Antivirus Sentry ( dočištění )
Napsal: 17 črc 2010 02:55
dravím tahle mrcha se mě naistalovala do pc .
Každej exe soubor považovala za infikovanej ( nic nešlo zapnout )
UPM => avs.exe kill , svchost.exe kill tím jsem mu zabranil se pořád dokola zapínat .
mbt :
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 156402
Uplynulý čas: 16 minuta(y), 38 sekunda(y)
Infikované procesy v paměti: 3
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 13
Infikované procesy v paměti:
C:\Documents and Settings\HackHell\Plocha\avs.exe (Rogue.Installer) -> Unloaded process successfully.
C:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe (Rogue.Installer) -> Unloaded process successfully.
C:\Program Files\svchost.exe (Trojan.Agent) -> Unloaded process successfully.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adbupd (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Sysinternals Antivirus (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Program Files\alggui.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Documents and Settings\HackHell\Plocha\avs.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HackHell\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\5ab0itn4.default\Cache\6DC92D3Ed01 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HackHell\Local Settings\Temporary Internet Files\Content.IE5\AHZ7SMQM\PC_protect[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\wpp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\scdata\dbsinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\adb9_32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\alggui.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\nuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\skynet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\wp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\wp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
Sken jsem daval i rano (preventivně) pc bylo čisté takže všechno nakazila tahle mrcha .
Rsit :
Logfile of random's system information tool 1.07 (written by random/random)
Run by HackHell at 2010-07-17 03:51:58
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 158 GB (66%) free of 238 GB
Total RAM: 3326 MB (84% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:52:05, on 17.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\download\softyxD\RSIT.exe
C:\Program Files\Avira\AntiVir Desktop\usrreq.exe
C:\Program Files\trend micro\HackHell.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9051992000
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
--
End of file - 5917 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-06-04 227744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-09 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-06-04 227744]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"=C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2010-02-18 357448]
"Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2010-02-18 1573448]
"Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2010-02-18 3203144]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=475
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\QIP Infium JadrisPack\infium.exe"="C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-07-17 03:51:58 ----D---- C:\rsit
2010-07-16 22:27:36 ----AD---- C:\WINDOWS\rundll16.exe
2010-07-16 22:27:36 ----AD---- C:\WINDOWS\logo1_.exe
2010-07-14 16:12:43 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-07-14 16:12:43 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-07-13 22:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-13 10:22:51 ----D---- C:\Program Files\UPM
2010-07-13 04:55:14 ----AD---- C:\WINDOWS\VDLL.DLL
2010-07-13 04:55:14 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-07-13 04:55:14 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-07-13 04:55:14 ----AD---- C:\WINDOWS\logo_1.exe
2010-07-13 04:53:05 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-07-13 04:53:04 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-07-13 04:53:03 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-07-13 04:52:59 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-07-13 04:52:59 ----A---- C:\WINDOWS\system32\T.COM
2010-07-13 04:52:59 ----A---- C:\WINDOWS\REGEDIT.COM
2010-07-13 04:52:59 ----A---- C:\WINDOWS\R.COM
2010-07-13 04:52:58 ----D---- C:\Program Files\Common Files\MicroWorld
2010-07-13 04:52:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-07-13 04:22:37 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Download Manager
2010-07-12 22:32:11 ----D---- C:\WINDOWS\Internet Logs
2010-07-12 22:23:47 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Avira
2010-07-12 22:22:42 ----D---- C:\Program Files\Avira
2010-07-12 21:19:50 ----SHD---- C:\Config.Msi
