Co našel Kaspersky scan

Zpráva

franni · #1 Příspěvek od **franni** » 31 říj 2010 19:37

chtel jsem VAs poprosit,jestli toto co našel Vámi doporučený prog je v pořadku,nemyslím že je,dam na vaší radu:

Automatická kontrola: dokončeno před <1 minuta (události: 37, objekty: 217670, čas: 05:43:04)
31.10.2010 13:00:55 Úloha byla spuštěna
31.10.2010 13:40:04 Zjištěno: Trojan.Java.Agent.ab C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\0\19a918c0-69f99ef8/Is.class
31.10.2010 13:40:04 Neošetřeno: Trojan.Java.Agent.ab C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\0\19a918c0-69f99ef8/Is.class Odloženo
31.10.2010 13:40:05 Zjištěno: Trojan.Java.Agent.ab C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\17\134ca791-38741757/Is.class
31.10.2010 13:40:05 Neošetřeno: Trojan.Java.Agent.ab C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\17\134ca791-38741757/Is.class Odloženo
31.10.2010 13:40:05 Zjištěno: Trojan.Java.Agent.aa C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\0\19a918c0-69f99ef8/MyName.class
31.10.2010 13:40:05 Zjištěno: Trojan.Java.Agent.aa C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\17\134ca791-38741757/MyName.class
31.10.2010 13:40:05 Neošetřeno: Trojan.Java.Agent.aa C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\17\134ca791-38741757/MyName.class Odloženo
31.10.2010 13:40:05 Neošetřeno: Trojan.Java.Agent.aa C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\0\19a918c0-69f99ef8/MyName.class Odloženo
31.10.2010 13:40:05 Zjištěno: Trojan.Java.Agent.ac C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\0\19a918c0-69f99ef8/Phone.class
31.10.2010 13:40:05 Zjištěno: Trojan.Java.Agent.ac C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\17\134ca791-38741757/Phone.class
31.10.2010 13:40:05 Neošetřeno: Trojan.Java.Agent.ac C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\0\19a918c0-69f99ef8/Phone.class Odloženo
31.10.2010 13:40:05 Neošetřeno: Trojan.Java.Agent.ac C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\17\134ca791-38741757/Phone.class Odloženo
31.10.2010 14:31:53 Zjištěno: Trojan-Dropper.Win32.NeodurkJoiner.ay C:\Program Files\BestPractice\bp.exe
31.10.2010 14:35:39 Neošetřeno: Trojan-Dropper.Win32.NeodurkJoiner.ay C:\Program Files\BestPractice\bp.exe Odloženo
31.10.2010 15:14:13 Zjištěno: Trojan-Dropper.Win32.Agent.dgjt C:\Program Files\ESET\MiNODLogin\MiNODLoginUninst.exe
31.10.2010 15:14:13 Neošetřeno: Trojan-Dropper.Win32.Agent.dgjt C:\Program Files\ESET\MiNODLogin\MiNODLoginUninst.exe Odloženo
31.10.2010 15:23:45 Zjištěno: http://www.viruslist.com/cz/advisories/41791 C:\Program Files\Java\jre6\bin\java.exe
31.10.2010 16:00:56 Zjištěno: http://www.viruslist.com/cz/advisories/41932 C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
31.10.2010 16:01:00 Zjištěno: http://www.viruslist.com/cz/advisories/41932 C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
31.10.2010 16:09:40 Zjištěno: Trojan-Dropper.Win32.NeodurkJoiner.ay C:\Program Files\BestPractice\bp.exe
31.10.2010 18:43:36 Neošetřeno: Trojan-Dropper.Win32.NeodurkJoiner.ay C:\Program Files\BestPractice\bp.exe Přeskočeno uživatelem
31.10.2010 18:43:36 Zjištěno: Trojan-Dropper.Win32.Agent.dgjt C:\Program Files\ESET\MiNODLogin\MiNODLoginUninst.exe
31.10.2010 18:43:50 Neošetřeno: Trojan-Dropper.Win32.Agent.dgjt C:\Program Files\ESET\MiNODLogin\MiNODLoginUninst.exe Přeskočeno uživatelem
31.10.2010 18:43:50 Zjištěno: Trojan.Java.Agent.ab C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\0\19a918c0-69f99ef8/Is.class
31.10.2010 18:43:51 Neošetřeno: Trojan.Java.Agent.ab C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\0\19a918c0-69f99ef8/Is.class Přeskočeno uživatelem
31.10.2010 18:43:51 Zjištěno: Trojan.Java.Agent.aa C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\0\19a918c0-69f99ef8/MyName.class
31.10.2010 18:43:53 Neošetřeno: Trojan.Java.Agent.aa C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\0\19a918c0-69f99ef8/MyName.class Přeskočeno uživatelem
31.10.2010 18:43:53 Zjištěno: Trojan.Java.Agent.ac C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\0\19a918c0-69f99ef8/Phone.class
31.10.2010 18:43:54 Neošetřeno: Trojan.Java.Agent.ac C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\0\19a918c0-69f99ef8/Phone.class Přeskočeno uživatelem
31.10.2010 18:43:54 Zjištěno: Trojan.Java.Agent.ab C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\17\134ca791-38741757/Is.class
31.10.2010 18:43:56 Neošetřeno: Trojan.Java.Agent.ab C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\17\134ca791-38741757/Is.class Přeskočeno uživatelem
31.10.2010 18:43:56 Zjištěno: Trojan.Java.Agent.aa C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\17\134ca791-38741757/MyName.class
31.10.2010 18:43:57 Neošetřeno: Trojan.Java.Agent.aa C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\17\134ca791-38741757/MyName.class Přeskočeno uživatelem
31.10.2010 18:43:57 Zjištěno: Trojan.Java.Agent.ac C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\17\134ca791-38741757/Phone.class
31.10.2010 18:43:58 Neošetřeno: Trojan.Java.Agent.ac C:\Documents and Settings\fraňour\Data aplikací\Sun\Java\Deployment\cache\6.0\17\134ca791-38741757/Phone.class Přeskočeno uživatelem
31.10.2010 18:43:59 Úloha byla dokončena

