VIRY.CZ

Prosím o pomoc, jak se zbavit DR/Autoit.YH.344. Mockrát děkuju.

Windows XP SP 3 (build 2600)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
Log vygenerován: 25.8.2010 22:15:55
================================================================

SmallARK
================================================================
[?]NtCreateKey ->
[?]NtCreateSection -> esgiguard.sys
[?]NtCreateThread ->
[?]NtDeleteKey ->
[?]NtDeleteValueKey ->
[?]NtLoadKey ->
[?]NtOpenProcess ->
[?]NtOpenThread ->
[?]NtReplaceKey ->
[?]NtRestoreKey ->
[?]NtSetValueKey ->
[?]NtTerminateProcess ->

Běžící procesy
================================================================

C:\PROGRAM FILES\AVIRA\ANTIVIR DESKTOP\SCHED.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE
C:\WINDOWS\SYSTEM32\EMAUDSV.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR DESKTOP\AVGNT.EXE

Scanner
================================================================
[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]

[?] sched.exe
Nemá okno
Soubor 7%

[?] avguard.exe
Nemá okno
Soubor 7%

[?] emaudsv.exe
Non Microsoft v System32:
Nemá okno
Soubor 7%

[R] AAWTray.exe
Spouští se po startu HKLM Run [Ad-Watch]

[R] igfxtray.exe
Spouští se po startu HKLM Run [IgfxTray]

[R] hkcmd.exe
Spouští se po startu HKLM Run [HotKeysCmds]

[R] igfxpers.exe
Spouští se po startu HKLM Run [Persistence]

[?] RTHDCPL.exe
Spouští se po startu HKLM Run [RTHDCPL]

[?] avgnt.exe
Spouští se po startu HKLM Run [avgnt]
Soubor 7%

[R] OpWareSE4.exe
Spouští se po startu HKLM Run [OpwareSE4]

[R] BJMYPRT.EXE
Spouští se po startu HKLM Run [CanonMyPrinter]

[S] ctfmon.exe
Spouští se po startu HKCU Run [CTFMON.EXE]

[S] msmsgs.exe
Spouští se po startu HKCU Run [MSMSGS]

[R] GoogleToolbarNotifier.exe
Spouští se po startu HKCU Run [swg]

[R] Skype.exe
Spouští se po startu HKCU Run [Skype]

[R] SSScheduler.exe
Spouští se po startu Po spuštění []

[R] skypePM.exe
EntryPoint v sekci: CODE
|_ Celkový počet sekcí: 8

Po spuštění
================================================================

HKCU Run
|_ [S][MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
|_ [R][Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

HKLM Run
|_ [?][RTHDCPL] C:\WINDOWS\RTHDCPL.EXE
|_ [?][SkyTel] C:\WINDOWS\SkyTel.EXE
|_ [?][Alcmtr] C:\WINDOWS\ALCMTR.EXE
|_ [?][avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min
|_ [R][SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
|_ [?][QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime
|_ [R][CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
|_ [R][CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

HKLM RunServices
|_ [X][csrcs] C:\WINDOWS\system32\csrcs.exe (Soubor nenalezen)

HKLM Explorer\Run
|_ [X][csrcs] C:\WINDOWS\system32\csrcs.exe (Soubor nenalezen)

HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] C:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] C:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp11.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll

HKLM Winlogon
|_ [?][Shell] Explorer.exe csrcs.exe

HKLM Winlogon Notify
|_ [?][igfxcui] C:\WINDOWS\system32\igfxdev.dll

Job
|_ [X][REALUP~2.JOB] C:\Program Files\Real\RealUpgrade\realupgrade.exe (Soubor nenalezen)
|_ [X][REALUP~1.JOB] C:\Program Files\Real\RealUpgrade\realupgrade.exe (Soubor nenalezen)

HKCU IE Toolbar
|_ [X][{1E796980-9CC5-11D1-A83F-00C04FC99D61}] (Soubor nenalezen)

Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] Avira AntiVir Scheduler
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\sched.exe
| |_ Výrobce: Avira GmbH
| |_ Popis: Antivirus Scheduler
| |_ MD5: 9015BC03F62940527EC92D45EE89E46F
|
|_ Jméno: AntiVirSchedulerService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:

