 říj 2010 09:42

Ahoj, můžete mi poradit, vypadá to, že rozesílám spamy. Díky

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kaska at 2010-10-23 10:39:54
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 57 GB (30%) free of 188 GB
Total RAM: 3071 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:40:07, on 23.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\Program Files\AVG\AVG10\AVGCHSVX.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\Avg10 Admin\Server\avgadmsv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Transoft Solutions\License Server\TransoftLS.exe
C:\Program Files\WinRoute Pro\winroute.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\Avg10 Admin\Server\AvgAdminServerMonitor.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinRoute Pro\WrCtrl.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\AVG\AVG10\AVGRSX.EXE
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Amic Utilities\Privacy Guard\PrivacyGuard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kaska\Local Settings\Temporary Internet Files\Content.IE5\S0BK53YQ\RSIT[1].exe
C:\Program Files\trend micro\Kaska.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AvgAdminServerMonitor] "C:\Program Files\AVG\Avg10 Admin\Server\AvgAdminServerMonitor.exe" /startup
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WrCtrl] C:\Program Files\WinRoute Pro\WrCtrl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.autocont.cz
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0914300968
O17 - HKLM\System\CCS\Services\Tcpip\..\{9438DA68-F842-4A95-86CE-C8AAB8256B7D}: NameServer = 192.168.100.4,62.40.88.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC082766-BFFA-4CE1-91FF-23B031F3B326}: NameServer = 194.228.41.65,194.228.41.113
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Admin Server (AvgAdminServer) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Avg10 Admin\Server\avgadmsv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\WINDOWS\system32\hasplms.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Transoft Solutions License Server V1.4 - Unknown owner - C:\Program Files\Transoft Solutions\License Server\TransoftLS.exe
O23 - Service: WinRoute Pro 4.2 (WinRoute) - Unknown owner - C:\Program Files\WinRoute Pro\winroute.exe

--
End of file - 9960 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\Final Media Player Update Checker.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-10-08 2916704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-10-06 2475336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-10-06 2475336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-05-25 14477312]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-06-16 282624]
"AvgAdminServerMonitor"=C:\Program Files\AVG\Avg10 Admin\Server\AvgAdminServerMonitor.exe [2010-09-20 505184]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-09-15 2745696]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2010-05-31 63048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WrCtrl"=C:\Program Files\WinRoute Pro\WrCtrl.exe [2001-11-06 53248]

