VIRY.CZ

mám v pc dvou soubory - kdoan.sys a mjvpvgz.sys které neumí avast odstarnit.
děkuji za radu co s tím.

výpis logu:

ComboFix 10-10-22.05 - admin 23.10.2010 20:01:00.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.895.389 [GMT 2:00]
Spuštěný z: d:\_download\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 101023-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\mjvpvgz.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_mjvpvgz
-------\Service_mjvpvgz


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-23 do 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-23 17:33 . 2010-10-23 17:33 -------- d-----w- c:\documents and settings\admin\Local Settings\Data aplikací\AskToolbar
2010-10-22 17:56 . 2010-10-23 18:12 756224 ----a-w- c:\windows\system32\drivers\kdoan.sys
2010-10-19 09:47 . 2010-10-19 09:47 -------- d-----w- c:\program files\Ask.com
2010-10-07 18:42 . 2010-10-07 18:42 -------- d-----w- c:\documents and settings\admin\Data aplikací\Malwarebytes
2010-10-07 18:42 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-07 18:41 . 2010-10-07 18:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-07 18:41 . 2010-10-07 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-07 18:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-07 08:42 . 2010-10-07 11:04 -------- d-----w- c:\documents and settings\admin\Data aplikací\AIMP
2010-10-07 08:29 . 2010-10-07 08:29 -------- d-----w- c:\program files\AIMP2

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 07:07 . 2010-09-01 07:07 22558023 ----a-w- c:\windows\system32\CDSM_CDSM Designer_uninstaller.exe
2010-08-06 12:22 . 2007-10-28 18:08 94208 ----a-w- c:\windows\DUMP50b0.tmp
.

((((((((((((((((((((((((((((( SnapShot@2010-10-15_08.01.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-23 18:04 . 2010-10-23 18:04 16384 c:\windows\Temp\Perflib_Perfdata_734.dat
+ 2010-10-23 09:40 . 2010-10-23 09:40 16384 c:\windows\Temp\Perflib_Perfdata_72c.dat
+ 2010-10-23 18:04 . 2010-10-23 18:04 16384 c:\windows\Temp\Perflib_Perfdata_220.dat
+ 2010-10-15 18:48 . 2010-10-23 18:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-15 08:01 . 2010-10-15 08:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-28 17:28 . 2010-10-15 08:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-10-28 17:28 . 2010-10-23 18:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-10-15 18:48 . 2010-10-23 18:05 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-10-28 17:28 . 2010-10-15 08:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-10-19 09:47 . 2010-10-19 09:47 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2010-10-19 09:47 . 2010-10-19 09:47 1904640 c:\windows\Installer\b56557.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-17 16:43 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-17 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-17 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\AutorunsDisabled
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.4.2008 0:13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.4.2008 0:13 20560]
S3 5249569c070ed6b5;5249569c070ed6b5;\??\c:\windows\TEMP\940037ac3795 --> c:\windows\TEMP\940037ac3795 [?]
S3 af36d2516e9b5b2d;af36d2516e9b5b2d;\??\c:\windows\TEMP\92405e34f161 --> c:\windows\TEMP\92405e34f161 [?]
S3 AF9035BDA;GIGABYTE U7200 DVB-T Devices;c:\windows\system32\drivers\AF9035BDA.sys [29.5.2008 15:39 244096]
S4 078f0aba1620ca71;078f0aba1620ca71;\??\c:\windows\TEMP\9200682dd558 --> c:\windows\TEMP\9200682dd558 [?]
S4 0f971ebf42779f9b;0f971ebf42779f9b;\??\c:\windows\TEMP\9320c235a74a --> c:\windows\TEMP\9320c235a74a [?]
S4 10270bb7faa2f395;10270bb7faa2f395;\??\c:\windows\TEMP\92804bdbc8e5 --> c:\windows\TEMP\92804bdbc8e5 [?]
S4 159048c36599f5fd;159048c36599f5fd;\??\c:\windows\TEMP\92007631051 --> c:\windows\TEMP\92007631051 [?]
S4 1f3193a667460dca;1f3193a667460dca;\??\c:\windows\TEMP\9200ed1318db --> c:\windows\TEMP\9200ed1318db [?]
S4 21daad4a110130e9;21daad4a110130e9;\??\c:\windows\TEMP\9320aa22c075 --> c:\windows\TEMP\9320aa22c075 [?]
S4 2baebbe02e20191d;2baebbe02e20191d;\??\c:\windows\TEMP\92003da71f91 --> c:\windows\TEMP\92003da71f91 [?]
S4 35179bebb8e8cab3;35179bebb8e8cab3;\??\c:\windows\TEMP\92003a05f677 --> c:\windows\TEMP\92003a05f677 [?]
S4 4ccc71471f0eab03;4ccc71471f0eab03;\??\c:\windows\TEMP\92005d95e76d --> c:\windows\TEMP\92005d95e76d [?]
S4 53d3e5734868f3ba;53d3e5734868f3ba;\??\c:\windows\TEMP\9200aee16eaa --> c:\windows\TEMP\9200aee16eaa [?]
S4 61e6fb59dfa2c3e9;61e6fb59dfa2c3e9;\??\c:\windows\TEMP\92007d903262 --> c:\windows\TEMP\92007d903262 [?]
S4 64e9ca2ec768e6de;64e9ca2ec768e6de;\??\c:\windows\TEMP\920021cc7eb9 --> c:\windows\TEMP\920021cc7eb9 [?]
S4 71231cead0956b8d;71231cead0956b8d;\??\c:\windows\TEMP\9200ca3f533d --> c:\windows\TEMP\9200ca3f533d [?]
S4 9e7d78327bbd610e;9e7d78327bbd610e;\??\c:\windows\TEMP\9240dc18d502 --> c:\windows\TEMP\9240dc18d502 [?]
S4 b61e06d104588609;b61e06d104588609;\??\c:\windows\TEMP\9240ed8981c5 --> c:\windows\TEMP\9240ed8981c5 [?]
S4 bf7a9dc80811dafa;bf7a9dc80811dafa;\??\c:\windows\TEMP\92009089621e --> c:\windows\TEMP\92009089621e [?]
S4 c69e8e8de2f496ec;c69e8e8de2f496ec;\??\c:\windows\TEMP\9200e6037d68 --> c:\windows\TEMP\9200e6037d68 [?]
S4 cf5ecafa7c2ed4d4;cf5ecafa7c2ed4d4;\??\c:\windows\TEMP\92401b04169b --> c:\windows\TEMP\92401b04169b [?]
S4 cffc5fdfcd0d8579;cffc5fdfcd0d8579;\??\c:\windows\TEMP\92004085f092 --> c:\windows\TEMP\92004085f092 [?]
S4 d667dcbe3929be43;d667dcbe3929be43;\??\c:\windows\TEMP\9280c5fa95f0 --> c:\windows\TEMP\9280c5fa95f0 [?]
S4 dd24e9cc406a726a;dd24e9cc406a726a;\??\c:\windows\TEMP\9200583b6812 --> c:\windows\TEMP\9200583b6812 [?]
S4 f3c68bc4c8f51a06;f3c68bc4c8f51a06;\??\c:\windows\TEMP\92405952bbbf --> c:\windows\TEMP\92405952bbbf [?]
S4 f42efddd14a91613;f42efddd14a91613;\??\c:\windows\TEMP\9200be4dfcf0 --> c:\windows\TEMP\9200be4dfcf0 [?]
S4 fdf9c64d7c0e7240;fdf9c64d7c0e7240;\??\c:\windows\TEMP\932028d180da --> c:\windows\TEMP\932028d180da [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - kdoan
.
Obsah adresáře 'Naplánované úlohy'

