Vírus z FB?

Zpráva

shatterhand · #31 Příspěvek od **shatterhand** » 16 led 2012 13:51

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Remove -- Date : 01/16/2012 13:41:58

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{4BA11B05-CB1D-43E5-8932-F95655A73F7D} : NameServer (195.113.44.11,195.113.0.2) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{4BA11B05-CB1D-43E5-8932-F95655A73F7D} : NameServer (195.113.44.11,195.113.0.2) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\Explorer : DisallowRun (1) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤
˙ţ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 25c01346c4b6bd7800b509a88b425c7b
[BSP] f9f00ff646e4597f90994a953df42d8f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 52427 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 102398310 | Size: 197620 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: HOSTSFix -- Date : 01/16/2012 13:42:39

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
˙ţ1

¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: ProxyFix -- Date : 01/16/2012 13:42:54

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-01-16 13:46:11
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (6%) free of 50 GB
Total RAM: 895 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:46:18, on 16. 1. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\RSIT(1).exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.atlas.cz/?from=icqhp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BA11B05-CB1D-43E5-8932-F95655A73F7D}: NameServer = 195.113.44.11,195.113.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: mdhcp32 - mdhcp32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

--
End of file - 7350 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\a8lffkrb.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"

"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\Toolbar\firefox\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"m3ffxtbr@mywebsearch.com"=C:\Program Files\MyWebSearch\bar\3.bin

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.4]
"Description"=Musicnotes Viewer Plugin
"Path"=C:\Program Files\Musicnotes\npmusicn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin]
"Description"=My Web Search Plugin
"Path"=C:\Program Files\MyWebSearch\bar\3.bin\NPMyWebS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.1.5.22]
"Description"=Sibelius Scorch Plugin
"Path"=C:\Program Files\Musicnotes\npsibelius.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

C:\Program Files\Mozilla Firefox\components\
AskHPRFF.js
binary.manifest
browsercomps.dll
npwachk.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeploytk.dll
NPOFF12.DLL
nppdf32.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\a8lffkrb.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-03-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mdhcp32]
C:\WINDOWS\system32\mdhcp32.dll [2012-01-16 50688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Administrator\Plocha\StrongDC.exe"="C:\Documents and Settings\Administrator\Plocha\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\12Voip.com\12Voip\12Voip.exe"="C:\Program Files\12Voip.com\12Voip\12Voip.exe:*:Enabled:12Voip"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.VSPX"=vspxvfw.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

======List of files/folders created in the last 1 month======

2012-01-16 13:41:36 ----A---- C:\WINDOWS\system32\drivers\TrueSight.sys
2012-01-16 05:44:57 ----ASH---- C:\WINDOWS\system32\dds_log_trash.cmd
2012-01-16 00:51:50 ----A---- C:\WINDOWS\system32\crt.dat
2012-01-16 00:51:47 ----A---- C:\WINDOWS\system32\dll.dll
2012-01-16 00:51:37 ----A---- C:\WINDOWS\system32\shimg.dll
2012-01-16 00:51:32 ----A---- C:\WINDOWS\system32\mdhcp32.dll
2012-01-14 18:36:33 ----D---- C:\rsit
2012-01-14 18:05:03 ----SHD---- C:\Config.Msi
2012-01-13 19:33:37 ----D---- C:\ZHP
2012-01-13 19:33:17 ----D---- C:\Program Files\ZHPDiag
2012-01-11 12:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-01-11 12:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-01-11 12:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-01-11 12:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-01-11 12:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2012-01-07 20:08:07 ----D---- C:\Program Files\Conduit
2012-01-07 20:07:58 ----D---- C:\Program Files\ConduitEngine
2012-01-07 20:07:44 ----D---- C:\Program Files\BS_Player