C:\Documents and Settings\Kaska\Nabídka Start\Programy\Po spuštění
Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2010-09-27 87424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\AVG8\Admin\Server\avgadmsv.exe"="C:\AVG8\Admin\Server\avgadmsv.exe:*:Enabled:AVG8AdminServer.exe"
"C:\WINDOWS\avgagent.exe"="C:\WINDOWS\avgagent.exe:*:Enabled:avgagent.exe"
"C:\Documents and Settings\Kaska\Plocha\bulanci.exe"="C:\Documents and Settings\Kaska\Plocha\bulanci.exe:*:Enabled:bulanci"
"C:\WINDOWS\System32\dplaysvr.exe"="C:\WINDOWS\System32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\Program Files\Bentley\Program\MicroStation\ustation.exe"="C:\Program Files\Bentley\Program\MicroStation\ustation.exe:*:Enabled:MicroStation for Windows x86"
"C:\Data\Zábava\CD\Neznámé album (4.3.2006 23-22-59)\BitLord\BitLord.exe"="C:\Data\Zábava\CD\Neznámé album (4.3.2006 23-22-59)\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Data\Zábava\CD\Neznámé album (4.3.2006 23-22-59)\StrongDC.exe"="C:\Data\Zábava\CD\Neznámé album (4.3.2006 23-22-59)\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Data\Zábava\CD\Neznámé album (4.3.2006 23-22-59)\Downloads\BitLord\BitLord.exe"="C:\Data\Zábava\CD\Neznámé album (4.3.2006 23-22-59)\Downloads\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\BitLord2\BitLord.exe"="C:\Program Files\BitLord2\BitLord.exe:*:Enabled:Bitlord2"
"C:\Data\Zábava\CD\BitLord\BitLord.exe"="C:\Data\Zábava\CD\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Netscape\Navigator 9\navigator.exe"="C:\Program Files\Netscape\Navigator 9\navigator.exe:*:Disabled:Navigator"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\AVG\Avg10 Admin\Common\avgdiagex.exe"="C:\Program Files\AVG\Avg10 Admin\Common\avgdiagex.exe:*:Enabled:AVG Diagnostika 2011"
"C:\Program Files\AVG\Avg10 Admin\Console\AvgAdminConsole.exe"="C:\Program Files\AVG\Avg10 Admin\Console\AvgAdminConsole.exe:*:Enabled:Avg Admin Console"
"C:\Program Files\AVG\Avg10 Admin\Console\AvgNetworkInstaller.exe"="C:\Program Files\AVG\Avg10 Admin\Console\AvgNetworkInstaller.exe:*:Enabled:Avg Network Installer"
"C:\Program Files\AVG\Avg10 Admin\Server\AvgAdminServerMonitor.exe"="C:\Program Files\AVG\Avg10 Admin\Server\AvgAdminServerMonitor.exe:*:Enabled:Avg Server Monitor"
"C:\Program Files\AVG\Avg10 Admin\Server\AvgAdminServerWizard.exe"="C:\Program Files\AVG\Avg10 Admin\Server\AvgAdminServerWizard.exe:*:Enabled:Avg Server Deployment Wizard"
"C:\Program Files\AVG\Avg10 Admin\Server\avgadmsv.exe"="C:\Program Files\AVG\Avg10 Admin\Server\avgadmsv.exe:*:Enabled:Avg Admin Server"
"C:\Program Files\AVG\Avg10 Admin\Common\avgmfapx.exe"="C:\Program Files\AVG\Avg10 Admin\Common\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\WinRoute Pro\WINROUTE.EXE"="C:\Program Files\WinRoute Pro\WINROUTE.EXE:*:Enabled:winroute"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe"="C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker"
"C:\Program Files\AVG\AVG10\avgdiagex.exe"="C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostika 2011"
"C:\Program Files\AVG\AVG10\avgnsx.exe"="C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG10\avgam.exe"="C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:Správce událostí AVG"
"C:\Program Files\AVG\AVG10\avgemcx.exe"="C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Obecná kontrola pošty"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-10-22 18:08:21 ----D---- C:\Documents and Settings\Kaska\Data aplikací\Apple Computer
2010-10-14 18:42:57 ----D---- C:\Documents and Settings\Kaska\Data aplikací\FinalMediaPlayer
2010-10-14 18:42:54 ----D---- C:\Program Files\FinalMediaPlayer
2010-10-14 18:42:27 ----D---- C:\Program Files\Free Offers from Freeze.com
2010-10-14 18:42:27 ----D---- C:\Program Files\Common Files\Winferno
2010-10-14 18:42:27 ----A---- C:\WINDOWS\system32\WINUTIL5.DLL
2010-10-14 18:42:27 ----A---- C:\WINDOWS\system32\WINLCTL5.DLL
2010-10-14 18:42:26 ----D---- C:\Program Files\Winferno
2010-10-14 13:09:45 ----D---- C:\_OTL
2010-10-14 11:01:28 ----D---- C:\rsit
2010-10-13 14:53:57 ----HD---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-13 14:53:51 ----HD---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-13 14:53:45 ----HD---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-13 14:53:40 ----HD---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-13 14:53:33 ----HD---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-13 14:53:28 ----HD---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-13 14:52:57 ----HD---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-13 14:49:46 ----HD---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-13 14:48:28 ----HD---- C:\WINDOWS\$NtUninstallKB2360937$
2010-10-07 00:01:14 ----D---- C:\WINDOWS\IIS Temporary Compressed Files
2010-10-07 00:00:55 ----D---- C:\WINDOWS\system32\Cache
2010-10-07 00:00:11 ----D---- C:\Inetpub
2010-10-01 10:11:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
2010-10-01 10:11:01 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2010-10-01 10:11:01 ----A---- C:\WINDOWS\system32\LMIport.dll
2010-10-01 10:11:01 ----A---- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2010-10-01 10:10:57 ----A---- C:\WINDOWS\system32\drivers\lmimirr.sys
2010-10-01 10:10:55 ----A---- C:\WINDOWS\system32\LMIinit.dll
2010-10-01 10:10:46 ----D---- C:\Program Files\LogMeIn
2010-09-29 16:52:18 ----HD---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-29 12:44:57 ----D---- C:\Documents and Settings\Kaska\Data aplikací\AVG10
2010-09-29 12:44:34 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2010-09-29 12:44:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2010-09-29 12:41:05 ----D---- C:\WINDOWS\system32\drivers\AVG
2010-09-29 12:33:55 ----HD---- C:\$AVG
2010-09-29 12:11:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avg10
2010-09-29 12:10:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData

======List of files/folders modified in the last 1 months======

2010-10-23 08:04:18 ----A---- C:\WINDOWS\NeroDigital.ini
2010-10-22 18:45:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-13 14:49:56 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-13 14:49:38 ----A---- C:\WINDOWS\win.ini
2010-10-12 14:12:38 ----A---- C:\WINDOWS\ODBC.INI
2010-10-07 13:13:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2005-03-09 870912]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2005-12-05 20640]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WRDRV;WRDRV; C:\WINDOWS\system32\drivers\wrdrv.sys [2002-10-08 64000]
R2 aksfridge;HASP Fridge; C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2008-03-18 350720]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 26192]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-05-25 3134976]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2010-05-31 10144]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-11-26 224000]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2007-07-05 238976]
S3 akshhl;Aladdin HASP HL Key; C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-07-23 46336]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-07-05 14976]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-03-07 17480]
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\system32\DRIVERS\IPFilter.sys [2002-04-11 11136]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2010-09-02 50704]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 AvgAdminServer;AVG Admin Server; C:\Program Files\AVG\Avg10 Admin\Server\avgadmsv.exe [2010-09-20 5352288]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-09-03 6104144]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-27 374152]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2010-09-27 116104]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2010-05-31 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Transoft Solutions License Server V1.4;Transoft Solutions License Server V1.4; C:\Program Files\Transoft Solutions\License Server\TransoftLS.exe [2006-04-13 307200]
R2 WinRoute;WinRoute Pro 4.2; C:\Program Files\WinRoute Pro\winroute.exe [2002-10-17 532541]
S2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe -run []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-11-19 85096]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-06 517448]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **earl** » 23 říj 2010 11:50

Zdravim,

CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!

Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.

Budte prihlasen na pc s administratorskymi pravy.

V operacnich systemech Windows Vista a Windows 7 je nutno spoustet aplikaci jako spravce (kliknutim pravym tlacitkem mysi na ikonu ComboFixu a klepnutim levym na volbu "Spustit jako spravce")

stahnete a ulozte nejlepe na plochu ComboFix

v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.

hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:

Obrázek

pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120

Obrázek

odklepnout OK

Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

brkys · #3 Příspěvek od **brkys** » 23 říj 2010 13:07

po spuštění Combofix ohlásil AVG malware. Dal jsem možnost povolit, ale po rozběhnutí Combofix počítač zamrznul. Při druhém pokusu jsem dal v AVG možnost přesunout do koše, ale Combofix se nerozběhl. co teď?

#4 Příspěvek od **earl** » 23 říj 2010 15:33

Odinstalujte Privacy Guard pres pridat odebrat programy.

Vycistete pc Ccleanerem.

Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.

Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich

(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo

)

Aplikace-u prohlizecu internetu odskrtnout Historii internetu.

Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy

(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).

Taktez 2x-3x po sobe.

Vidim v logu z RSITu slozku OTL,takze:

Stahnete OTL

spustte, oznacte "Pro vsechny uzivatele,30 dnů zmente na 7,kliknete na Prohledat,

po skonceni skenu sem vlozte obsah logu z OTL.txt.