2010-07-10 22:23:29 ----SHD---- C:\RECYCLER
2010-07-10 22:07:42 ----RASHD---- C:\cmdcons
2010-07-10 00:31:27 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Xfire
2010-07-09 21:00:32 ----A---- C:\WINDOWS\system32\xfcodec.dll
2010-07-06 19:00:49 ----D---- C:\Program Files\XeroBank
2010-06-30 21:15:15 ----D---- C:\Program Files\MSXML 4.0
2010-06-30 18:52:46 ----D---- C:\Program Files\Common Files\Nero
2010-06-30 18:45:48 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Trillian
2010-06-30 18:44:56 ----D---- C:\Program Files\Trillian
2010-06-28 23:15:40 ----D---- C:\Program Files\Common Files\McAfee
2010-06-28 23:15:33 ----D---- C:\Program Files\McAfee
2010-06-26 05:59:52 ----D---- C:\Program Files\GNU
2010-06-26 03:07:56 ----D---- C:\Program Files\CCleaner
2010-06-18 20:46:16 ----D---- C:\Program Files\AIMP2
2010-06-18 00:40:11 ----D---- C:\WINDOWS\ERDNT
======List of files/folders modified in the last 1 months======
2010-07-17 03:52:05 ----D---- C:\Program Files\Trend Micro
2010-07-17 03:51:21 ----RD---- C:\Program Files
2010-07-17 03:48:17 ----D---- C:\WINDOWS
2010-07-17 03:42:13 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-07-17 03:40:13 ----D---- C:\WINDOWS\Temp
2010-07-17 03:40:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-17 03:38:58 ----D---- C:\WINDOWS\system32\drivers
2010-07-17 03:38:19 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-07-17 03:38:04 ----D---- C:\WINDOWS\addins
2010-07-17 03:24:04 ----D---- C:\WINDOWS\system32\NtmsData
2010-07-17 03:23:32 ----SHD---- C:\System Volume Information
2010-07-17 02:33:04 ----D---- C:\WINDOWS\Registration
2010-07-17 02:26:04 ----D---- C:\WINDOWS\system32
2010-07-17 02:07:45 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Skype
2010-07-17 00:01:04 ----D---- C:\Documents and Settings\HackHell\Data aplikací\skypePM
2010-07-16 22:17:56 ----D---- C:\WINDOWS\java
2010-07-14 22:55:07 ----D---- C:\WINDOWS\Debug
2010-07-14 22:42:28 ----D---- C:\QIP Infium JadrisPack
2010-07-14 22:41:35 ----D---- C:\Program Files\QIP Infium
2010-07-14 16:12:43 ----HD---- C:\WINDOWS\inf
2010-07-13 22:15:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-13 22:15:33 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-13 22:13:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-13 05:55:26 ----D---- C:\WINDOWS\Prefetch
2010-07-13 04:52:58 ----D---- C:\Program Files\Common Files
2010-07-12 22:22:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-07-12 21:20:17 ----SHD---- C:\WINDOWS\Installer
2010-07-10 22:23:09 ----D---- C:\WINDOWS\system32\Restore
2010-07-10 22:09:44 ----SD---- C:\WINDOWS\Tasks
2010-07-10 22:09:32 ----A---- C:\WINDOWS\system.ini
2010-07-10 22:08:39 ----D---- C:\WINDOWS\AppPatch
2010-07-10 22:07:45 ----RASH---- C:\boot.ini
2010-07-10 22:03:51 ----D---- C:\WINDOWS\Driver Cache
2010-07-10 00:39:59 ----D---- C:\Program Files\Xfire
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-30 21:15:19 ----D---- C:\WINDOWS\WinSxS
2010-06-28 23:15:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2010-06-28 10:57:30 ----D---- C:\Program Files\Mozilla Firefox
2010-06-24 04:55:43 ----SD---- C:\Documents and Settings\HackHell\Data aplikací\Microsoft
2010-06-24 01:22:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS
2010-06-23 20:25:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-06-23 20:25:38 ----D---- C:\Program Files\Realtek
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avfwot;avfwot; C:\WINDOWS\system32\DRIVERS\avfwot.sys [2010-02-18 102856]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 avfwim;AvFw Packet Filter Miniport; C:\WINDOWS\system32\DRIVERS\avfwim.sys [2010-02-15 79432]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-11-17 5956608]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\WINDOWS\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 Razerlow;Diamondback 3G USB Filter Driver; C:\WINDOWS\System32\Drivers\DB3G.sys [2005-04-24 13225]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-03-08 220112]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirFirewallService;Avira FireWall; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [2010-04-01 536232]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-09 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2010-05-20 88176]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Každej exe soubor považovala za infikovanej ( nic nešlo zapnout )
UPM => avs.exe kill , svchost.exe kill tím jsem mu zabranil se pořád dokola zapínat .
mbt :
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 156402
Uplynulý čas: 16 minuta(y), 38 sekunda(y)
Infikované procesy v paměti: 3
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 13
Infikované procesy v paměti:
C:\Documents and Settings\HackHell\Plocha\avs.exe (Rogue.Installer) -> Unloaded process successfully.
C:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe (Rogue.Installer) -> Unloaded process successfully.
C:\Program Files\svchost.exe (Trojan.Agent) -> Unloaded process successfully.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adbupd (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Sysinternals Antivirus (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Program Files\alggui.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Documents and Settings\HackHell\Plocha\avs.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HackHell\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\5ab0itn4.default\Cache\6DC92D3Ed01 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HackHell\Local Settings\Temporary Internet Files\Content.IE5\AHZ7SMQM\PC_protect[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\wpp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\scdata\dbsinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\adb9_32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\alggui.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\nuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\skynet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\wp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\wp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
Sken jsem daval i rano (preventivně) pc bylo čisté takže všechno nakazila tahle mrcha .
Rsit :
Logfile of random's system information tool 1.07 (written by random/random)
Run by HackHell at 2010-07-17 03:51:58
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 158 GB (66%) free of 238 GB
Total RAM: 3326 MB (84% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:52:05, on 17.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\download\softyxD\RSIT.exe
C:\Program Files\Avira\AntiVir Desktop\usrreq.exe
C:\Program Files\trend micro\HackHell.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9051992000
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
--
End of file - 5917 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-06-04 227744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-09 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-06-04 227744]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"=C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2010-02-18 357448]
"Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2010-02-18 1573448]
"Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2010-02-18 3203144]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=475
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\QIP Infium JadrisPack\infium.exe"="C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-07-17 03:51:58 ----D---- C:\rsit
2010-07-16 22:27:36 ----AD---- C:\WINDOWS\rundll16.exe
2010-07-16 22:27:36 ----AD---- C:\WINDOWS\logo1_.exe
2010-07-14 16:12:43 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-07-14 16:12:43 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-07-13 22:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-13 10:22:51 ----D---- C:\Program Files\UPM
2010-07-13 04:55:14 ----AD---- C:\WINDOWS\VDLL.DLL
2010-07-13 04:55:14 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-07-13 04:55:14 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-07-13 04:55:14 ----AD---- C:\WINDOWS\logo_1.exe
2010-07-13 04:53:05 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-07-13 04:53:04 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-07-13 04:53:03 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-07-13 04:52:59 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-07-13 04:52:59 ----A---- C:\WINDOWS\system32\T.COM
2010-07-13 04:52:59 ----A---- C:\WINDOWS\REGEDIT.COM
2010-07-13 04:52:59 ----A---- C:\WINDOWS\R.COM
2010-07-13 04:52:58 ----D---- C:\Program Files\Common Files\MicroWorld
2010-07-13 04:52:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-07-13 04:22:37 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Download Manager
2010-07-12 22:32:11 ----D---- C:\WINDOWS\Internet Logs
2010-07-12 22:23:47 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Avira
2010-07-12 22:22:42 ----D---- C:\Program Files\Avira
2010-07-12 21:19:50 ----SHD---- C:\Config.Msi
2010-07-10 22:23:29 ----SHD---- C:\RECYCLER
2010-07-10 22:07:42 ----RASHD---- C:\cmdcons