======List of files/folders modified in the last 1 month======

2012-01-16 13:46:14 ----D---- C:\Program Files\trend micro
2012-01-16 13:41:45 ----D---- C:\WINDOWS\Prefetch
2012-01-16 13:41:36 ----D---- C:\WINDOWS\system32\drivers
2012-01-16 13:26:01 ----D---- C:\WINDOWS\temp
2012-01-16 13:24:56 ----D---- C:\WINDOWS\system32
2012-01-16 08:10:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-16 00:51:36 ----AD---- C:\WINDOWS
2012-01-16 00:51:33 ----D---- C:\Program Files\Mozilla Firefox
2012-01-15 15:50:57 ----HD---- C:\WINDOWS\inf
2012-01-15 15:50:55 ----D---- C:\WINDOWS\system32\CatRoot
2012-01-15 13:29:57 ----D---- C:\Documents and Settings\Administrator\Data aplikací\BSplayer
2012-01-15 12:04:50 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-14 18:34:37 ----RD---- C:\Program Files
2012-01-14 18:31:22 ----SHD---- C:\WINDOWS\Installer
2012-01-14 18:29:13 ----D---- C:\WINDOWS\WinSxS
2012-01-14 18:22:54 ----RSD---- C:\WINDOWS\assembly
2012-01-14 18:19:59 ----D---- C:\Program Files\Common Files
2012-01-14 18:16:58 ----D---- C:\Program Files\Common Files\ESRI
2012-01-14 18:05:24 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ESRI
2012-01-14 17:46:19 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Winamp
2012-01-14 17:46:19 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Media Player Classic
2012-01-14 17:46:18 ----D---- C:\WINDOWS\Debug
2012-01-14 17:44:55 ----D---- C:\Program Files\CCleaner
2012-01-14 17:42:39 ----D---- C:\flexlm
2012-01-14 13:54:08 ----D---- C:\WINDOWS\system32\drivers\etc
2012-01-12 00:54:07 ----D---- C:\Documents and Settings\Administrator\Data aplikací\SolidDocuments
2012-01-11 12:40:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-11 12:37:40 ----A---- C:\WINDOWS\system32\MRT.exe
2012-01-11 12:37:11 ----HD---- C:\WINDOWS\$hf_mig$
2012-01-03 19:25:11 ----D---- C:\WINDOWS\Microsoft.NET
2012-01-03 03:04:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-02-24 218688]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-07 1972736]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-10 4449280]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
S3 TrueSight;TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-01 697328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-07 446464]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 nlsX86cc;NLS Service; C:\WINDOWS\system32\NLSSRV32.EXE [2011-01-31 68928]
R2 ScReadSpool;SolidPDFConverterReadSpool; C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe [2006-11-02 184320]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400]
R2 viairda;Commserver; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#32 Příspěvek od **vyosek** » 16 led 2012 15:49