2010-10-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-17 16:43]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\pwbdbsdi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 20:12
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\078f0aba1620ca71]
"ImagePath"="\??\c:\windows\TEMP\9200682dd558"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0f971ebf42779f9b]
"ImagePath"="\??\c:\windows\TEMP\9320c235a74a"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\10270bb7faa2f395]
"ImagePath"="\??\c:\windows\TEMP\92804bdbc8e5"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\159048c36599f5fd]
"ImagePath"="\??\c:\windows\TEMP\92007631051"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1f3193a667460dca]
"ImagePath"="\??\c:\windows\TEMP\9200ed1318db"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\21daad4a110130e9]
"ImagePath"="\??\c:\windows\TEMP\9320aa22c075"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\2baebbe02e20191d]
"ImagePath"="\??\c:\windows\TEMP\92003da71f91"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\35179bebb8e8cab3]
"ImagePath"="\??\c:\windows\TEMP\92003a05f677"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\4ccc71471f0eab03]
"ImagePath"="\??\c:\windows\TEMP\92005d95e76d"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5249569c070ed6b5]
"ImagePath"="\??\c:\windows\TEMP\940037ac3795"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\53d3e5734868f3ba]
"ImagePath"="\??\c:\windows\TEMP\9200aee16eaa"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\61e6fb59dfa2c3e9]
"ImagePath"="\??\c:\windows\TEMP\92007d903262"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\64e9ca2ec768e6de]
"ImagePath"="\??\c:\windows\TEMP\920021cc7eb9"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\71231cead0956b8d]
"ImagePath"="\??\c:\windows\TEMP\9200ca3f533d"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\9e7d78327bbd610e]
"ImagePath"="\??\c:\windows\TEMP\9240dc18d502"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\af36d2516e9b5b2d]
"ImagePath"="\??\c:\windows\TEMP\92405e34f161"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b61e06d104588609]
"ImagePath"="\??\c:\windows\TEMP\9240ed8981c5"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bf7a9dc80811dafa]
"ImagePath"="\??\c:\windows\TEMP\92009089621e"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c69e8e8de2f496ec]
"ImagePath"="\??\c:\windows\TEMP\9200e6037d68"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cf5ecafa7c2ed4d4]
"ImagePath"="\??\c:\windows\TEMP\92401b04169b"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cffc5fdfcd0d8579]
"ImagePath"="\??\c:\windows\TEMP\92004085f092"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d667dcbe3929be43]
"ImagePath"="\??\c:\windows\TEMP\9280c5fa95f0"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dd24e9cc406a726a]
"ImagePath"="\??\c:\windows\TEMP\9200583b6812"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\f3c68bc4c8f51a06]
"ImagePath"="\??\c:\windows\TEMP\92405952bbbf"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\f42efddd14a91613]
"ImagePath"="\??\c:\windows\TEMP\9200be4dfcf0"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fdf9c64d7c0e7240]
"ImagePath"="\??\c:\windows\TEMP\932028d180da"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kdoan]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1732)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2010-10-23 20:14:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-23 18:14
ComboFix2.txt 2010-10-15 08:04

Před spuštěním: Volných bajtů: 25 932 341 248
Po spuštění: Volných bajtů: 25 914 732 544

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - DAB0BCBC02F9F5A1221DBB26DDB48B19

Zdravim,

vidim v pc nainstalovany MBAM,takze -

Pouzijte MBAM

instalace,uplny sken,vlozit sem log-NIC NEMAZAT!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4929

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

23.10.2010 23:09:55
mbam-log-2010-10-23 (23-09-55).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 204764
Uplynulý čas: 57 minuta(y), 34 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Program Files\Google\Google Earth Pro\crack.exe (Malware.Packer.Gen) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\mjvpvgz.sys.vir (Rootkit.Bubnix) -> No action taken.
C:\System Volume Information\_restore{1D5D4DDE-784C-4EC3-9551-161AE02D9F46}\RP736\A0076892.sys (Rootkit.Bubnix) -> No action taken.

Smazte co MBAM nasel.

Stahnete OTL

spustte, oznacte "Pro vsechny uzivatele,30 dnů zmente na 7,kliknete na Prohledat,

po skonceni skenu sem vlozte obsah logu z OTL.txt.

OTL logfile created on: 25.10.2010 10:46:59 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = D:\_download
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

895,00 Mb Total Physical Memory | 458,00 Mb Available Physical Memory | 51,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 24,09 Gb Free Space | 49,33% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 108,99 Gb Free Space | 59,22% Space Free | Partition Type: NTFS

Computer Name: USER-3FF90EED51 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2010.10.25 09:46:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\_download\OTL.exe
PRC - [2009.11.25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.11.09 05:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006.05.18 15:36:14 | 000,450,560 | ---- | M] (Seznam.cz a.s.) -- C:\Program Files\Seznam\Postak\Postak.exe
PRC - [2006.04.29 15:21:28 | 000,094,208 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2005.09.24 08:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.10.25 09:46:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\_download\OTL.exe
MOD - [2006.05.03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004.08.17 15:48:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rtl8185.sys -- (rtl8185)
DRV - File not found [Kernel | Disabled | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009.11.25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.11.09 05:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.02.28 13:06:44 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.05.29 15:39:42 | 000,244,096 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF9035BDA.sys -- (AF9035BDA)
DRV - [2007.09.05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007.08.07 21:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007.06.16 23:16:39 | 000,031,616 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2007.04.10 13:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.03.14 03:57:50 | 001,972,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.02.16 02:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007.02.06 18:43:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.02.05 11:23:20 | 003,624,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2006.07.01 23:42:58 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&o ... &gfns=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.yahoo.com/search?ei=UTF-8 ... e=vdio5&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.20 17:53:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.20 17:53:51 | 000,000,000 | ---D | M]