Stahnete GMER , rozbalte a spustte jako Administrator

probehne sken, po jehoz ukonceni na vas vyskoci vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu

absolvujte druhy sken a opet obsah logu sem.

brkys · #5 Příspěvek od **brkys** » 23 říj 2010 16:32

log z OTL

OTL logfile created on: 23.10.2010 17:27:49 - Run 2
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\Kaska\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 183.29 Gb Total Space | 57.93 Gb Free Space | 31.60% Space Free | Partition Type: FAT32
Drive D: | 76.67 Gb Total Space | 57.10 Gb Free Space | 74.48% Space Free | Partition Type: FAT32
Drive F: | 1.87 Gb Total Space | 1.00 Gb Free Space | 53.38% Space Free | Partition Type: FAT32

Computer Name: SERVER | User Name: Kaska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2010.10.23 17:26:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kaska\Plocha\OTL.exe
PRC - [2010.09.27 14:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010.09.27 14:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010.09.20 19:52:38 | 005,352,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\Avg10 Admin\Server\avgadmsv.exe
PRC - [2010.09.15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010.09.10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010.09.10 01:44:22 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010.09.09 04:46:42 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010.09.07 03:50:58 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010.09.07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010.09.07 03:50:14 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010.09.07 03:50:08 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010.09.03 10:35:52 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010.09.03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010.05.31 11:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010.05.31 11:31:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009.11.16 16:36:20 | 000,172,792 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ6.5\ICQ.exe
PRC - [2008.04.14 05:22:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.11 03:06:00 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2006.04.13 22:36:10 | 000,307,200 | ---- | M] () -- C:\Program Files\Transoft Solutions\License Server\TransoftLS.exe
PRC - [2002.10.17 16:26:36 | 000,532,541 | ---- | M] () -- C:\Program Files\WinRoute Pro\winroute.exe

========== Modules (SafeList) ==========

MOD - [2010.10.23 17:26:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kaska\Plocha\OTL.exe
MOD - [2010.08.23 18:12:34 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\ComboFix\PEV.cfx -- (PEVSystemStart)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2010.10.06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010.09.27 14:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010.09.27 14:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010.09.20 19:52:38 | 005,352,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\Avg10 Admin\Server\avgadmsv.exe -- (AvgAdminServer)
SRV - [2010.09.10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.09.03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010.05.31 11:31:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008.04.14 05:21:54 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2007.11.19 17:25:52 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006.04.13 22:36:10 | 000,307,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Transoft Solutions\License Server\TransoftLS.exe -- (Transoft Solutions License Server V1.4)
SRV - [2002.10.17 16:26:36 | 000,532,541 | ---- | M] () [Auto | Running] -- C:\Program Files\WinRoute Pro\winroute.exe -- (WinRoute)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.09.27 14:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010.09.13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010.09.07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010.09.07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010.09.07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010.09.07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010.09.02 07:15:04 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010.08.19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010.08.19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010.08.19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010.05.31 11:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010.05.31 11:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.02.11 14:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008.04.13 18:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.18 16:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.03.07 12:33:46 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.07.23 15:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2007.07.05 15:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2007.07.05 15:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2005.12.27 14:17:12 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2005.08.04 05:10:16 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.05.25 16:55:58 | 003,134,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.03.09 10:09:18 | 000,870,912 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004.11.26 07:29:00 | 000,224,000 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004.08.13 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002.10.08 09:09:26 | 000,064,000 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wrdrv.sys -- (WRDRV)
DRV - [2002.04.11 11:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001.08.17 20:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.autocont.cz

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.autocont.cz
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010.09.29 12:41:44 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010.09.02 11:45:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll (Capital Intellect Inc)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AvgAdminServerMonitor] C:\Program Files\AVG\Avg10 Admin\Server\AvgAdminServerMonitor.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016..\Run: [WrCtrl] C:\Program Files\WinRoute Pro\WrCtrl.exe ()
O4 - Startup: C:\Documents and Settings\Kaska\Nabídka Start\Programy\Po spuštění\Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-284587905-4065617495-2210005112-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se9602.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 0914300968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Kaska\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kaska\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.05 08:00:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008.03.05 15:25:38 | 000,000,000 | ---D | M] - D:\Autoturn -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2010.10.23 17:27:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kaska\Plocha\OTL.exe
[2010.10.23 17:25:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kaska\Recent
[2010.10.23 14:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaska\Plocha\foto
[2010.10.23 14:03:16 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010.10.23 13:28:33 | 000,000,000 | ---D | C] -- C:\cmdcons
[2010.10.23 13:26:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.10.23 13:26:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.10.23 13:26:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.10.23 13:26:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.10.23 13:26:49 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.10.23 13:26:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.10.22 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaska\Data aplikací\Apple Computer
[2010.10.19 13:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kaska\Plocha\DTMM CB