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

shatterhand · #33 Příspěvek od **shatterhand** » 16 led 2012 17:25

17:21:42.0734 4024 TDSS rootkit removing tool 2.7.2.0 Jan 14 2012 20:07:30
17:21:42.0937 4024 ============================================================
17:21:42.0937 4024 Current date / time: 2012/01/16 17:21:42.0937
17:21:42.0937 4024 SystemInfo:
17:21:42.0937 4024
17:21:42.0937 4024 OS Version: 5.1.2600 ServicePack: 3.0
17:21:42.0937 4024 Product type: Workstation
17:21:42.0937 4024 ComputerName: MICHAL-20E57DC6
17:21:42.0937 4024 UserName: Administrator
17:21:42.0937 4024 Windows directory: C:\WINDOWS
17:21:42.0937 4024 System windows directory: C:\WINDOWS
17:21:42.0937 4024 Processor architecture: Intel x86
17:21:42.0937 4024 Number of processors: 1
17:21:42.0937 4024 Page size: 0x1000
17:21:42.0937 4024 Boot type: Normal boot
17:21:42.0937 4024 ============================================================
17:21:44.0203 4024 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
17:21:44.0656 4024 Initialize success
17:22:37.0890 0496 ============================================================
17:22:37.0906 0496 Scan started
17:22:37.0906 0496 Mode: Manual; SigCheck; TDLFS;
17:22:37.0906 0496 ============================================================
17:22:38.0328 0496 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:22:40.0843 0496 Aavmker4 - ok
17:22:40.0906 0496 Abiosdsk - ok
17:22:40.0937 0496 abp480n5 - ok
17:22:40.0984 0496 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:22:42.0328 0496 ACPI - ok
17:22:42.0390 0496 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:22:42.0593 0496 ACPIEC - ok
17:22:42.0625 0496 adpu160m - ok
17:22:42.0687 0496 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:22:42.0859 0496 aec - ok
17:22:42.0953 0496 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:22:43.0000 0496 AFD - ok
17:22:43.0046 0496 Aha154x - ok
17:22:43.0078 0496 aic78u2 - ok
17:22:43.0109 0496 aic78xx - ok
17:22:43.0140 0496 AliIde - ok
17:22:43.0218 0496 AmdK8 (fcffa85cfd4bf7a4711012847048dca3) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:22:43.0250 0496 AmdK8 - ok
17:22:43.0281 0496 amsint - ok
17:22:43.0328 0496 asc - ok
17:22:43.0343 0496 asc3350p - ok
17:22:43.0375 0496 asc3550 - ok
17:22:43.0437 0496 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
17:22:43.0453 0496 aswFsBlk - ok
17:22:43.0484 0496 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys
17:22:43.0484 0496 aswMon2 - ok
17:22:43.0546 0496 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys
17:22:43.0796 0496 aswRdr - ok
17:22:43.0828 0496 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys
17:22:43.0843 0496 aswSP - ok
17:22:43.0875 0496 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys
17:22:43.0906 0496 aswTdi - ok
17:22:43.0937 0496 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:22:44.0109 0496 AsyncMac - ok
17:22:44.0203 0496 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:22:44.0359 0496 atapi - ok
17:22:44.0406 0496 Atdisk - ok
17:22:44.0515 0496 ati2mtag (ec933673cf0131c4f1422b348d915f48) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:22:44.0687 0496 ati2mtag - ok
17:22:44.0781 0496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:22:44.0953 0496 audstub - ok
17:22:45.0015 0496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:22:45.0234 0496 Beep - ok
17:22:45.0328 0496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:22:45.0531 0496 cbidf2k - ok
17:22:45.0578 0496 cd20xrnt - ok
17:22:45.0640 0496 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:22:45.0796 0496 Cdfs - ok
17:22:45.0843 0496 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:22:46.0015 0496 Cdrom - ok
17:22:46.0078 0496 CmdIde - ok
17:22:46.0140 0496 Cpqarray - ok
17:22:46.0187 0496 dac2w2k - ok
17:22:46.0234 0496 dac960nt - ok
17:22:46.0296 0496 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:22:46.0468 0496 Disk - ok
17:22:46.0531 0496 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
17:22:46.0765 0496 dmboot - ok
17:22:46.0828 0496 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
17:22:47.0031 0496 dmio - ok
17:22:47.0078 0496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:22:47.0281 0496 dmload - ok
17:22:47.0343 0496 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:22:47.0500 0496 DMusic - ok
17:22:47.0562 0496 dpti2o - ok
17:22:47.0625 0496 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:22:47.0781 0496 drmkaud - ok
17:22:47.0828 0496 dtsoftbus01 (78d34ff8672081af90a5dfbadf5af702) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
17:22:47.0843 0496 dtsoftbus01 ( UnsignedFile.Multi.Generic ) - warning
17:22:47.0843 0496 dtsoftbus01 - detected UnsignedFile.Multi.Generic (1)
17:22:47.0937 0496 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:22:48.0093 0496 Fastfat - ok
17:22:48.0187 0496 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:22:48.0328 0496 Fdc - ok
17:22:48.0390 0496 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
17:22:48.0562 0496 Fips - ok
17:22:48.0609 0496 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:22:48.0796 0496 FltMgr - ok
17:22:48.0859 0496 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:22:49.0046 0496 Fs_Rec - ok
17:22:49.0125 0496 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:22:49.0343 0496 Ftdisk - ok
17:22:49.0406 0496 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:22:49.0562 0496 Gpc - ok
17:22:49.0625 0496 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:22:49.0828 0496 HDAudBus - ok
17:22:49.0890 0496 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:22:50.0062 0496 hidusb - ok
17:22:50.0109 0496 hpn - ok
17:22:50.0156 0496 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:22:50.0234 0496 HTTP - ok
17:22:50.0281 0496 i2omp - ok
17:22:50.0328 0496 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:22:50.0500 0496 i8042prt - ok
17:22:50.0593 0496 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:22:50.0750 0496 Imapi - ok
17:22:50.0796 0496 ini910u - ok
17:22:50.0953 0496 IntcAzAudAddService (1ebde650d97a8eccdc1cc4a0804647cd) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:22:51.0375 0496 IntcAzAudAddService - ok
17:22:51.0437 0496 IntelIde - ok
17:22:51.0484 0496 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:22:51.0687 0496 ip6fw - ok
17:22:51.0750 0496 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:22:51.0906 0496 IpNat - ok
17:22:51.0968 0496 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:22:52.0156 0496 IPSec - ok
17:22:52.0250 0496 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:22:52.0406 0496 isapnp - ok
17:22:52.0468 0496 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:22:52.0640 0496 Kbdclass - ok
17:22:52.0734 0496 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:22:52.0890 0496 kmixer - ok
17:22:52.0968 0496 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:22:53.0015 0496 KSecDD - ok
17:22:53.0125 0496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:22:53.0343 0496 mnmdd - ok
17:22:53.0406 0496 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:22:53.0546 0496 Mouclass - ok
17:22:53.0625 0496 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:22:53.0843 0496 mouhid - ok
17:22:53.0890 0496 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:22:54.0062 0496 MountMgr - ok
17:22:54.0093 0496 mraid35x - ok
17:22:54.0140 0496 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:22:54.0312 0496 MRxDAV - ok
17:22:54.0375 0496 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:22:54.0468 0496 MRxSmb - ok
17:22:54.0546 0496 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:22:54.0703 0496 Msfs - ok
17:22:54.0765 0496 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:22:54.0937 0496 mssmbios - ok
17:22:55.0000 0496 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:22:55.0015 0496 MTsensor - ok
17:22:55.0062 0496 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:22:55.0093 0496 Mup - ok
17:22:55.0203 0496 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:22:55.0375 0496 NDIS - ok