[2008.12.05 21:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Extensions
[2010.10.19 20:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\pwbdbsdi.default\extensions
[2010.10.23 20:34:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.09 11:31:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.07.09 11:31:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007.06.11 14:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2010.09.09 08:25:16 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.09.09 08:25:16 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.09.09 08:25:16 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.09.09 08:25:16 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.09.09 08:25:16 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.10.23 20:12:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&S-Rank) - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll (Seznam.cz a.s.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SMail] C:\Program Files\Seznam\Postak\Postak.exe (Seznam.cz a.s.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - Startup: C:\Documents and Settings\admin\Nabídka Start\Programy\Po spuštění\AutorunsDisabled [2010.08.06 19:33:17 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\AutorunsDisabled [2010.08.06 19:26:25 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.108.44.6 89.185.242.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.28 19:24:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.08.06 19:30:22 | 000,000,000 | ---D | M] - D:\autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2010.10.23 20:00:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.10.23 19:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Data aplikací\AskToolbar
[2010.10.23 12:01:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Recent
[2010.10.19 11:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.10.25 10:49:22 | 000,756,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\kdoan.sys
[2010.10.25 10:45:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.25 10:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.10.25 09:35:18 | 000,000,465 | ---- | M] () -- C:\Documents and Settings\admin\Data aplikací\burnaware.ini
[2010.10.23 20:12:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.10.23 20:00:24 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.10.23 20:00:24 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010.10.23 20:00:21 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2010.10.22 19:56:09 | 000,756,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\kdoan.sys
[2010.10.19 11:47:49 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.07.29 20:36:35 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\admin\Data aplikací\ImageTuner.ini
[2010.07.24 19:29:51 | 000,814,080 | ---- | C] () -- C:\WINDOWS\System32\semtempl.dll
[2010.07.24 19:29:51 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010.07.24 19:29:51 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\arcdll.dll
[2010.07.24 19:29:51 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010.07.24 19:29:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\hashfunc.dll
[2010.06.16 13:02:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010.05.10 07:39:00 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\admin\Data aplikací\AutoGK.ini
[2009.05.08 18:57:09 | 000,000,465 | ---- | C] () -- C:\Documents and Settings\admin\Data aplikací\burnaware.ini
[2009.03.29 11:16:02 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.03.29 11:09:32 | 000,014,694 | ---- | C] () -- C:\WINDOWS\System32\Main.ini
[2009.01.25 23:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.01.09 01:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.01.05 21:41:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\LauncherAccess.dt
[2008.12.03 19:29:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008.09.06 00:31:14 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2008.09.06 00:30:06 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2008.08.26 21:52:57 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
[2008.08.26 21:52:57 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\0D794BEC5C.sys
[2008.06.29 09:37:15 | 000,024,501 | ---- | C] () -- C:\Documents and Settings\admin\Data aplikací\Update_HP_RedboxHprblog_HPSU.log
[2008.06.29 09:37:15 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008.06.12 21:51:07 | 002,829,592 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2008.03.23 11:47:39 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008.01.19 22:13:01 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.16 07:33:07 | 000,000,851 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.01.16 07:31:40 | 000,003,070 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.11.28 21:30:02 | 000,003,944 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2007.11.16 23:01:37 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2007.11.14 06:57:54 | 000,223,744 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
[2007.10.28 20:16:29 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.02.01 16:10:30 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\exasd_.dll
[2004.07.17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001.07.06 16:30:00 | 000,003,165 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[2001.01.12 11:49:38 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 1217 bytes -> C:\Program Files\WindowsUpdate:ycScuhsOuQnmUUHlbGAz
@Alternate Data Stream - 1190 bytes -> C:\Documents and Settings\All Users\Data aplikací\Microsoft:YMYXsPJ5WGx6cx12oiF7
@Alternate Data Stream - 1025 bytes -> C:\Documents and Settings\All Users\Data aplikací\Microsoft:qsByR42oCZOQSuP8PKWx8

< End of report >

Odinstalujte Ask toolbar.

otestujte na VIRUSTOTALu

C:\WINDOWS\System32\semtempl.dll

C:\WINDOWS\System32\exasd_.dll

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)

Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.

Potom vam napisu skript na docisteni pc.

nevím, zda sem vložím správná data (ne úplně jsem se orientoval)

report pro C:\WINDOWS\System32\semtempl.dll

Antivirus Version Last Update Result
AhnLab-V3 2010.10.25.00 2010.10.25 -
AntiVir 7.10.13.37 2010.10.25 -
Antiy-AVL 2.0.3.7 2010.10.25 -
Authentium 5.2.0.5 2010.10.24 -
Avast 4.8.1351.0 2010.10.25 -
Avast5 5.0.594.0 2010.10.25 -
AVG 9.0.0.851 2010.10.25 -
BitDefender 7.2 2010.10.25 -
CAT-QuickHeal 11.00 2010.10.25 -
ClamAV 0.96.2.0-git 2010.10.25 PUA.Packed.ASPack
Comodo 6504 2010.10.25 -
DrWeb 5.0.2.03300 2010.10.25 -
Emsisoft 5.0.0.50 2010.10.25 -
eSafe 7.0.17.0 2010.10.25 -
eTrust-Vet 36.1.7933 2010.10.25 -
F-Prot 4.6.2.117 2010.10.24 -
F-Secure 9.0.16160.0 2010.10.25 -
Fortinet 4.2.249.0 2010.10.25 -
GData 21 2010.10.25 -
Ikarus T3.1.1.90.0 2010.10.25 -
Jiangmin 13.0.900 2010.10.25 -
K7AntiVirus 9.66.2830 2010.10.25 -
Kaspersky 7.0.0.125 2010.10.25 -
McAfee 5.400.0.1158 2010.10.25 -
McAfee-GW-Edition 2010.1C 2010.10.25 -
Microsoft 1.6301 2010.10.25 -
NOD32 5562 2010.10.25 -
Norman 6.06.10 2010.10.25 -
nProtect 2010-10-25.01 2010.10.25 -
Panda 10.0.2.7 2010.10.25 -
PCTools 7.0.3.5 2010.10.25 -
Prevx 3.0 2010.10.25 -
Rising 22.70.06.04 2010.10.25 -
Sophos 4.58.0 2010.10.25 -
Sunbelt 7138 2010.10.25 -
SUPERAntiSpyware 4.40.0.1006 2010.10.25 -
Symantec 20101.2.0.161 2010.10.25 -
TheHacker 6.7.0.1.066 2010.10.25 -
TrendMicro 9.120.0.1004 2010.10.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.25 -
VBA32 3.12.14.1 2010.10.25 -
ViRobot 2010.10.25.4110 2010.10.25 -
VirusBuster 12.70.4.0 2010.10.25 -


Additional information:

MD5 : 51a8745d31ef66635848d037e8c76dd2
SHA1 : 744ed0cb3f81293933a26e26df966df00ce7ecef
SHA256: 2ca9dd00bf7c8f01986d2b9a330c92eadc24b325c0522b5fe84abc8fba47f8a2
ssdeep: 24576:mrkwnfPW+/PKWnz4GIE8l6UpsHgBshtd:Gkkf+fWnnIE8l6nHgE
File size : 814080 bytes
First seen: 2010-07-13 05:59:44
Last seen : 2010-10-25 17:48:18
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: ASProtect v1.23 RC4 build 08.07 (dll) -> Alexey Solodovnikov (h)
packers (F-Prot): Aspack
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1D7001
timedatestamp....: 0x4C3A0761 (Sun Jul 11 18:03:13 2010)
machinetype......: 0x14c (I386)

[[ 9 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
, 0x1000, 0x142000, 0x61000, 8.00, e07a7a90a82c9cf71ce2e7a3be2d9166
, 0x143000, 0x44000, 0xDC00, 7.99, 973ee800e33b1c9bd482bd54bab47512
, 0x187000, 0x1000, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
, 0x188000, 0x4000, 0x3800, 7.98, 7cfafadc65699f01b8b289a8be94417f
, 0x18C000, 0x6000, 0x5C00, 5.88, 602e36b87d5d2ec5cb21ac509f496a69
.rsrc, 0x192000, 0x31000, 0x30600, 5.26, e43f07d08cd7781538c91ed5c98f98a3
, 0x1C3000, 0x14000, 0xB600, 7.99, d7295d0688bce94562d598ea1cfc0233
.data, 0x1D7000, 0x13000, 0x12800, 7.81, 208570e88e486b4e89a91ee867ec727a
.adata, 0x1EA000, 0x1000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