diky moc

#2 Příspěvek od **vyosek** » 01 lis 2010 08:55

Zdravim a pekny den preji

Mate v PC legalni zabezpeceni

Nebo k cemu tam mate tohle C:\Program Files\ESET\MiNODLogin\

Uvedomte si, ze jste na bezpecnostnim foru, nelegalnim SW se tu nezabyvame...

franni · #3 Příspěvek od **franni** » 05 lis 2010 15:54

zdravim,co je legalni zabezpeceni,mam,toto je zbytek z nodu,jinak jsem presedlal uz na jine legalni zabezpeceni.

#4 Příspěvek od **vyosek** » 05 lis 2010 15:56

Fajn, dejte log z RSIT

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

franni · #5 Příspěvek od **franni** » 06 lis 2010 12:37

Logfile of random's system information tool 1.08 (written by random/random)
Run by fraňour at 2010-11-06 12:34:25
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (9%) free of 29 GB
Total RAM: 1022 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:34:46, on 6.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\fraňour\Plocha\Virus Removal Tool\setup_9.0.0.722_01.11.2010_22-09\setup_9.0.0.722_01.11.2010_22-09.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\fraňour.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe, C:\Program Files\svlhost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, C:\Program Files\svlhost.exe
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SpyMng] C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\SpyManager20.exe autorun
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_01.11.2010_22-09.lnk = ?
O4 - Startup: setup_9.0.0.722_17.09.2010_22-24.lnk = ?
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{250AF668-812B-400C-BF0D-86FE88E18075}: NameServer = 192.168.2.1,0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{69DF36F2-7AB2-4FC7-8505-7BE1E7AD84D7}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{250AF668-812B-400C-BF0D-86FE88E18075}: NameServer = 192.168.2.1,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{250AF668-812B-400C-BF0D-86FE88E18075}: NameServer = 192.168.2.1,0.0.0.0
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9540 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll [2010-06-22 734512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-10-26 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SpyMng"=C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\SpyManager20.exe [2007-07-27 66560]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-10-11 2183680]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-10-11 3037696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-09-30 2067808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-09-27 328056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Aktualizovat ESET licenci.lnk]
C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe -u -d 10000 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^fraňour^Nabídka Start^Programy^Po spuštění^Vesmír na dlani.lnk]
C:\PROGRA~1\NONOBL~1\vesmir.exe []