17:22:55.0421 0496 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:22:55.0453 0496 NdisTapi - ok
17:22:55.0515 0496 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:22:55.0671 0496 Ndisuio - ok
17:22:55.0750 0496 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:22:55.0937 0496 NdisWan - ok
17:22:56.0015 0496 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:22:56.0078 0496 NDProxy - ok
17:22:56.0125 0496 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:22:56.0296 0496 NetBIOS - ok
17:22:56.0359 0496 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:22:56.0562 0496 NetBT - ok
17:22:56.0687 0496 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:22:56.0843 0496 Npfs - ok
17:22:56.0890 0496 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:22:57.0140 0496 Ntfs - ok
17:22:57.0234 0496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:22:57.0421 0496 Null - ok
17:22:57.0515 0496 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
17:22:57.0687 0496 Parport - ok
17:22:57.0750 0496 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:22:57.0937 0496 PartMgr - ok
17:22:58.0000 0496 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
17:22:58.0187 0496 ParVdm - ok
17:22:58.0265 0496 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
17:22:58.0421 0496 PCI - ok
17:22:58.0468 0496 PCIDump - ok
17:22:58.0515 0496 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:22:58.0734 0496 PCIIde - ok
17:22:58.0812 0496 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:22:58.0968 0496 Pcmcia - ok
17:22:59.0031 0496 perc2 - ok
17:22:59.0062 0496 perc2hib - ok
17:22:59.0140 0496 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:22:59.0296 0496 PptpMiniport - ok
17:22:59.0343 0496 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
17:22:59.0515 0496 Processor - ok
17:22:59.0578 0496 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:22:59.0765 0496 PSched - ok
17:22:59.0828 0496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:23:00.0015 0496 Ptilink - ok
17:23:00.0093 0496 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:23:00.0109 0496 PxHelp20 - ok
17:23:00.0125 0496 ql1080 - ok
17:23:00.0156 0496 Ql10wnt - ok
17:23:00.0203 0496 ql12160 - ok
17:23:00.0234 0496 ql1240 - ok
17:23:00.0250 0496 ql1280 - ok
17:23:00.0312 0496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:23:00.0531 0496 RasAcd - ok
17:23:00.0609 0496 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:23:00.0750 0496 Rasl2tp - ok
17:23:00.0812 0496 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:23:00.0984 0496 RasPppoe - ok
17:23:01.0031 0496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:23:01.0234 0496 Raspti - ok
17:23:01.0296 0496 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:23:01.0453 0496 Rdbss - ok
17:23:01.0515 0496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:23:01.0718 0496 RDPCDD - ok
17:23:01.0781 0496 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:23:01.0953 0496 rdpdr - ok
17:23:02.0031 0496 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:23:02.0203 0496 redbook - ok
17:23:02.0296 0496 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:23:02.0421 0496 rtl8139 - ok
17:23:02.0468 0496 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:23:02.0468 0496 SASDIFSV - ok
17:23:02.0500 0496 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:23:02.0515 0496 SASKUTIL - ok
17:23:02.0578 0496 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
17:23:02.0593 0496 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
17:23:02.0593 0496 SCDEmu - detected UnsignedFile.Multi.Generic (1)
17:23:02.0656 0496 Sentinel (b3c1b187fefc941f63ce0df93d02eb9f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
17:23:02.0656 0496 Sentinel - ok
17:23:02.0687 0496 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:23:02.0875 0496 serenum - ok
17:23:02.0953 0496 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
17:23:03.0140 0496 Serial - ok
17:23:03.0218 0496 Simbad - ok
17:23:03.0265 0496 Sparrow - ok
17:23:03.0312 0496 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:23:03.0468 0496 splitter - ok
17:23:03.0562 0496 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\System32\Drivers\sptd.sys
17:23:03.0640 0496 sptd - ok
17:23:03.0718 0496 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
17:23:03.0921 0496 sr - ok
17:23:03.0984 0496 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:23:04.0062 0496 Srv - ok
17:23:04.0140 0496 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:23:04.0296 0496 swenum - ok
17:23:04.0359 0496 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:23:04.0515 0496 swmidi - ok
17:23:04.0562 0496 symc810 - ok
17:23:04.0609 0496 symc8xx - ok
17:23:04.0640 0496 sym_hi - ok
17:23:04.0671 0496 sym_u3 - ok
17:23:04.0750 0496 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:23:04.0906 0496 sysaudio - ok
17:23:04.0984 0496 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:23:05.0046 0496 Tcpip - ok
17:23:05.0125 0496 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:23:05.0296 0496 TermDD - ok
17:23:05.0359 0496 TosIde - ok
17:23:05.0421 0496 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
17:23:05.0437 0496 TrueSight ( UnsignedFile.Multi.Generic ) - warning
17:23:05.0437 0496 TrueSight - detected UnsignedFile.Multi.Generic (1)
17:23:05.0500 0496 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:23:05.0656 0496 Udfs - ok
17:23:05.0703 0496 ultra - ok
17:23:05.0875 0496 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:23:06.0046 0496 Update - ok
17:23:06.0109 0496 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:23:06.0281 0496 usbehci - ok
17:23:06.0343 0496 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:23:06.0515 0496 usbhub - ok
17:23:06.0546 0496 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:23:06.0703 0496 usbohci - ok
17:23:06.0750 0496 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:23:06.0906 0496 USBSTOR - ok
17:23:06.0968 0496 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:23:07.0125 0496 VgaSave - ok
17:23:07.0171 0496 ViaIde - ok
17:23:07.0234 0496 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
17:23:07.0421 0496 VolSnap - ok
17:23:07.0468 0496 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:23:07.0656 0496 Wanarp - ok
17:23:07.0718 0496 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:23:07.0906 0496 wdmaud - ok
17:23:08.0031 0496 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:23:08.0078 0496 WpdUsb - ok
17:23:08.0125 0496 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:23:08.0312 0496 WS2IFSL - ok
17:23:08.0359 0496 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:23:08.0390 0496 WudfPf - ok
17:23:08.0437 0496 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:23:08.0453 0496 WudfRd - ok
17:23:08.0500 0496 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
17:23:08.0750 0496 \Device\Harddisk0\DR0 - ok
17:23:08.0765 0496 Boot (0x1200) (648d8e4cf5af0965836e44d33a71a9ef) \Device\Harddisk0\DR0\Partition0
17:23:08.0765 0496 \Device\Harddisk0\DR0\Partition0 - ok
17:23:08.0781 0496 Boot (0x1200) (179e05e1e9c24e0346f51a2f513f4ab5) \Device\Harddisk0\DR0\Partition1
17:23:08.0781 0496 \Device\Harddisk0\DR0\Partition1 - ok
17:23:08.0828 0496 Boot (0x1200) (7581aa44fd46b9310aab7c8fcf51b8e6) \Device\Harddisk0\DR0\Partition2
17:23:08.0828 0496 \Device\Harddisk0\DR0\Partition2 - ok
17:23:08.0828 0496 ============================================================
17:23:08.0828 0496 Scan finished
17:23:08.0828 0496 ============================================================
17:23:08.0953 0300 Detected object count: 3
17:23:08.0953 0300 Actual detected object count: 3
17:23:23.0203 0300 dtsoftbus01 ( UnsignedFile.Multi.Generic ) - skipped by user
17:23:23.0203 0300 dtsoftbus01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:23:23.0218 0300 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
17:23:23.0218 0300 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:23:23.0234 0300 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
17:23:23.0234 0300 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