[[ 12 import(s) ]]
kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
borlndmm.dll: -
wininet.dll: DeleteUrlCacheEntry
advapi32.dll: RegCloseKey
version.dll: GetFileVersionInfoA
comctl32.dll: ImageList_Add
gdi32.dll: BitBlt
user32.dll: ActivateKeyboardLayout
ole32.dll: CoCreateInstance
oleaut32.dll: GetActiveObject
cc3250mt.dll: @$bdele$qpv
oleaut32.dll: VariantChangeTypeEx

[[ 474 export(s) ]]
@$xp$14Zlibex@TZError, @$xp$15Swinhttp@TSwURL, @$xp$17Swinhttp@TSwProxy, @$xp$17Zlibex@EZLibError, @$xp$17Zlibex@TZStrategy, @$xp$18Swinhttp@TSwNotify, @$xp$18Swinhttp@TSwinHttp, @$xp$18Zlibex@TZStreamRec, @$xp$19Swinhttp@TSwProxies, @$xp$19Swinhttp@TSwRequest, @$xp$20Swinhttp@TSwResponse, @$xp$21Zlibex@TCustomZStream, @$xp$22Zlibex@EZLibErrorClass, @$xp$25Zlibex@EZCompressionError, @$xp$25Zlibex@TZCompressionLevel, @$xp$26Shdocvw_tlb@TCppWebBrowser, @$xp$26Shdocvw_tlb@TCppWebBrowser, @$xp$26Shdocvw_tlb@TCppWebBrowser, @$xp$26Shdocvw_tlb@TCppWebBrowser, @$xp$26Shdocvw_tlb@TCppWebBrowser, @$xp$26Swinhttp@TSwProxyProtocols, @$xp$26Zlibex@TZCompressionStream, @$xp$27Zlibex@EZDecompressionError, @$xp$28Shdocvw_tlb@TCppShellWindows, @$xp$28Shdocvw_tlb@TCppShellWindows, @$xp$28Shdocvw_tlb@TCppShellWindows, @$xp$28Shdocvw_tlb@TCppShellWindows, @$xp$28Shdocvw_tlb@TCppShellWindows, @$xp$28Zlibex@TZDecompressionStream, @$xp$29Shdocvw_tlb@TCppShellUIHelper, @$xp$29Shdocvw_tlb@TCppShellUIHelper, @$xp$29Shdocvw_tlb@TCppShellUIHelper, @$xp$29Shdocvw_tlb@TCppShellUIHelper, @$xp$29Shdocvw_tlb@TCppShellUIHelper, @$xp$29Shdocvw_tlb@TCppWebBrowser_V1, @$xp$29Shdocvw_tlb@TCppWebBrowser_V1, @$xp$29Shdocvw_tlb@TCppWebBrowser_V1, @$xp$29Shdocvw_tlb@TCppWebBrowser_V1, @$xp$29Shdocvw_tlb@TCppWebBrowser_V1, @$xp$32Shdocvw_tlb@TCppInternetExplorer, @$xp$32Shdocvw_tlb@TCppInternetExplorer, @$xp$32Shdocvw_tlb@TCppInternetExplorer, @$xp$32Shdocvw_tlb@TCppInternetExplorer, @$xp$32Shdocvw_tlb@TCppInternetExplorer, @$xp$36Shdocvw_tlb@TShellFavoritesNameSpace, @$xp$36Shdocvw_tlb@TShellFavoritesNameSpace, @$xp$36Shdocvw_tlb@TShellFavoritesNameSpace, @$xp$36Shdocvw_tlb@TShellFavoritesNameSpace, @$xp$36Shdocvw_tlb@TShellFavoritesNameSpace, @@Fs_csvparser@Finalize, @@Fs_csvparser@Finalize, @@Fs_csvparser@Initialize, @@Fs_csvparser@Initialize, @@Fs_google@Finalize, @@Fs_google@Initialize, @@Fs_google_captcha@Finalize, @@Fs_google_captcha@Initialize, @@Fs_google_wmt@Finalize, @@Fs_google_wmt@Initialize, @@Fs_internet@Finalize, @@Fs_internet@Initialize, @@Fs_mail_captcha@Finalize, @@Fs_mail_captcha@Initialize, @@Fs_yandex@Finalize, @@Fs_yandex@Initialize, @@Parser@Finalize, @@Parser@Initialize, @@Rambler_adwords@Finalize, @@Rambler_adwords@Initialize, @@Rambler_adwords_unit@Finalize, @@Rambler_adwords_unit@Initialize, @@Shdocvw_ocx@Finalize, @@Shdocvw_ocx@Initialize, @@Shdocvw_tlb@Finalize, @@Shdocvw_tlb@Initialize, @@Yahoo_explorer@Finalize, @@Yahoo_explorer@Initialize, @@Yahoo_search@Finalize, @@Yahoo_search@Initialize, @GoogleWebmasterLinks@$bctr$qp16Classes@TStringst1t1t1rx17System@AnsiStringt5pouiynpqi$vt1, @GoogleWebmasterLinks@$bdtr$qqrv, @GoogleWebmasterLinks@DoFinish$qqrp14System@TObject, @GoogleWebmasterLinks@Finished$qv, @GoogleWebmasterLinks@ReturnValue$qv, @MailParseCaptcha, @Ruschar@ALT2ISO$qqruc, @Ruschar@ALT2KOI$qqruc, @Ruschar@ALT2MAC$qqruc, @Ruschar@ALT2WIN$qqruc, @Ruschar@ConvertString$qqr17System@AnsiStringuc, @Ruschar@ConvertString$qqrrpciuc, @Ruschar@Finalization$qqrv, @Ruschar@ISO2ALT$qqruc, @Ruschar@ISO2KOI$qqruc, @Ruschar@ISO2MAC$qqruc, @Ruschar@ISO2WIN$qqruc, @Ruschar@KOI2ALT$qqruc, @Ruschar@KOI2ISO$qqruc, @Ruschar@KOI2MAC$qqruc, @Ruschar@KOI2WIN$qqruc, @Ruschar@MAC2ALT$qqruc, @Ruschar@MAC2ISO$qqruc, @Ruschar@MAC2KOI$qqruc, @Ruschar@MAC2WIN$qqruc, @Ruschar@WIN2ALT$qqruc, @Ruschar@WIN2ISO$qqruc, @Ruschar@WIN2KOI$qqruc, @Ruschar@WIN2MAC$qqruc, @Ruschar@WhatEncodeType$qqr17System@AnsiString, @Ruschar@initialization$qqrv, @Shdocvw_ocx@Register$qqrv, @Shdocvw_tlb@CLSID_CScriptErrorList, @Shdocvw_tlb@CLSID_CppInternetExplorer, @Shdocvw_tlb@CLSID_CppSearchAssistantOC, @Shdocvw_tlb@CLSID_CppShellBrowserWindow, @Shdocvw_tlb@CLSID_CppShellUIHelper, @Shdocvw_tlb@CLSID_CppShellWindows, @Shdocvw_tlb@CLSID_CppWebBrowser, @Shdocvw_tlb@CLSID_CppWebBrowser_V1, @Shdocvw_tlb@CLSID_ShellFavoritesNameSpace, @Shdocvw_tlb@DIID_DShellWindowsEvents, @Shdocvw_tlb@DIID_DWebBrowserEvents, @Shdocvw_tlb@DIID_DWebBrowserEvents2, @Shdocvw_tlb@DIID__SearchAssistantEvents, @Shdocvw_tlb@DIID__ShellFavoritesNameSpaceEvents, @Shdocvw_tlb@IID_IScriptErrorList, @Shdocvw_tlb@IID_ISearch, @Shdocvw_tlb@IID_ISearchAssistantOC, @Shdocvw_tlb@IID_ISearchAssistantOC2, @Shdocvw_tlb@IID_ISearches, @Shdocvw_tlb@IID_IShellFavoritesNameSpace, @Shdocvw_tlb@IID_IShellUIHelper, @Shdocvw_tlb@IID_IShellWindows, @Shdocvw_tlb@IID_IWebBrowser, @Shdocvw_tlb@IID_IWebBrowser2, @Shdocvw_tlb@IID_IWebBrowserApp, @Shdocvw_tlb@LIBID_SHDocVw, @Shdocvw_tlb@TCppInternetExplorer@, @Shdocvw_tlb@TCppInternetExplorer@, @Shdocvw_tlb@TCppInternetExplorer@, @Shdocvw_tlb@TCppInternetExplorer@, @Shdocvw_tlb@TCppInternetExplorer@, @Shdocvw_tlb@TCppInternetExplorer@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppInternetExplorer@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppInternetExplorer@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppInternetExplorer@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppInternetExplorer@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppInternetExplorer@BeforeDestruction$qqrv, @Shdocvw_tlb@TCppInternetExplorer@Connect$qqrv, @Shdocvw_tlb@TCppInternetExplorer@ConnectTo$qqr69_TComInterface$24Shdocvw_tlb@IWebBrowser2px5_GUID$gIID_IWebBrowser2$_, @Shdocvw_tlb@TCppInternetExplorer@Disconnect$qqrv, @Shdocvw_tlb@TCppInternetExplorer@GetDefaultInterface$qv, @Shdocvw_tlb@TCppInternetExplorer@GetDunk$qqrv, @Shdocvw_tlb@TCppInternetExplorer@InitServerData$qqrv, @Shdocvw_tlb@TCppInternetExplorer@InvokeEvent$qqrir42System@_DynamicArray$t17System@OleVariant_, @Shdocvw_tlb@TCppShellUIHelper@, @Shdocvw_tlb@TCppShellUIHelper@, @Shdocvw_tlb@TCppShellUIHelper@, @Shdocvw_tlb@TCppShellUIHelper@, @Shdocvw_tlb@TCppShellUIHelper@, @Shdocvw_tlb@TCppShellUIHelper@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppShellUIHelper@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppShellUIHelper@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppShellUIHelper@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppShellUIHelper@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppShellUIHelper@BeforeDestruction$qqrv, @Shdocvw_tlb@TCppShellUIHelper@Connect$qqrv, @Shdocvw_tlb@TCppShellUIHelper@ConnectTo$qqr73_TComInterface$26Shdocvw_tlb@IShellUIHelperpx5_GUID$gIID_IShellUIHelper$_, @Shdocvw_tlb@TCppShellUIHelper@Disconnect$qqrv, @Shdocvw_tlb@TCppShellUIHelper@GetDefaultInterface$qv, @Shdocvw_tlb@TCppShellUIHelper@GetDunk$qqrv, @Shdocvw_tlb@TCppShellUIHelper@InitServerData$qqrv, @Shdocvw_tlb@TCppShellWindows@, @Shdocvw_tlb@TCppShellWindows@, @Shdocvw_tlb@TCppShellWindows@, @Shdocvw_tlb@TCppShellWindows@, @Shdocvw_tlb@TCppShellWindows@, @Shdocvw_tlb@TCppShellWindows@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppShellWindows@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppShellWindows@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppShellWindows@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppShellWindows@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppShellWindows@BeforeDestruction$qqrv, @Shdocvw_tlb@TCppShellWindows@Connect$qqrv, @Shdocvw_tlb@TCppShellWindows@ConnectTo$qqr71_TComInterface$25Shdocvw_tlb@IShellWindowspx5_GUID$gIID_IShellWindows$_, @Shdocvw_tlb@TCppShellWindows@Disconnect$qqrv, @Shdocvw_tlb@TCppShellWindows@GetDefaultInterface$qv, @Shdocvw_tlb@TCppShellWindows@GetDunk$qqrv, @Shdocvw_tlb@TCppShellWindows@InitServerData$qqrv, @Shdocvw_tlb@TCppShellWindows@InvokeEvent$qqrir42System@_DynamicArray$t17System@OleVariant_, @Shdocvw_tlb@TCppWebBrowser@, @Shdocvw_tlb@TCppWebBrowser@, @Shdocvw_tlb@TCppWebBrowser@, @Shdocvw_tlb@TCppWebBrowser@, @Shdocvw_tlb@TCppWebBrowser@, @Shdocvw_tlb@TCppWebBrowser@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppWebBrowser@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppWebBrowser@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppWebBrowser@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppWebBrowser@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppWebBrowser@$bctr$qqrpv, @Shdocvw_tlb@TCppWebBrowser@$bctr$qqrpv, @Shdocvw_tlb@TCppWebBrowser@$bctr$qqrpv, @Shdocvw_tlb@TCppWebBrowser@$bctr$qqrpv, @Shdocvw_tlb@TCppWebBrowser@$bctr$qqrpv, @Shdocvw_tlb@TCppWebBrowser@CControlData, @Shdocvw_tlb@TCppWebBrowser@ClientToWindow$qqrpit1, @Shdocvw_tlb@TCppWebBrowser@CreateControl$qqrv, @Shdocvw_tlb@TCppWebBrowser@DEF_CTL_INTF, @Shdocvw_tlb@TCppWebBrowser@EventDispIDs, @Shdocvw_tlb@TCppWebBrowser@ExecWB$qqr20Shdocvw_tlb@OLECMDID25Shdocvw_tlb@OLECMDEXECOPTp24_TVariantT$10tagVARIANT_t3, @Shdocvw_tlb@TCppWebBrowser@GetDefaultInterface$qqrv, @Shdocvw_tlb@TCppWebBrowser@GetProperty$qqrpb, @Shdocvw_tlb@TCppWebBrowser@GetWordBoolProp$qqri, @Shdocvw_tlb@TCppWebBrowser@GetWordBoolProp$qqri, @Shdocvw_tlb@TCppWebBrowser@GetWordBoolProp$qqri, @Shdocvw_tlb@TCppWebBrowser@GetWordBoolProp$qqri, @Shdocvw_tlb@TCppWebBrowser@GetWordBoolProp$qqri, @Shdocvw_tlb@TCppWebBrowser@Get_Application$qqrv, @Shdocvw_tlb@TCppWebBrowser@Get_Container$qqrv, @Shdocvw_tlb@TCppWebBrowser@Get_Document$qqrv, @Shdocvw_tlb@TCppWebBrowser@Get_Parent$qqrv, @Shdocvw_tlb@TCppWebBrowser@GoBack$qqrv, @Shdocvw_tlb@TCppWebBrowser@GoForward$qqrv, @Shdocvw_tlb@TCppWebBrowser@GoHome$qqrv, @Shdocvw_tlb@TCppWebBrowser@GoSearch$qqrv, @Shdocvw_tlb@TCppWebBrowser@InitControlData$qqrv, @Shdocvw_tlb@TCppWebBrowser@Navigate$qqrpbp24_TVariantT$10tagVARIANT_t2t2t2, @Shdocvw_tlb@TCppWebBrowser@Navigate2$qqrp24_TVariantT$10tagVARIANT_t1t1t1t1, @Shdocvw_tlb@TCppWebBrowser@OptParam, @Shdocvw_tlb@TCppWebBrowser@PutProperty$qqrpb31_TVariantInParamT$10tagVARIANT_, @Shdocvw_tlb@TCppWebBrowser@QueryStatusWB$qqr20Shdocvw_tlb@OLECMDID, @Shdocvw_tlb@TCppWebBrowser@Quit$qqrv, @Shdocvw_tlb@TCppWebBrowser@Refresh$qqrv, @Shdocvw_tlb@TCppWebBrowser@Refresh2$qqrp24_TVariantT$10tagVARIANT_, @Shdocvw_tlb@TCppWebBrowser@SetWordBoolProp$qqrio, @Shdocvw_tlb@TCppWebBrowser@SetWordBoolProp$qqrio, @Shdocvw_tlb@TCppWebBrowser@SetWordBoolProp$qqrio, @Shdocvw_tlb@TCppWebBrowser@SetWordBoolProp$qqrio, @Shdocvw_tlb@TCppWebBrowser@SetWordBoolProp$qqrio, @Shdocvw_tlb@TCppWebBrowser@ShowBrowserBar$qqrp24_TVariantT$10tagVARIANT_t1t1, @Shdocvw_tlb@TCppWebBrowser@Stop$qqrv, @Shdocvw_tlb@TCppWebBrowser_V1@, @Shdocvw_tlb@TCppWebBrowser_V1@, @Shdocvw_tlb@TCppWebBrowser_V1@, @Shdocvw_tlb@TCppWebBrowser_V1@, @Shdocvw_tlb@TCppWebBrowser_V1@, @Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrpv, @Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrpv, @Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrpv, @Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrpv, @Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrpv, @Shdocvw_tlb@TCppWebBrowser_V1@CControlData, @Shdocvw_tlb@TCppWebBrowser_V1@CreateControl$qqrv, @Shdocvw_tlb@TCppWebBrowser_V1@DEF_CTL_INTF, @Shdocvw_tlb@TCppWebBrowser_V1@EventDispIDs, @Shdocvw_tlb@TCppWebBrowser_V1@GetDefaultInterface$qqrv, @Shdocvw_tlb@TCppWebBrowser_V1@Get_Application$qqrv, @Shdocvw_tlb@TCppWebBrowser_V1@Get_Container$qqrv, @Shdocvw_tlb@TCppWebBrowser_V1@Get_Document$qqrv, @Shdocvw_tlb@TCppWebBrowser_V1@Get_Parent$qqrv, @Shdocvw_tlb@TCppWebBrowser_V1@GoBack$qqrv, @Shdocvw_tlb@TCppWebBrowser_V1@GoForward$qqrv, @Shdocvw_tlb@TCppWebBrowser_V1@GoHome$qqrv, @Shdocvw_tlb@TCppWebBrowser_V1@GoSearch$qqrv, @Shdocvw_tlb@TCppWebBrowser_V1@InitControlData$qqrv, @Shdocvw_tlb@TCppWebBrowser_V1@Navigate$qqrpbp24_TVariantT$10tagVARIANT_t2t2t2, @Shdocvw_tlb@TCppWebBrowser_V1@OptParam, @Shdocvw_tlb@TCppWebBrowser_V1@Refresh$qqrv, @Shdocvw_tlb@TCppWebBrowser_V1@Refresh2$qqrp24_TVariantT$10tagVARIANT_, @Shdocvw_tlb@TCppWebBrowser_V1@Stop$qqrv, @Shdocvw_tlb@TShellFavoritesNameSpace@, @Shdocvw_tlb@TShellFavoritesNameSpace@, @Shdocvw_tlb@TShellFavoritesNameSpace@, @Shdocvw_tlb@TShellFavoritesNameSpace@, @Shdocvw_tlb@TShellFavoritesNameSpace@, @Shdocvw_tlb@TShellFavoritesNameSpace@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TShellFavoritesNameSpace@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TShellFavoritesNameSpace@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TShellFavoritesNameSpace@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TShellFavoritesNameSpace@$bctr$qqrp18Classes@TComponent, @Shdocvw_tlb@TShellFavoritesNameSpace@BeforeDestruction$qqrv, @Shdocvw_tlb@TShellFavoritesNameSpace@Connect$qqrv, @Shdocvw_tlb@TShellFavoritesNameSpace@ConnectTo$qqr93_TComInterface$36Shdocvw_tlb@IShellFavoritesNameSpacepx5_GUID$gIID_IShellFavoritesNameSpace$_, @Shdocvw_tlb@TShellFavoritesNameSpace@Disconnect$qqrv, @Shdocvw_tlb@TShellFavoritesNameSpace@GetDefaultInterface$qv, @Shdocvw_tlb@TShellFavoritesNameSpace@GetDunk$qqrv, @Shdocvw_tlb@TShellFavoritesNameSpace@InitServerData$qqrv, @Shdocvw_tlb@TShellFavoritesNameSpace@InvokeEvent$qqrir42System@_DynamicArray$t17System@OleVariant_, @Swinhttp@Finalization$qqrv, @Swinhttp@Register$qqrv, @Swinhttp@TSwProxies@, @Swinhttp@TSwProxies@$bctr$qqrv, @Swinhttp@TSwProxies@$bdtr$qqrv, @Swinhttp@TSwProxies@List$qqrv, @Swinhttp@TSwProxy@, @Swinhttp@TSwProxy@AssignTo$qqrp19Classes@TPersistent, @Swinhttp@TSwProxy@ProxyStr$qqrv, @Swinhttp@TSwRequest@, @Swinhttp@TSwRequest@$bctr$qqrv, @Swinhttp@TSwRequest@$bdtr$qqrv, @Swinhttp@TSwRequest@AssignTo$qqrp19Classes@TPersistent, @Swinhttp@TSwRequest@Clear$qqrv, @Swinhttp@TSwResponse@, @Swinhttp@TSwResponse@$bctr$qqrv, @Swinhttp@TSwResponse@$bdtr$qqrv, @Swinhttp@TSwResponse@Clear$qqrv, @Swinhttp@TSwResponse@FillResponse$qqrpv, @Swinhttp@TSwResponse@GetBody$qqrv, @Swinhttp@TSwResponse@GetContent$qqrv, @Swinhttp@TSwResponse@SetContent$qqrpx15Classes@TStream, @Swinhttp@TSwURL@, @Swinhttp@TSwURL@$bctr$qqrv, @Swinhttp@TSwURL@AssignTo$qqrp19Classes@TPersistent, @Swinhttp@TSwURL@Clear$qqrv, @Swinhttp@TSwURL@GetSSL$qqrv, @Swinhttp@TSwURL@GetUrl$qqrv, @Swinhttp@TSwURL@SetSSL$qqrxo, @Swinhttp@TSwURL@SetUrl$qqrx17System@AnsiString, @Swinhttp@TSwinHttp@, @Swinhttp@TSwinHttp@$bctr$qqrp18Classes@TComponent, @Swinhttp@TSwinHttp@$bdtr$qqrv, @Swinhttp@TSwinHttp@AssignTo$qqrp19Classes@TPersistent, @Swinhttp@TSwinHttp@Clear$qqrv, @Swinhttp@TSwinHttp@Close$qqrv, @Swinhttp@TSwinHttp@DoRequest$qqrv, @Swinhttp@TSwinHttp@Get$qqr17System@AnsiString, @Swinhttp@TSwinHttp@Open$qqrv, @Swinhttp@TSwinHttp@OpenRequest$qqrv, @Swinhttp@TSwinHttp@Post$qqr17System@AnsiStringt1, @Swinhttp@TSwinHttp@Read$qqrpvui, @Swinhttp@TSwinHttp@ReceiveAll$qqrv, @Swinhttp@TSwinHttp@SyncEvent$qqrynpqqrp18Swinhttp@TSwinHttpp19Swinhttp@TSwRequest$v, @Swinhttp@initialization$qqrv, @YandexParseCaptcha, @YandexWebmasterLinks@$bctr$qp16Classes@TStringst1t1t1rx17System@AnsiStringt5poxuixoynpqi$vt1, @YandexWebmasterLinks@$bdtr$qqrv, @YandexWebmasterLinks@DoFinish$qqrp14System@TObject, @YandexWebmasterLinks@Finished$qv, @YandexWebmasterLinks@ReturnValue$qv, @Zlibex@EZCompressionError@, @Zlibex@EZDecompressionError@, @Zlibex@EZLibError@, @Zlibex@EZLibError@$bctr$qqr14Zlibex@TZErrorx17System@AnsiString, @Zlibex@EZLibError@$bctr$qqrix17System@AnsiString, @Zlibex@Finalization$qqrv, @Zlibex@TCustomZStream@, @Zlibex@TCustomZStream@$bctr$qqrp15Classes@TStream, @Zlibex@TCustomZStream@DoProgress$qqrv, @Zlibex@TZCompressionStream@, @Zlibex@TZCompressionStream@$bctr$qqrp15Classes@TStream25Zlibex@TZCompressionLevel, @Zlibex@TZCompressionStream@$bctr$qqrp15Classes@TStream25Zlibex@TZCompressionLevelii17Zlibex@TZStrategy, @Zlibex@TZCompressionStream@$bdtr$qqrv, @Zlibex@TZCompressionStream@GetCompressionRate$qqrv, @Zlibex@TZCompressionStream@Read$qqrpvi, @Zlibex@TZCompressionStream@Seek$qqrius, @Zlibex@TZCompressionStream@Write$qqrpxvi, @Zlibex@TZDecompressionStream@, @Zlibex@TZDecompressionStream@$bctr$qqrp15Classes@TStream, @Zlibex@TZDecompressionStream@$bctr$qqrp15Classes@TStreami, @Zlibex@TZDecompressionStream@$bdtr$qqrv, @Zlibex@TZDecompressionStream@Read$qqrpvi, @Zlibex@TZDecompressionStream@Seek$qqrius, @Zlibex@TZDecompressionStream@Write$qqrpxvi, @Zlibex@ZAdler32$qqripxvi, @Zlibex@ZCompress$qqrpxvirpvri25Zlibex@TZCompressionLevel, @Zlibex@ZCompress2$qqrpxvirpvri25Zlibex@TZCompressionLevelii17Zlibex@TZStrategy, @Zlibex@ZCompressStr$qqrx17System@AnsiString25Zlibex@TZCompressionLevel, @Zlibex@ZCompressStr2$qqrx17System@AnsiString25Zlibex@TZCompressionLevelii17Zlibex@TZStrategy, @Zlibex@ZCompressStrEx$qqrx17System@AnsiString25Zlibex@TZCompressionLevel, @Zlibex@ZCompressStrWeb$qqrx17System@AnsiString, @Zlibex@ZCompressStream$qqrp15Classes@TStreamt125Zlibex@TZCompressionLevel, @Zlibex@ZCompressStream2$qqrp15Classes@TStreamt125Zlibex@TZCompressionLevelii17Zlibex@TZStrategy, @Zlibex@ZCompressStreamWeb$qqrp15Classes@TStreamt1, @Zlibex@ZCrc32$qqripxvi, @Zlibex@ZDecompress$qqrpxvirpvrii, @Zlibex@ZDecompress2$qqrpxvirpvriii, @Zlibex@ZDecompressStr$qqrx17System@AnsiString, @Zlibex@ZDecompressStr2$qqrx17System@AnsiStringi, @Zlibex@ZDecompressStrEx$qqrx17System@AnsiString, @Zlibex@ZDecompressStream$qqrp15Classes@TStreamt1, @Zlibex@ZDecompressStream2$qqrp15Classes@TStreamt1i, @Zlibex@initialization$qqrv, @Zlibexgz@Finalization$qqrv, @Zlibexgz@GZCompressStr$qqrx17System@AnsiString, @Zlibexgz@GZCompressStr$qqrx17System@AnsiStringt1t116System@TDateTime, @Zlibexgz@GZCompressStream$qqrp15Classes@TStreamt1, @Zlibexgz@GZCompressStream$qqrp15Classes@TStreamt1x17System@AnsiStringt316System@TDateTime, @Zlibexgz@GZDecompressStr$qqrx17System@AnsiString, @Zlibexgz@GZDecompressStr$qqrx17System@AnsiStringr17System@AnsiStringt2r16System@TDateTime, @Zlibexgz@GZDecompressStream$qqrp15Classes@TStreamt1, @Zlibexgz@GZDecompressStream$qqrp15Classes@TStreamt1r17System@AnsiStringt3r16System@TDateTime, @Zlibexgz@ZCompressStrG$qqrx17System@AnsiString, @Zlibexgz@ZCompressStrG$qqrx17System@AnsiStringt1t116System@TDateTime, @Zlibexgz@ZCompressStreamG$qqrp15Classes@TStreamt1, @Zlibexgz@ZCompressStreamG$qqrp15Classes@TStreamt1x17System@AnsiStringt316System@TDateTime, @Zlibexgz@ZDecompressStrG$qqrx17System@AnsiString, @Zlibexgz@ZDecompressStrG$qqrx17System@AnsiStringr17System@AnsiStringt2r16System@TDateTime, @Zlibexgz@ZDecompressStreamG$qqrp15Classes@TStreamt1, @Zlibexgz@ZDecompressStreamG$qqrp15Classes@TStreamt1r17System@AnsiStringt3r16System@TDateTime, @Zlibexgz@initialization$qqrv, _AOLPage, _AlexaPage, _AlexaRankPage, _AllByPage, _AllTheWebPage, _AltavistaPage, _AportIndexPage, _AportPage, _AskJeevesKwPage, _AskJeevesPage, _AtlasPage, _BigmirPage, _CentrumPage, _DMOZPage, _FireballPage, _GetRamblerAdWords, _GigablastPage, _GoGoPage, _GoogleDCPage, _GoogleDesPage, _GoogleDirPage, _GoogleIndexation, _GoogleLinksPage, _GooglePage, _HotBotPage, _IndexFunction, _KazzoomPage, _LiberoPage, _LoadYandexTree, _LycosPage, _MSNLinksPage, _MSNPage, _MailPage, _MailRuKwPage, _MetaPage, _MsnRNumberLinks, _OnetPage, _OvertureKeyword, _ProxyCheck, _RamblerKwPage, _RamblerPage, _SeznamPage, _TOnlinePage, _TutByPage, _VirgilioPage, _VoilaPage, _WebPage, _WebaltaPage, _WordtrackerKeyword, _WordtrackerKwPage, _WpPage, _YahooDesPage, _YahooDirPage, _YahooKwPage, _YahooLinksPage, _YahooPage, _YandexCYPage, _YandexDesPage, _YandexDirPage, _YandexIndexPage, _YandexIndexation, _YandexKeyword, _YandexKwPage, _YandexLinksPage, _YandexPage, ___CPPdebugHook, _fsGoogleWMTPageType, _fsYandexWMTPageType
ExifTool:
file metadata
CodeSize: 1318912
EntryPoint: 0x1d7001
FileSize: 795 kB
FileType: Win32 DLL
ImageVersion: 0.0
InitializedDataSize: 278528
LinkerVersion: 5.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2010:07:11 20:03:13+02:00
UninitializedDataSize: 0