[?] Avira AntiVir Guard
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
| |_ Výrobce: Avira GmbH
| |_ Popis: Antivirus On-Access Service
| |_ MD5: B8720A787C1223492E6F319465E996CE
|
|_ Jméno: AntiVirService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:

[?] E-MU Audio Service
|_ Cesta: C:\WINDOWS\system32\emaudsv.exe
| |_ Výrobce: E-MU Systems
| |_ Popis: E-MU Audio Service
| |_ MD5: 2D77C535D32688D5FD6CD05C04E27948
|
|_ Jméno: emaudsv
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency: PlugPlay

Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[X] esgiguard
|_ Cesta: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: esgiguard
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] ialm
|_ Cesta: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
| |_ Výrobce: Intel Corporation
| |_ Popis: Intel Graphics Miniport Driver
| |_ MD5: C4018896856A1A1F1F3A0A6EE7206551
|
|_ Jméno: ialm
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] iRiver Internet Audio Player IFP-100
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ifpusb.sys
| |_ Výrobce: iRiver, Inc.
| |_ Popis: iRiver Internet Audio Player USB Driver
| |_ MD5: 7ECFD849D2F4B1F01B10B711B1F96BB5
|
|_ Jméno: IFPUSB
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Service for Realtek HD Audio (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\RtkHDAud.sys
| |_ Výrobce: Realtek Semiconductor Corp.
| |_ Popis: Realtek(r) High Definition Audio Function Driver
| |_ MD5: EB5608FD4F2961517AC9F5CAC88B023B
|
|_ Jméno: IntcAzAudAddService
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (2884) Skype.exe 0.0.0.0:80 LISTENING
TCP (848) svchost.exe 0.0.0.0:135 LISTENING
TCP (2884) Skype.exe 0.0.0.0:443 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (2884) Skype.exe 0.0.0.0:18001 LISTENING
TCP (1620) alg.exe 127.0.0.1:1025 LISTENING
TCP (4) Systém 192.168.1.100:139 LISTENING
TCP (2884) Skype.exe 192.168.1.100:1035 <-> 79.116.235.154:34631 ESTABLISHED
TCP (1132) AAWService.exe 192.168.1.100:1233 CLOSE_WAIT
TCP (1132) AAWService.exe 192.168.1.100:1234 CLOSE_WAIT
TCP (0) 192.168.1.100:1895 TIME_WAIT
TCP (0) 192.168.1.100:1896 TIME_WAIT
TCP (0) 192.168.1.100:1898 TIME_WAIT
TCP (0) 192.168.1.100:1899 TIME_WAIT
TCP (0) 192.168.1.100:1901 TIME_WAIT
TCP (0) 192.168.1.100:1902 TIME_WAIT
TCP (0) 192.168.1.100:1904 TIME_WAIT
TCP (0) 192.168.1.100:1905 TIME_WAIT
UDP (2884) Skype.exe 0.0.0.0:443 <-> 90.183.38.65:110 ESTABLISHED
UDP (4) Systém 0.0.0.0:445
UDP (600) lsass.exe 0.0.0.0:500
UDP (600) lsass.exe 0.0.0.0:4500
UDP (2884) Skype.exe 0.0.0.0:18001
UDP (916) svchost.exe 127.0.0.1:123
UDP (2884) Skype.exe 127.0.0.1:1032
UDP (4220) iexplore.exe 127.0.0.1:1563
UDP (1060) svchost.exe 127.0.0.1:1900
UDP (916) svchost.exe 192.168.1.100:123
UDP (4) Systém 192.168.1.100:137
UDP (4) Systém 192.168.1.100:138
UDP (1060) svchost.exe 192.168.1.100:1900

Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] unrar.dll
|_ Cesta: C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
|_ MD5: 5B5DB8A0D5FB1CE6BC7261DBD2604822
|_ Výrobce: ?
|_ Procesy
|_ AAWService.exe (1132)

[?] shellext7.dll
|_ Cesta: C:\Program Files\Zoner\Photo Studio 7\Program\ShellExt7.dll
|_ MD5: 2A1D33255FD1C11124620459C08370EA
|_ Výrobce: ZONER software
|_ Procesy
|_ explorer.exe (1316)