#34 Příspěvek od **vyosek** » 16 led 2012 17:28

Tohle je OK, mrcha bude jinde

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

shatterhand · #35 Příspěvek od **shatterhand** » 16 led 2012 18:25

Avast som musel odinštalovať, pretože som ho nevedel vypnúť, po kliknutí na ikonku sa spúšťal scan. Bránu firewall som vypol. Potom písalo, že mám nejaký antivír Sentinel čosi, tak som ho odinštaloval, ale ComboFix pri spúšťaní scanu stále naňho spomínal...

ComboFix 12-01-16.02 - Administrator . 01. 2012 18:09:13.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.895.588 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Stažené soubory\ComboFix.exe
AV: Personal Security Sentinel *Enabled/Updated* {9EC3740D-420B-44DF-B436-C287D2EBFAF1}
FW: Personal Security Sentinel *Enabled* {8FA11A73-10C0-4BC0-9CE9-A2BACB3291A2}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Data aplikací\976821e6\U\00000001.@
c:\documents and settings\Administrator\Local Settings\Data aplikací\976821e6\U\000000c0.@
c:\documents and settings\Administrator\Local Settings\Data aplikací\976821e6\U\000000cb.@
c:\documents and settings\Administrator\Local Settings\Data aplikací\976821e6\U\000000cf.@
c:\documents and settings\Administrator\Local Settings\Data aplikací\976821e6\U\80000000.@
c:\documents and settings\Administrator\Local Settings\Data aplikací\976821e6\U\800000c0.@
c:\documents and settings\Administrator\Local Settings\Data aplikací\976821e6\U\800000cb.@
c:\documents and settings\Administrator\Local Settings\Data aplikací\976821e6\U\800000cf.@
c:\documents and settings\Administrator\Local Settings\Data aplikací\976821e6\X
c:\documents and settings\Administrator\WINDOWS
c:\program files\Mozilla Firefox\components\AskHPRFF.js
c:\windows\$NtUninstallKB18801$
c:\windows\$NtUninstallKB18801$\2540184038\@
c:\windows\$NtUninstallKB18801$\2540184038\L\gnamwkvx
c:\windows\$NtUninstallKB18801$\2540184038\loader.tlb
c:\windows\$NtUninstallKB18801$\2540184038\U\@00000001
c:\windows\$NtUninstallKB18801$\2540184038\U\@000000c0
c:\windows\$NtUninstallKB18801$\2540184038\U\@000000cb
c:\windows\$NtUninstallKB18801$\2540184038\U\@000000cf
c:\windows\$NtUninstallKB18801$\2540184038\U\@80000000
c:\windows\$NtUninstallKB18801$\2540184038\U\@800000c0
c:\windows\$NtUninstallKB18801$\2540184038\U\@800000cb
c:\windows\$NtUninstallKB18801$\2540184038\U\@800000cf
c:\windows\$NtUninstallKB18801$\2723452874
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\CF17966.exe
c:\windows\system32\crt.dat
c:\windows\system32\Dll.dll
c:\windows\system32\mdhcp32.dll
c:\windows\system32\MSMQ.dll
c:\windows\system32\regobj.dll
c:\windows\system32\shimg.dll
.
Nakažená kopie c:\windows\system32\drivers\dtsoftbus01.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_viairda
-------\Service_viairda
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-16 do 2012-01-16 )))))))))))))))))))))))))))))))
.
.
2012-01-16 16:55 . 2011-02-24 17:23 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-16 12:41 . 2012-01-16 12:42 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-01-16 04:44 . 2012-01-16 04:44 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-15 23:51 . 2012-01-16 17:15 -------- d-sh--w- c:\documents and settings\Administrator\Local Settings\Data aplikací\976821e6
2012-01-14 17:36 . 2012-01-14 17:36 -------- d-----w- C:\rsit
2012-01-13 18:33 . 2012-01-13 18:43 -------- d-----w- C:\ZHP
2012-01-13 18:33 . 2012-01-13 18:43 -------- d-----w- c:\program files\ZHPDiag
2012-01-09 00:47 . 2012-01-09 00:47 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-09 00:47 . 2012-01-09 00:47 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-09 00:47 . 2012-01-09 00:47 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-09 00:47 . 2012-01-09 00:47 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-07 19:08 . 2012-01-07 19:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Conduit
2012-01-07 19:08 . 2012-01-07 19:08 -------- d-----w- c:\program files\Conduit
2012-01-07 19:08 . 2012-01-07 19:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\BS_Player
2012-01-07 19:07 . 2012-01-14 12:52 -------- d-----w- c:\program files\BS_Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-17 13:44 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-17 13:49 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-03 15:29 . 2004-08-17 13:49 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-08-17 13:49 1294848 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 20:36 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:36 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:36 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:34 . 2004-08-17 13:44 370176 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-17 13:49 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2004-08-17 15:45 2071552 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:50 . 2004-08-17 13:45 2194944 ------w- c:\windows\system32\ntoskrnl.exe
2012-01-09 00:47 . 2011-05-19 19:22 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\StrongDC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16. 1. 2012 17:55 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6. 12. 2007 21:03 660768]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [31. 1. 2011 11:01 68928]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1. 6. 2010 13:22 697328]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
viairda
.
.
------- Doplňkový sken -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 195.113.44.11 195.113.0.2
TCP: Interfaces\{4BA11B05-CB1D-43E5-8932-F95655A73F7D}: NameServer = 195.113.44.11,195.113.0.2
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\a8lffkrb.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Half-Life - c:\sierra\Half-Life\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-16 18:17
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3620)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2012-01-16 18:21:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-16 17:21
.
Před spuštěním: 2 834 280 448
Po spuštění: 2 810 834 944
.
- - End Of File - - 63D1F8FDE7C7184D6AA16F426989B14C