========== Files - Modified Within 7 Days ==========

[2010.10.23 17:26:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kaska\Plocha\OTL.exe
[2010.10.23 17:26:16 | 000,268,270 | ---- | M] () -- C:\Documents and Settings\Kaska\Dokumenty\cc_20101023_172609.reg
[2010.10.23 14:56:00 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Kaska\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.23 14:03:12 | 003,884,040 | ---- | M] () -- C:\Documents and Settings\Kaska\Plocha\ComboFix.exe
[2010.10.23 13:56:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.23 13:55:32 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2010.10.23 13:55:28 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2010.10.23 13:55:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.23 13:55:20 | 3220,426,752 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.23 09:05:50 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.10.23 08:04:18 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.22 10:03:12 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\AVG 2011.lnk
[2010.10.20 09:01:30 | 000,375,963 | ---- | M] () -- C:\Documents and Settings\Kaska\Plocha\C__Documents and Settings_Kaska_Local Settings_Temporary Internet Files_Content.IE5_XDEIDV9B_vo_milevsko VO (1.pdf
[2010.10.20 08:17:58 | 000,088,116 | ---- | M] () -- C:\Documents and Settings\Kaska\Plocha\C___Data__10-19 Úprava křižovatky Milevsko__Podél Model _(1_).pdf
[2010.10.19 07:29:14 | 000,007,556 | ---- | M] () -- C:\Documents and Settings\Kaska\Dokumenty\cc_20101019_072909.reg
[2010.10.19 07:28:52 | 000,339,132 | ---- | M] () -- C:\Documents and Settings\Kaska\Dokumenty\cc_20101019_072845.reg
[2010.10.18 16:09:40 | 000,007,466 | ---- | M] () -- C:\Documents and Settings\Kaska\Dokumenty\CleanupScales10.csv

========== Files Created - No Company Name ==========

[2010.10.23 17:26:11 | 000,268,270 | ---- | C] () -- C:\Documents and Settings\Kaska\Dokumenty\cc_20101023_172609.reg
[2010.10.23 14:03:03 | 003,884,040 | ---- | C] () -- C:\Documents and Settings\Kaska\Plocha\ComboFix.exe
[2010.10.23 13:28:34 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2010.10.23 13:26:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.10.23 13:26:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.10.23 13:26:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.10.23 13:26:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.10.23 13:26:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.10.20 09:01:26 | 000,375,963 | ---- | C] () -- C:\Documents and Settings\Kaska\Plocha\C__Documents and Settings_Kaska_Local Settings_Temporary Internet Files_Content.IE5_XDEIDV9B_vo_milevsko VO (1.pdf
[2010.10.20 08:13:17 | 000,088,116 | ---- | C] () -- C:\Documents and Settings\Kaska\Plocha\C___Data__10-19 Úprava křižovatky Milevsko__Podél Model _(1_).pdf
[2010.10.19 07:29:11 | 000,007,556 | ---- | C] () -- C:\Documents and Settings\Kaska\Dokumenty\cc_20101019_072909.reg
[2010.10.19 07:28:47 | 000,339,132 | ---- | C] () -- C:\Documents and Settings\Kaska\Dokumenty\cc_20101019_072845.reg
[2010.10.18 16:09:38 | 000,007,466 | ---- | C] () -- C:\Documents and Settings\Kaska\Dokumenty\CleanupScales10.csv
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008.12.18 14:53:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2008.11.11 08:33:16 | 000,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008.08.20 12:45:30 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\~AdAway.dll
[2008.08.20 12:45:27 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\~global.dll
[2008.01.21 12:19:37 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Kaska\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.21 10:38:42 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Kaska\Local Settings\Data aplikací\fusioncache.dat
[2006.06.16 16:50:14 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2006.02.07 19:42:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006.02.06 11:51:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2006.01.30 12:32:19 | 000,000,310 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2005.12.27 18:42:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.12.27 14:35:29 | 030,604,794 | ---- | C] () -- C:\Program Files\Roadpac ze Server 12-05.zip
[2005.12.27 14:17:10 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2005.12.22 17:08:09 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.12.22 16:05:23 | 000,000,327 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2005.12.22 13:39:41 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\wrdrv.sys
[2005.12.22 09:46:57 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.12.05 12:24:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.12.05 11:44:11 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005.12.05 07:56:11 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.13 03:56:20 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.04.11 11:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[1980.01.01 00:00:00 | 000,014,060 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