[?] shlext.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\shlext.dll
|_ MD5: 318B0D2CF5470F724B217498553D36E6
|_ Výrobce: Avira GmbH
|_ Procesy
|_ explorer.exe (1316)

[?] ophookse4.dll
|_ Cesta: C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll
|_ MD5: FBA22C413FE8B13BA49D7535174DDBEF
|_ Výrobce: Nuance Communications, Inc.
|_ Procesy
|_ explorer.exe (1316)
|_ AAWTray.exe (2440)
|_ igfxtray.exe (2588)
|_ hkcmd.exe (2596)
|_ igfxpers.exe (2620)
|_ RTHDCPL.exe (2680)
|_ avgnt.exe (2704)
|_ OpWareSE4.exe (2724)
|_ BJMYPRT.EXE (2800)
|_ ctfmon.exe (2828)
|_ msmsgs.exe (2856)
|_ GoogleToolbarNotifier.exe (2864)
|_ Skype.exe (2884)
|_ skypePM.exe (3444)
|_ msimn.exe (3436)
|_ iexplore.exe (4320)
|_ iexplore.exe (4220)
|_ UPM.exe (3044)

[?] avevtlog.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll
|_ MD5: 8C3372E134E788CCB190913075619948
|_ Výrobce: Avira GmbH
|_ Procesy
|_ sched.exe (1468)
|_ avguard.exe (1760)

[?] sqlite3.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
|_ MD5: 22064F0107F144ACAA6BF444EBACA212
|_ Výrobce: ?
|_ Procesy
|_ sched.exe (1468)
|_ avguard.exe (1760)

[?] avpref.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avpref.dll
|_ MD5: FB8E5AFBD9F99446888ED1DF354AD28B
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] smtplib.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\smtplib.dll
|_ MD5: 4DAD5D05D96D57DA36F61C40D3FB7241
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] avgio.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avgio.dll
|_ MD5: E6279DB37754828A2F5016FDEEA25A0F
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] aecore.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aecore.dll
|_ MD5: ABBCB1867AD6C83615EF99220B25A3AD
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] aevdf.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aevdf.dll
|_ MD5: 100CAAF3542FB51FECA9C09DB1CB940D
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] aescript.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aescript.dll
|_ MD5: 8A471B46A195272B2F77BC30891A5221
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] aescn.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aescn.dll
|_ MD5: 2EE40BD646AE9E2AEA3282F2C86A05AD
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] aesbx.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aesbx.dll
|_ MD5: F3A07C983A0EE71D150BCFF15F6B40EC
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] aerdl.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aerdl.dll
|_ MD5: C56E00C5335383893257C5B1C1334D9C
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] aepack.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aepack.dll
|_ MD5: B2E908FFA076318BE80815A7DEA6FC83
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[!] unacev2.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\unacev2.dll
|_ MD5: F9622B84D0050D590CE71FD882A130EE
|_ Výrobce: ACE Compression Software
|_ Procesy
|_ avguard.exe (1760)

[?] aeoffice.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll
|_ MD5: 76AE96973EECFA76A88264FD873E5B26
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] aeheur.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aeheur.dll
|_ MD5: 94BB0C34A6CE650AF0F653914C59C4E3
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] aehelp.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aehelp.dll
|_ MD5: 282FF189AA970391CF1B7544A1A8A383
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] aegen.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aegen.dll
|_ MD5: 207DB427AEB4741D4CE7DB40AC603885
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] aeemu.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aeemu.dll
|_ MD5: 2364E3D43E8839AE6F47D4CA9AE05762
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] aebb.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aebb.dll
|_ MD5: 7E3D9E781E7D2E099BD424B188FBC9AA
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)

[?] avipc.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avipc.dll
|_ MD5: 2013FBA8166C3EF321F15917A4957B9F
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (1760)
|_ avgnt.exe (2704)

[?] ccgen.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\ccgen.dll
|_ MD5: 6773F1370B793DA385EB8B476595C103
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (2704)

[?] ccguard.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\ccguard.dll
|_ MD5: CE1FCCFC91C0A14DE738D03D252F87B1
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (2704)