#36 Příspěvek od **vyosek** » 16 led 2012 18:31

Uvolnete nejake volne misto na disku, alepspon na 5 giga, system se dusi

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

SecCenter::
AV: Personal Security Sentinel *Enabled/Updated* {9EC3740D-420B-44DF-B436-C287D2EBFAF1}
{9EC3740D-420B-44DF-B436-C287D2EBFAF1}
FW: Personal Security Sentinel *Enabled* {8FA11A73-10C0-4BC0-9CE9-A2BACB3291A2}
{8FA11A73-10C0-4BC0-9CE9-A2BACB3291A2}

Folder::
c:\documents and settings\Administrator\Local Settings\Data aplikací\976821e6

NetSvc::
viairda

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\a8lffkrb.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - 

ClearJavaCache::

AtJob::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

shatterhand · #37 Příspěvek od **shatterhand** » 16 led 2012 19:02

Celé pozadie win zmenilo farbu z čiernej na tmavomodrú.

ComboFix 12-01-16.02 - Administrator . 01. 2012 18:49:57.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.895.394 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
.
ADS - WINDOWS: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-16 do 2012-01-16 )))))))))))))))))))))))))))))))
.
.
2012-01-16 16:55 . 2011-02-24 17:23 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-16 12:41 . 2012-01-16 12:42 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-01-16 04:44 . 2012-01-16 04:44 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-15 23:51 . 2012-01-16 17:15 -------- d-sh--w- c:\documents and settings\Administrator\Local Settings\Data aplikací\976821e6
2012-01-14 17:36 . 2012-01-14 17:36 -------- d-----w- C:\rsit
2012-01-13 18:33 . 2012-01-13 18:43 -------- d-----w- C:\ZHP
2012-01-13 18:33 . 2012-01-13 18:43 -------- d-----w- c:\program files\ZHPDiag
2012-01-09 00:47 . 2012-01-09 00:47 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-09 00:47 . 2012-01-09 00:47 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-09 00:47 . 2012-01-09 00:47 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-09 00:47 . 2012-01-09 00:47 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-07 19:08 . 2012-01-07 19:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Conduit
2012-01-07 19:08 . 2012-01-07 19:08 -------- d-----w- c:\program files\Conduit
2012-01-07 19:08 . 2012-01-07 19:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\BS_Player
2012-01-07 19:07 . 2012-01-14 12:52 -------- d-----w- c:\program files\BS_Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-17 13:44 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-17 13:49 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-03 15:29 . 2004-08-17 13:49 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-08-17 13:49 1294848 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 20:36 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:36 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:36 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 20:34 . 2004-08-17 13:44 370176 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-17 13:49 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2004-08-17 15:45 2071552 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:50 . 2004-08-17 13:45 2194944 ------w- c:\windows\system32\ntoskrnl.exe
2012-01-09 00:47 . 2011-05-19 19:22 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\StrongDC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16. 1. 2012 17:55 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6. 12. 2007 21:03 660768]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [31. 1. 2011 11:01 68928]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1. 6. 2010 13:22 697328]
.
.
------- Doplňkový sken -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 195.113.44.11 195.113.0.2
TCP: Interfaces\{4BA11B05-CB1D-43E5-8932-F95655A73F7D}: NameServer = 195.113.44.11,195.113.0.2
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\a8lffkrb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-16 18:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2012-01-16 19:00:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-16 18:00
ComboFix2.txt 2012-01-16 17:21
.
Před spuštěním: 6 221 127 680
Po spuštění: 6 190 239 744
.
- - End Of File - - F31CBC523CCDE95CDDF4892627B25518

#38 Příspěvek od **vyosek** » 16 led 2012 19:24

A pozadi nejde zmenit

shatterhand · #39 Příspěvek od **shatterhand** » 16 led 2012 19:43

Ono je všetko zmodralé, aj ostatné okná, keď dám vlastnosti plochy, tak miesto čiernej je táto tmavomodrá a miesto modrej bledšia modrá...

#40 Příspěvek od **vyosek** » 16 led 2012 19:51

Zkuste restart PC ci to nepomuze

shatterhand · #41 Příspěvek od **shatterhand** » 16 led 2012 20:02

Zmodrenie po reštarte zmizlo.

#42 Příspěvek od **vyosek** » 16 led 2012 20:03

huh, super...nejake jine problemy s PC

shatterhand · #43 Příspěvek od **shatterhand** » 16 led 2012 20:30

Neviem, momentálne mi stránky vo firefoxe fungujú, väčšinnou sa načítavajú hneď, resp. cca za sekundu, ale napr. odpoveď na viry.cz načítava cca 12 s. Vo firefoxe vo vyhľadávači mi to však predtým napovedalo len stránky zo záložiek, momentálne mi to však ponúka aj niektoré z nedávno vyhľadávaných, čo sa mi zdá nežiadúce.

Pretrváva i problém s BSPlayerom, po dvojkliku čierna obrazovka, po stlačení "M" movie mode na celú obrazovku, ale titulky nečitateľné - sústredené v stĺpci uprostred.

Dole na spodnej modrej lište so štartom (mám Windows XP) je naviac ešte taký modrý 1 - 2 mm okraj, ktorý nejd odstrániť posúvaním myšou, aj pri zväčšení lišty zostáva, aj pri úplnom skrytí lišty so štartom je modrý okraj stále vystúpený.

Okrem toho zrejme musím opäť zapnúť firewall a nainštalovať avast, prípadne, môžete mi odporučiť nejaký antivír?

Ďakujem

#44 Příspěvek od **vyosek** » 16 led 2012 20:41

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) projedte PC temito utilitami, at se zbavime zbytku antiviru co tam mate

http://files.avast.com/files/eng/aswclear.exe

Nainstalujte znovu Avast

Zkuste na filmy treb vlc player zda-li bude problem i tam

Dejte novy log z RSIT

shatterhand · #45 Příspěvek od **shatterhand** » 17 led 2012 01:16

Všetky body splnené. Zdá sa, že firefox funguje ok. VLC Player mám, ten problémy s titulkami a fullscreenom nemá, ale používal som ho len na TV. Asi sa budem musiem naučiť jeho klávesové skratky. Posledný, zato výrazný problém, ktorý sa víru netýka: neviem vyladť monitor, mám 21,5 pal. Samsung. Keď je plocha čierna, sú na nej výrazné svetlé škvrny vpravo aj vľavo, vyzerá to takmer ako rontgen hrudníka, ale tie 2 škvrny sú oddelené. Na týchto škvrnách vidno stúpať pásy svetlý - tmavý. Keď je pozadie svetlé - word alebo firefox, závadu nevidno. Nevidno ju ani počas pohyblivého obrazu, napr. filmu. Zvyšovaním jasu ju vidno viac, znižovaním menej.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-01-17 01:04:14
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (15%) free of 50 GB
Total RAM: 895 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:04:19, on 17. 1. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\RSIT(1).exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.atlas.cz/?from=icqhp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BA11B05-CB1D-43E5-8932-F95655A73F7D}: NameServer = 195.113.44.11,195.113.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

--
End of file - 6419 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\a8lffkrb.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"

"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\Toolbar\firefox\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"m3ffxtbr@mywebsearch.com"=C:\Program Files\MyWebSearch\bar\3.bin
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.4]
"Description"=Musicnotes Viewer Plugin
"Path"=C:\Program Files\Musicnotes\npmusicn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.1.5.22]
"Description"=Sibelius Scorch Plugin
"Path"=C:\Program Files\Musicnotes\npsibelius.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npwachk.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeploytk.dll
NPOFF12.DLL
nppdf32.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\a8lffkrb.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-03-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Administrator\Plocha\StrongDC.exe"="C:\Documents and Settings\Administrator\Plocha\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.VSPX"=vspxvfw.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