< End of report >

brkys · #6 Příspěvek od **brkys** » 23 říj 2010 16:47

Tak při spuštění GMER nastala pokaždé "modrá smrt", a iona GMER zmizela z plochy

#7 Příspěvek od **earl** » 23 říj 2010 17:54

Klepnete na Tento pocitac-Nastroje-Moznosti slozky-Zobrazeni-a odfajfkujte Skryt chranene soubory operacniho systemu a oznacte Zobrazovat skryte soubory a slozky.Po ukonceni vsech procedur stejnou cestou vratte nastaveni zpet.

otestujte na VIRUSTOTALu

C:\WINDOWS\System32\~AdAway.dll

C:\WINDOWS\System32\~global.dll

C:\WINDOWS\System32\haspdos.sys

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)

Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.

Vidim nainstalovany MBAM,takze -

Pouzijte MBAM

instalace,uplny sken,vlozit sem log-NIC NEMAZAT!

Stahnete catchme.exe a spustte.

Vysledny log vlozte sem.

brkys · #8 Příspěvek od **brkys** » 25 říj 2010 07:45

ještě se pro jistotu zeptám-odfajfkovat= nechat zatžené nebo zrušit zatržení? protože když zruším zatržení u Skryt chranene soubory operacniho systemu, tak se objevi hlaska ze pocitac prestane fungovat

brkys · #9 Příspěvek od **brkys** » 25 říj 2010 09:19

a ještě jedna věc-rezidentní šťít AVG a firewall májí být stále deaktivované?

#10 Příspěvek od **earl** » 25 říj 2010 15:24

Potrebujeme,aby se skryte soubory zobrazovaly,takze nechat zaskrtnute bez ohledu na hlasky operacniho systemu - jsou chvile,kdy jsme chytrejsi nez on

Nechte rezidentni stity uz spustene.

brkys · #11 Příspěvek od **brkys** » 26 říj 2010 06:01

Antivirus Version Last Update Result
AhnLab-V3 2010.10.26.00 2010.10.25 -
AntiVir 7.10.13.37 2010.10.25 -
Antiy-AVL 2.0.3.7 2010.10.26 -
Authentium 5.2.0.5 2010.10.26 -
Avast 4.8.1351.0 2010.10.25 -
Avast5 5.0.594.0 2010.10.25 -
AVG 9.0.0.851 2010.10.25 -
BitDefender 7.2 2010.10.26 -
CAT-QuickHeal 11.00 2010.10.25 -
ClamAV 0.96.2.0-git 2010.10.26 -
Comodo 6511 2010.10.26 -
DrWeb 5.0.2.03300 2010.10.26 -
eSafe 7.0.17.0 2010.10.25 -
eTrust-Vet 36.1.7935 2010.10.26 -
F-Prot 4.6.2.117 2010.10.25 -
F-Secure 9.0.16160.0 2010.10.26 -
Fortinet 4.2.249.0 2010.10.25 -
GData 21 2010.10.26 -
Ikarus T3.1.1.90.0 2010.10.26 -
Jiangmin 13.0.900 2010.10.25 -
K7AntiVirus 9.66.2830 2010.10.25 -
McAfee 5.400.0.1158 2010.10.26 -
McAfee-GW-Edition 2010.1C 2010.10.25 -
Microsoft 1.6301 2010.10.25 -
NOD32 5562 2010.10.25 -
Norman 6.06.10 2010.10.25 -
nProtect 2010-10-25.01 2010.10.25 -
Panda 10.0.2.7 2010.10.25 -
PCTools 7.0.3.5 2010.10.26 -
Prevx 3.0 2010.10.26 -
Rising 22.70.06.04 2010.10.26 -
Sophos 4.58.0 2010.10.26 -
Sunbelt 7141 2010.10.26 -
SUPERAntiSpyware 4.40.0.1006 2010.10.26 -
Symantec 20101.2.0.161 2010.10.26 -
TheHacker 6.7.0.1.066 2010.10.25 -
TrendMicro 9.120.0.1004 2010.10.26 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.26 -
VBA32 3.12.14.1 2010.10.25 -
ViRobot 2010.10.25.4110 2010.10.26 -
VirusBuster 12.70.4.0 2010.10.25 -
Additional informationShow all
MD5 : dbcd41d42cf6f2c472b03e079057cbd2
SHA1 : 85f285f53e61f677d3c6cfa8480f33e1dde6eab2
SHA256: a23a2b98c7eb7fa15fe27d582a8fef608d4050d4f6c31f9c896c5a3d54754846