>>>>>>>

report pro C:\WINDOWS\System32\exasd_.dll

Additional information:

Show all
MD5 : d2042a3348856fcd613f29c2fc3736dd
SHA1 : 433328eb9d4add2c9c0d7d76be8de3859094dc24
SHA256: c457f1c0a5afe516e32aadd4dbe89c01b4705632bb6c5a00c73099013a661b84
ssdeep: 3:6rlvhllln:6xT
File size : 16 bytes
First seen: 2010-10-25 17:59:00
Last seen : 2010-10-25 17:59:00
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
ExifTool:
file metadata
Error: File format error
FileSize: 16 bytes


ExifTool:
file metadata
Error: File format error
FileSize: 16 bytes

Ted jdu do prace,zitra vam napisu ten skript.

pokud jste tak jeste neucinil(a), presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:



po aplikaci by na vas mel vyskocit dalsi log, vlozte jej sem

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows,

v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou funkcni konfiguraci

windows nabehly v pohode napoprve.

----------------------------------

ComboFix 10-10-22.05 - admin 26.10.2010 19:16:02.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.895.516 [GMT 2:00]
Spuštěný z: d:\_download\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 101026-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\documents and settings\All Users\Data aplikací\0D794BEC5C.sys
file zipped: c:\windows\System32\drivers\kdoan.sys
file zipped: c:\windows\System32\exasd_.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\drivers\kdoan.sys
c:\windows\System32\exasd_.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_078f0aba1620ca71
-------\Service_0f971ebf42779f9b
-------\Service_10270bb7faa2f395
-------\Service_159048c36599f5fd
-------\Service_1f3193a667460dca
-------\Service_21daad4a110130e9
-------\Service_2baebbe02e20191d
-------\Service_35179bebb8e8cab3
-------\Service_4ccc71471f0eab03
-------\Service_5249569c070ed6b5
-------\Service_53d3e5734868f3ba
-------\Service_61e6fb59dfa2c3e9
-------\Service_64e9ca2ec768e6de
-------\Service_71231cead0956b8d
-------\Service_9e7d78327bbd610e
-------\Service_af36d2516e9b5b2d
-------\Service_b61e06d104588609
-------\Service_bf7a9dc80811dafa
-------\Service_c69e8e8de2f496ec
-------\Service_cf5ecafa7c2ed4d4
-------\Service_cffc5fdfcd0d8579
-------\Service_d667dcbe3929be43
-------\Service_dd24e9cc406a726a
-------\Service_f3c68bc4c8f51a06
-------\Service_f42efddd14a91613
-------\Service_fdf9c64d7c0e7240
-------\Legacy_kdoan
-------\Service_kdoan


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-26 do 2010-10-26 )))))))))))))))))))))))))))))))
.

2010-10-07 18:42 . 2010-10-07 18:42 -------- d-----w- c:\documents and settings\admin\Data aplikací\Malwarebytes
2010-10-07 18:42 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-07 18:41 . 2010-10-07 18:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-07 18:41 . 2010-10-07 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-07 18:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-07 08:42 . 2010-10-07 11:04 -------- d-----w- c:\documents and settings\admin\Data aplikací\AIMP
2010-10-07 08:29 . 2010-10-07 08:29 -------- d-----w- c:\program files\AIMP2

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 07:07 . 2010-09-01 07:07 22558023 ----a-w- c:\windows\system32\CDSM_CDSM Designer_uninstaller.exe
2010-08-06 12:22 . 2007-10-28 18:08 94208 ----a-w- c:\windows\DUMP50b0.tmp
.

((((((((((((((((((((((((((((( SnapShot@2010-10-15_08.01.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-25 07:39 . 2010-10-25 07:39 16384 c:\windows\Temp\Perflib_Perfdata_718.dat
+ 2010-10-26 17:19 . 2010-10-26 17:19 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat
+ 2010-10-26 17:19 . 2010-10-26 17:19 16384 c:\windows\Temp\Perflib_Perfdata_14c.dat
- 2010-10-15 08:01 . 2010-10-15 08:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-26 17:19 . 2010-10-26 17:19 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-28 17:28 . 2010-10-15 08:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-10-28 17:28 . 2010-10-26 17:19 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-10-15 18:48 . 2010-10-26 17:19 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-10-28 17:28 . 2010-10-15 08:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\AutorunsDisabled
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.4.2008 0:13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.4.2008 0:13 20560]
S3 AF9035BDA;GIGABYTE U7200 DVB-T Devices;c:\windows\system32\drivers\AF9035BDA.sys [29.5.2008 15:39 244096]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\pwbdbsdi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-26 19:20
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3444)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2010-10-26 19:22:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-26 17:22
ComboFix2.txt 2010-10-23 18:14
ComboFix3.txt 2010-10-15 08:04

Před spuštěním: Volných bajtů: 25 758 609 408
Po spuštění: Volných bajtů: 25 751 142 400

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 36700AAD70F8D3853E39D0919D61C84A

otestujte na VIRSCANu

c:\windows\system32\CDSM_CDSM Designer_uninstaller.exe

c:\windows\DUMP50b0.tmp

(navod: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)

Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.

A popiste chovani pc.

c:\windows\system32\CDSM_CDSM Designer_uninstaller.exe

po zadani cesty k souboru hlaska:

error: maximalni velikost souboru 20 prekrocena. upload prerusen.
(velikost souboru je 22 558 023)


c:\windows\DUMP50b0.tmp

po zadani cesty k souboru hlaska:

error: maximalni velikost souboru 20 prekrocena. upload prerusen.
(velikost souboru nevim, souborovy manager ho nevidi)

c:\windows\DUMP50b0.tmp - tento soubor smazte.

Jak se chova pc nyni.

behem hodinoveho brouzdani po internetu firefoxem, se zadne problemy neprojevily. (jiny sw i cinnost se v pc skoro nepouziva).

Start - spustit - napiste ComboFix /Uninstall - a klepnout na OK,

pokud to takto nepujde,tak přejmenovat ComboFix.exe na Uninstall.exe a spustit ho

Stahnete OTC

spustte a klepnete na CleanUp.



Vycistete pc Ccleanerem.

Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.

Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich

(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo )

Aplikace-u prohlizecu internetu odskrtnout Historii internetu.

Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy

(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).

Taktez 2x-3x po sobe.

A hotovo.