======List of files/folders created in the last 1 month======

2012-01-17 01:04:14 ----D---- C:\rsit
2012-01-17 00:38:14 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-01-17 00:38:14 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-01-17 00:38:12 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-01-17 00:38:11 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-01-17 00:38:11 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-01-17 00:38:10 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-01-17 00:38:10 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-01-17 00:38:10 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-01-17 00:37:54 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-01-17 00:37:54 ----A---- C:\WINDOWS\avastSS.scr
2012-01-17 00:37:37 ----D---- C:\Program Files\AVAST Software
2012-01-17 00:37:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2012-01-17 00:22:21 ----A---- C:\WINDOWS\ntbtlog.txt
2012-01-17 00:15:11 ----SHD---- C:\RECYCLER
2012-01-17 00:05:46 ----D---- C:\WINDOWS\temp
2012-01-16 21:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2012-01-16 17:55:33 ----A---- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2012-01-16 17:44:17 ----D---- C:\Qoobox
2012-01-16 13:41:36 ----A---- C:\WINDOWS\system32\drivers\TrueSight.sys
2012-01-16 05:44:57 ----ASH---- C:\WINDOWS\system32\dds_log_trash.cmd
2012-01-13 19:33:37 ----D---- C:\ZHP
2012-01-13 19:33:17 ----D---- C:\Program Files\ZHPDiag
2012-01-11 12:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-01-11 12:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-01-11 12:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-01-11 12:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-01-11 12:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2012-01-07 20:08:07 ----D---- C:\Program Files\Conduit
2012-01-07 20:07:58 ----D---- C:\Program Files\ConduitEngine
2012-01-07 20:07:44 ----D---- C:\Program Files\BS_Player

======List of files/folders modified in the last 1 month======

2012-01-17 01:04:19 ----D---- C:\Program Files\trend micro
2012-01-17 00:56:21 ----D---- C:\WINDOWS\Prefetch
2012-01-17 00:38:14 ----D---- C:\WINDOWS\system32\drivers
2012-01-17 00:38:06 ----SHD---- C:\WINDOWS\Installer
2012-01-17 00:38:05 ----D---- C:\WINDOWS\WinSxS
2012-01-17 00:37:54 ----D---- C:\WINDOWS\system32
2012-01-17 00:37:54 ----AD---- C:\WINDOWS
2012-01-17 00:37:37 ----RD---- C:\Program Files
2012-01-17 00:29:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-17 00:19:40 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Winamp
2012-01-17 00:13:11 ----SHD---- C:\System Volume Information
2012-01-17 00:13:11 ----D---- C:\WINDOWS\system32\Restore
2012-01-17 00:04:11 ----A---- C:\WINDOWS\system.ini
2012-01-17 00:04:04 ----D---- C:\WINDOWS\system32\drivers\etc
2012-01-17 00:02:18 ----D---- C:\WINDOWS\AppPatch
2012-01-17 00:02:15 ----D---- C:\Program Files\Common Files
2012-01-16 23:58:04 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-16 21:19:55 ----HD---- C:\WINDOWS\inf
2012-01-16 21:19:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-16 18:16:06 ----D---- C:\WINDOWS\system32\config
2012-01-16 16:47:57 ----HD---- C:\WINDOWS\$hf_mig$
2012-01-16 00:51:33 ----D---- C:\Program Files\Mozilla Firefox
2012-01-15 15:50:55 ----D---- C:\WINDOWS\system32\CatRoot
2012-01-15 13:29:57 ----D---- C:\Documents and Settings\Administrator\Data aplikací\BSplayer
2012-01-14 18:22:54 ----RSD---- C:\WINDOWS\assembly
2012-01-14 18:16:58 ----D---- C:\Program Files\Common Files\ESRI
2012-01-14 18:05:24 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ESRI
2012-01-14 17:46:19 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Media Player Classic
2012-01-14 17:46:18 ----D---- C:\WINDOWS\Debug
2012-01-14 17:44:55 ----D---- C:\Program Files\CCleaner
2012-01-14 17:42:39 ----D---- C:\flexlm
2012-01-12 00:54:07 ----D---- C:\Documents and Settings\Administrator\Data aplikací\SolidDocuments
2012-01-11 12:37:40 ----A---- C:\WINDOWS\system32\MRT.exe
2012-01-03 19:25:11 ----D---- C:\WINDOWS\Microsoft.NET
2012-01-03 03:04:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-02-24 218688]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-07 1972736]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-10 4449280]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
S1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys []
S3 TrueSight;TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-01 697328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-07 446464]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 nlsX86cc;NLS Service; C:\WINDOWS\system32\NLSSRV32.EXE [2011-01-31 68928]
R2 ScReadSpool;SolidPDFConverterReadSpool; C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe [2006-11-02 184320]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

VIRY.CZ

Vírus z FB?

Re: Vírus z FB?

Re: Vírus z FB?

Re: Vírus z FB?

Re: Vírus z FB?

Re: Vírus z FB?

Re: Vírus z FB?

Re: Vírus z FB?

Re: Vírus z FB?

Re: Vírus z FB?

Re: Vírus z FB?

Re: Vírus z FB?

Re: Vírus z FB?

Re: Vírus z FB?

Re: Vírus z FB?

Re: Vírus z FB?