brkys · #12 Příspěvek od **brkys** » 26 říj 2010 06:05

Antivirus Version Last Update Result
AhnLab-V3 2010.10.26.00 2010.10.25 -
AntiVir 7.10.13.37 2010.10.25 -
Antiy-AVL 2.0.3.7 2010.10.26 -
Authentium 5.2.0.5 2010.10.26 -
Avast 4.8.1351.0 2010.10.25 -
Avast5 5.0.594.0 2010.10.25 -
AVG 9.0.0.851 2010.10.25 -
BitDefender 7.2 2010.10.26 -
CAT-QuickHeal 11.00 2010.10.25 -
ClamAV 0.96.2.0-git 2010.10.26 -
Comodo 6511 2010.10.26 -
DrWeb 5.0.2.03300 2010.10.26 -
eSafe 7.0.17.0 2010.10.25 -
eTrust-Vet 36.1.7935 2010.10.26 -
F-Prot 4.6.2.117 2010.10.25 -
F-Secure 9.0.16160.0 2010.10.26 -
Fortinet 4.2.249.0 2010.10.25 -
GData 21 2010.10.26 -
Ikarus T3.1.1.90.0 2010.10.26 -
Jiangmin 13.0.900 2010.10.25 -
K7AntiVirus 9.66.2830 2010.10.25 -
McAfee 5.400.0.1158 2010.10.26 -
McAfee-GW-Edition 2010.1C 2010.10.25 -
Microsoft 1.6301 2010.10.25 -
NOD32 5562 2010.10.25 -
Norman 6.06.10 2010.10.25 -
nProtect 2010-10-25.01 2010.10.25 -
Panda 10.0.2.7 2010.10.25 -
PCTools 7.0.3.5 2010.10.26 -
Prevx 3.0 2010.10.26 -
Rising 22.70.06.04 2010.10.26 -
Sophos 4.58.0 2010.10.26 -
Sunbelt 7141 2010.10.26 W32.Gruel@mm (fs)
SUPERAntiSpyware 4.40.0.1006 2010.10.26 -
Symantec 20101.2.0.161 2010.10.26 -
TheHacker 6.7.0.1.066 2010.10.25 -
TrendMicro 9.120.0.1004 2010.10.26 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.26 -
VBA32 3.12.14.1 2010.10.25 -
ViRobot 2010.10.25.4110 2010.10.26 -
VirusBuster 12.70.4.0 2010.10.25 -
Additional informationShow all
MD5 : fa77a52add1a818ddbab15184fffb523
SHA1 : 1e8ebacc614b8de22429b2e48a1ed3fb5d1cee67
SHA256: 0d0e4a611eca9150f0039d93b328d78fddc50f928d76268b9d4ef678814abea9

brkys · #13 Příspěvek od **brkys** » 26 říj 2010 06:07

Antivirus Version Last Update Result
AhnLab-V3 2010.10.26.00 2010.10.25 -
AntiVir 7.10.13.37 2010.10.25 -
Antiy-AVL 2.0.3.7 2010.10.26 -
Authentium 5.2.0.5 2010.10.26 -
Avast 4.8.1351.0 2010.10.25 -
Avast5 5.0.594.0 2010.10.25 -
AVG 9.0.0.851 2010.10.25 -
BitDefender 7.2 2010.10.26 -
CAT-QuickHeal 11.00 2010.10.25 -
ClamAV 0.96.2.0-git 2010.10.26 -
Comodo 6511 2010.10.26 -
DrWeb 5.0.2.03300 2010.10.26 STPAGE.Trojan
Emsisoft 5.0.0.50 2010.10.26 -
eSafe 7.0.17.0 2010.10.25 -
eTrust-Vet 36.1.7935 2010.10.26 -
F-Prot 4.6.2.117 2010.10.25 -
F-Secure 9.0.16160.0 2010.10.26 -
Fortinet 4.2.249.0 2010.10.25 -
GData 21 2010.10.26 -
Ikarus T3.1.1.90.0 2010.10.26 -
Jiangmin 13.0.900 2010.10.25 -
K7AntiVirus 9.66.2830 2010.10.25 -
Kaspersky 7.0.0.125 2010.10.26 -
McAfee 5.400.0.1158 2010.10.26 Artemis!AF952D4974BC
McAfee-GW-Edition 2010.1C 2010.10.25 Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft 1.6301 2010.10.25 -
NOD32 5562 2010.10.25 -
Norman 6.06.10 2010.10.25 -
nProtect 2010-10-25.01 2010.10.25 -
Panda 10.0.2.7 2010.10.25 -
PCTools 7.0.3.5 2010.10.26 -
Prevx 3.0 2010.10.26 -
Rising 22.70.06.04 2010.10.26 -
Sophos 4.58.0 2010.10.26 -
Sunbelt 7141 2010.10.26 -
SUPERAntiSpyware 4.40.0.1006 2010.10.26 -
Symantec 20101.2.0.161 2010.10.26 -
TheHacker 6.7.0.1.066 2010.10.25 -
TrendMicro 9.120.0.1004 2010.10.26 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.26 -
VBA32 3.12.14.1 2010.10.25 -
ViRobot 2010.10.25.4110 2010.10.26 -
VirusBuster 12.70.4.0 2010.10.25 -
Additional informationShow all
MD5 : af952d4974bc6b52e618937967aee2f4
SHA1 : 308c91ff33b77cbc2ca782427b5e625f6ab0f500
SHA256: 44d82a64396406e04eba592d77a9a536830c176393bd525ce702ede6fe08ec99

brkys · #14 Příspěvek od **brkys** » 26 říj 2010 07:43

vypis z MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4949

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.10.2010 8:41:50
mbam-log-2010-10-26 (08-41-50).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 404150
Uplynulý čas: 1 hodina(y), 29 minuta(y), 4 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 3
Infikované datové položky registru: 3
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_application (Hijacker.Application) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_xmllookup (Hijacker.XMLLookup) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x ... asp?Ext=%s) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/file ... 04x&Ext=%s) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/file ... 04x&Ext=%s) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\Kaska\Plocha\CAD+office\AutoDesk CadCon DT+ 2006\crack\keymaker.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Common Files\Autodesk Shared\GIS\ImportExport\4.0\msvcirt.dll (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Common Files\Autodesk Shared\GIS\ImportExport\4.0\msvcp60.dll (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Common Files\Autodesk Shared\GIS\ImportExport\4.0\msvcrt.dll (Malware.Packer.Gen) -> No action taken.

brkys · #15 Příspěvek od **brkys** » 26 říj 2010 07:52

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-26 08:47:44
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

VIRY.CZ

Rozesílání spamů

Rozesílání spamů

Re: Rozesílání spamů

Re: Rozesílání spamů

Re: Rozesílání spamů

Re: Rozesílání spamů

Re: Rozesílání spamů

Re: Rozesílání spamů

Re: Rozesílání spamů

Re: Rozesílání spamů

Re: Rozesílání spamů

Re: Rozesílání spamů

Re: Rozesílání spamů

Re: Rozesílání spamů

Re: Rozesílání spamů

Re: Rozesílání spamů