[?] ccupdate.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\ccupdate.dll
|_ MD5: 2A13898F9AAC250EAD07C7267B16C49D
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (2704)

[?] cclic.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\cclic.dll
|_ MD5: E77B57B521E5212F341338CC7C4ADCDC
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (2704)

[?] ccmsg.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\ccmsg.dll
|_ MD5: 1D03CC5A2EE7204E7222405F71841FC2
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (2704)

[?] cclib.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\cclib.dll
|_ MD5: 580D9DC5EFFBFEF0B2A2186F947BF3EA
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (2704)

================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Děkuji. Zde je log z Combofixu:

ComboFix 10-08-24.0C - Owner 26.08.2010 10:09:25.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1579 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\KBD0.dll
c:\windows\system32\msvcsv60.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-26 do 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-25 17:43 . 2010-08-25 17:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-25 17:19 . 2010-08-25 20:15 -------- d-----w- c:\program files\Ultimate Process Manager
2010-08-25 14:48 . 2010-08-25 14:48 -------- d-----w- c:\program files\Enigma Software Group
2010-08-25 14:48 . 2010-08-25 19:19 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-25 14:44 . 2010-08-25 14:44 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-08-19 11:58 . 2010-08-19 11:58 -------- d-----w- c:\program files\ConvertHelper
2010-08-19 11:54 . 2010-08-19 11:54 -------- d-----w- c:\documents and settings\Owner\dwhelper
2010-08-15 20:51 . 2010-08-15 20:52 -------- d-----w- c:\program files\Any Video Convertor
2010-08-02 09:04 . 2004-08-03 20:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-08-02 09:04 . 2004-08-03 20:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-08-02 08:58 . 2010-08-02 08:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-30 06:56 . 2010-07-30 06:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-30 06:55 . 2010-07-30 06:55 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-30 06:55 . 2010-07-30 06:55 -------- d-----w- c:\windows\system32\LogFiles
2010-07-30 06:45 . 2010-07-30 06:45 -------- d-----w- c:\program files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 19:39 . 2009-10-20 22:58 -------- d-----w- c:\program files\Google
2010-08-25 14:48 . 2009-10-22 06:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-22 13:05 . 2010-07-25 16:54 -------- d-----w- c:\program files\Avidemux
2010-08-12 12:15 . 2009-10-22 18:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 12:15 . 2009-10-22 13:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-12 12:15 . 2006-03-02 12:00 91040 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 12:15 . 2006-03-02 12:00 454696 ----a-w- c:\windows\system32\perfh005.dat
2010-07-30 06:45 . 2009-10-21 20:26 -------- d-----w- c:\program files\Common Files\Real
2010-07-30 06:45 . 2009-10-21 20:26 -------- d-----w- c:\program files\Real
2010-07-25 18:29 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-25 18:29 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-21 16:46 . 2010-07-21 16:46 -------- d-----w- c:\program files\VideoLAN
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-17 05:56 . 2010-06-17 05:56 16 ----a-w- c:\windows\msocreg32.dat
2010-06-17 05:41 . 2010-06-17 05:41 2892 ----a-w- c:\windows\system32\audcon.sys
2010-06-14 14:31 . 2009-10-20 09:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 20:41 . 2010-06-10 20:41 0 ----a-w- c:\windows\nsreg.dat
2009-10-20 23:48 . 2009-10-20 23:48 677 ----a-w- c:\program files\Zástupce - SRAEB.lnk
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-22 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-08-12 864624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\winbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22.10.2009 15:42 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.10.2009 0:41 108289]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [17.6.2010 7:34 20992]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.8.2010 14:15 1355416]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12.8.2010 14:15 15008]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [17.6.2010 7:34 163352]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10.3.2010 8:18 24216]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [17.6.2010 7:41 18432]
.
Obsah adresáře 'Naplánované úlohy'

2010-08-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]

2010-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\govihvr9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove- - c:\windows\ \Setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 10:16
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-08-26 10:18:08
ComboFix-quarantined-files.txt 2010-08-26 08:18

Před spuštěním: Volných bajtů: 423 979 536 384
Po spuštění: Volných bajtů: 425 428 520 960

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 873ECAAD8B75D95FD76C5D2835A89F2E

Avira stále ukazuje virus TR/Dropper.Gen Trojan

Přikládám současný log z Combofix. Děkuji za radu.