2010-07-10 00:31:27 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Xfire
2010-07-09 21:00:32 ----A---- C:\WINDOWS\system32\xfcodec.dll
2010-07-06 19:00:49 ----D---- C:\Program Files\XeroBank
2010-06-30 21:15:15 ----D---- C:\Program Files\MSXML 4.0
2010-06-30 18:52:46 ----D---- C:\Program Files\Common Files\Nero
2010-06-30 18:45:48 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Trillian
2010-06-30 18:44:56 ----D---- C:\Program Files\Trillian
2010-06-28 23:15:40 ----D---- C:\Program Files\Common Files\McAfee
2010-06-28 23:15:33 ----D---- C:\Program Files\McAfee
2010-06-26 05:59:52 ----D---- C:\Program Files\GNU
2010-06-26 03:07:56 ----D---- C:\Program Files\CCleaner
2010-06-18 20:46:16 ----D---- C:\Program Files\AIMP2
2010-06-18 00:40:11 ----D---- C:\WINDOWS\ERDNT
======List of files/folders modified in the last 1 months======
2010-07-17 03:52:05 ----D---- C:\Program Files\Trend Micro
2010-07-17 03:51:21 ----RD---- C:\Program Files
2010-07-17 03:48:17 ----D---- C:\WINDOWS
2010-07-17 03:42:13 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-07-17 03:40:13 ----D---- C:\WINDOWS\Temp
2010-07-17 03:40:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-17 03:38:58 ----D---- C:\WINDOWS\system32\drivers
2010-07-17 03:38:19 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-07-17 03:38:04 ----D---- C:\WINDOWS\addins
2010-07-17 03:24:04 ----D---- C:\WINDOWS\system32\NtmsData
2010-07-17 03:23:32 ----SHD---- C:\System Volume Information
2010-07-17 02:33:04 ----D---- C:\WINDOWS\Registration
2010-07-17 02:26:04 ----D---- C:\WINDOWS\system32
2010-07-17 02:07:45 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Skype
2010-07-17 00:01:04 ----D---- C:\Documents and Settings\HackHell\Data aplikací\skypePM
2010-07-16 22:17:56 ----D---- C:\WINDOWS\java
2010-07-14 22:55:07 ----D---- C:\WINDOWS\Debug
2010-07-14 22:42:28 ----D---- C:\QIP Infium JadrisPack
2010-07-14 22:41:35 ----D---- C:\Program Files\QIP Infium
2010-07-14 16:12:43 ----HD---- C:\WINDOWS\inf
2010-07-13 22:15:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-13 22:15:33 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-13 22:13:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-13 05:55:26 ----D---- C:\WINDOWS\Prefetch
2010-07-13 04:52:58 ----D---- C:\Program Files\Common Files
2010-07-12 22:22:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-07-12 21:20:17 ----SHD---- C:\WINDOWS\Installer
2010-07-10 22:23:09 ----D---- C:\WINDOWS\system32\Restore
2010-07-10 22:09:44 ----SD---- C:\WINDOWS\Tasks
2010-07-10 22:09:32 ----A---- C:\WINDOWS\system.ini
2010-07-10 22:08:39 ----D---- C:\WINDOWS\AppPatch
2010-07-10 22:07:45 ----RASH---- C:\boot.ini
2010-07-10 22:03:51 ----D---- C:\WINDOWS\Driver Cache
2010-07-10 00:39:59 ----D---- C:\Program Files\Xfire
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-30 21:15:19 ----D---- C:\WINDOWS\WinSxS
2010-06-28 23:15:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2010-06-28 10:57:30 ----D---- C:\Program Files\Mozilla Firefox
2010-06-24 04:55:43 ----SD---- C:\Documents and Settings\HackHell\Data aplikací\Microsoft
2010-06-24 01:22:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS
2010-06-23 20:25:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-06-23 20:25:38 ----D---- C:\Program Files\Realtek
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avfwot;avfwot; C:\WINDOWS\system32\DRIVERS\avfwot.sys [2010-02-18 102856]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 avfwim;AvFw Packet Filter Miniport; C:\WINDOWS\system32\DRIVERS\avfwim.sys [2010-02-15 79432]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-11-17 5956608]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\WINDOWS\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 Razerlow;Diamondback 3G USB Filter Driver; C:\WINDOWS\System32\Drivers\DB3G.sys [2005-04-24 13225]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-03-08 220112]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirFirewallService;Avira FireWall; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [2010-04-01 536232]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-09 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2010-05-20 88176]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Dejte soubor otestovat na 
.