ComboFix 10-08-24.0C - Owner 26.08.2010 17:45:55.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1338 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-26 do 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-25 17:43 . 2010-08-25 17:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-25 17:19 . 2010-08-26 14:45 -------- d-----w- c:\program files\Ultimate Process Manager
2010-08-25 14:48 . 2010-08-25 14:48 -------- d-----w- c:\program files\Enigma Software Group
2010-08-25 14:48 . 2010-08-25 19:19 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-25 14:44 . 2010-08-25 14:44 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-08-19 11:58 . 2010-08-19 11:58 -------- d-----w- c:\program files\ConvertHelper
2010-08-19 11:54 . 2010-08-19 11:54 -------- d-----w- c:\documents and settings\Owner\dwhelper
2010-08-15 20:51 . 2010-08-15 20:52 -------- d-----w- c:\program files\Any Video Convertor
2010-08-02 09:04 . 2004-08-03 20:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-08-02 09:04 . 2004-08-03 20:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-08-02 08:58 . 2010-08-02 08:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-30 06:56 . 2010-07-30 06:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-30 06:55 . 2010-07-30 06:55 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-30 06:55 . 2010-07-30 06:55 -------- d-----w- c:\windows\system32\LogFiles
2010-07-30 06:45 . 2010-07-30 06:45 -------- d-----w- c:\program files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 19:39 . 2009-10-20 22:58 -------- d-----w- c:\program files\Google
2010-08-25 14:48 . 2009-10-22 06:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-22 13:05 . 2010-07-25 16:54 -------- d-----w- c:\program files\Avidemux
2010-08-12 12:15 . 2009-10-22 18:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 12:15 . 2009-10-22 13:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-12 12:15 . 2006-03-02 12:00 91040 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 12:15 . 2006-03-02 12:00 454696 ----a-w- c:\windows\system32\perfh005.dat
2010-07-30 06:45 . 2009-10-21 20:26 -------- d-----w- c:\program files\Common Files\Real
2010-07-30 06:45 . 2009-10-21 20:26 -------- d-----w- c:\program files\Real
2010-07-25 18:29 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-25 18:29 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-21 16:46 . 2010-07-21 16:46 -------- d-----w- c:\program files\VideoLAN
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-17 05:56 . 2010-06-17 05:56 16 ----a-w- c:\windows\msocreg32.dat
2010-06-17 05:41 . 2010-06-17 05:41 2892 ----a-w- c:\windows\system32\audcon.sys
2010-06-14 14:31 . 2009-10-20 09:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 20:41 . 2010-06-10 20:41 0 ----a-w- c:\windows\nsreg.dat
2009-10-20 23:48 . 2009-10-20 23:48 677 ----a-w- c:\program files\Zástupce - SRAEB.lnk
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-22 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-08-12 864624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Owner\\Plocha\\winbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22.10.2009 15:42 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.10.2009 0:41 108289]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [17.6.2010 7:34 20992]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.8.2010 14:15 1355416]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12.8.2010 14:15 15008]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [17.6.2010 7:34 163352]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10.3.2010 8:18 24216]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [17.6.2010 7:41 18432]
.
Obsah adresáře 'Naplánované úlohy'

2010-08-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]

2010-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\govihvr9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 17:51
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1220)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-26 17:52:13
ComboFix-quarantined-files.txt 2010-08-26 15:52
ComboFix2.txt 2010-08-26 08:18

Před spuštěním: Volných bajtů: 425 064 382 464
Po spuštění: Volných bajtů: 425 102 295 040

- - End Of File - - CCE120E9BFAD18B03239348F99BE63C2

V logu není vidět. Ve kterém souboru se nachází?

VIRY.CZ

DR/Autoit.YH.344

DR/Autoit.YH.344

Re: DR/Autoit.YH.344

Re: DR/Autoit.YH.344

Re: DR/Autoit.YH.344

Re: DR/Autoit.YH.344