C:\Documents and Settings\fraňour\Nabídka Start\Programy\Po spuštění
setup_9.0.0.722_01.11.2010_22-09.lnk - C:\Documents and Settings\fraňour\Plocha\Virus Removal Tool\setup_9.0.0.722_01.11.2010_22-09\startup.exe
setup_9.0.0.722_17.09.2010_22-24.lnk - C:\Documents and Settings\fraňour\Plocha\Virus Removal Tool1\setup_9.0.0.722_17.09.2010_22-24\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-09-07 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-25 190976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\dc strong\StrongDC.exe"="C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\dc strong\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-11-02 20:12:04 ----D---- C:\Program Files\BestPractice
2010-11-01 22:09:08 ----A---- C:\WINDOWS\system32\drivers\58059362.sys
2010-11-01 22:09:08 ----A---- C:\WINDOWS\system32\drivers\58059361.sys
2010-11-01 22:09:08 ----A---- C:\WINDOWS\system32\drivers\5805936.sys
2010-11-01 22:00:30 ----A---- C:\TDSSKiller.2.4.5.1_01.11.2010_22.00.30_log.txt
2010-11-01 21:59:28 ----A---- C:\RectorDecryptor.2.3.0.0_01.11.2010_21.59.28_log.txt
2010-11-01 19:50:07 ----A---- C:\WINDOWS\system32\drivers\d347prt.sys
2010-11-01 19:50:07 ----A---- C:\WINDOWS\system32\drivers\d347bus.sys
2010-11-01 19:50:01 ----D---- C:\Program Files\D-Tools
2010-11-01 19:49:14 ----D---- C:\WINDOWS\Downloaded Installations
2010-11-01 18:35:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Martau
2010-11-01 18:35:11 ----D---- C:\Program Files\Total Uninstall 5
2010-11-01 16:55:22 ----D---- C:\Program Files\DAEMON Tools Pro
2010-11-01 16:52:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Pro
2010-11-01 16:52:54 ----D---- C:\Documents and Settings\fraňour\Data aplikací\DAEMON Tools Pro
2010-11-01 16:51:03 ----D---- C:\Program Files\CCleaner
2010-11-01 16:45:31 ----SHD---- C:\RECYCLER
2010-10-31 19:31:53 ----A---- C:\ComboFix.txt
2010-10-30 21:49:14 ----D---- C:\Program Files\SystemRequirementsLab
2010-10-29 17:09:34 ----D---- C:\Documents and Settings\fraňour\Data aplikací\ATI
2010-10-29 17:09:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2010-10-29 16:57:03 ----D---- C:\Program Files\ATI Technologies
2010-10-29 16:55:47 ----D---- C:\ATI
2010-10-26 23:05:12 ----D---- C:\Documents and Settings\fraňour\Data aplikací\GetRightToGo
2010-10-23 19:52:38 ----D---- C:\Documents and Settings\fraňour\Data aplikací\DAEMON Tools Lite
2010-10-23 19:52:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-10-23 19:17:44 ----D---- C:\Program Files\EA GAMES
2010-10-23 19:07:08 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-10-23 19:06:42 ----D---- C:\WINDOWS\RegisteredPackages
2010-10-23 19:05:24 ----A---- C:\WINDOWS\system32\psisdecd.dll
2010-10-23 19:05:24 ----A---- C:\WINDOWS\system32\drivers\wstcodec.sys
2010-10-23 19:05:24 ----A---- C:\WINDOWS\system32\drivers\streamip.sys
2010-10-23 19:05:24 ----A---- C:\WINDOWS\system32\drivers\slip.sys
2010-10-23 19:05:24 ----A---- C:\WINDOWS\system32\drivers\ndisip.sys
2010-10-23 19:05:24 ----A---- C:\WINDOWS\system32\drivers\nabtsfec.sys
2010-10-23 19:05:23 ----A---- C:\WINDOWS\system32\drivers\msdv.sys
2010-10-23 19:05:23 ----A---- C:\WINDOWS\system32\drivers\mpe.sys
2010-10-23 19:05:23 ----A---- C:\WINDOWS\system32\drivers\ccdecode.sys
2010-10-23 19:05:23 ----A---- C:\WINDOWS\system32\drivers\bdasup.sys
2010-10-23 19:05:22 ----A---- C:\WINDOWS\system32\drivers\mstee.sys
2010-10-23 19:05:05 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2010-10-23 07:57:46 ----D---- C:\Documents and Settings\fraňour\Data aplikací\BitComet
2010-10-23 07:57:45 ----D---- C:\Program Files\BitComet
2010-10-17 21:07:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-17 21:07:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-17 21:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-17 21:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-17 21:06:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-17 21:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-17 21:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-17 20:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-17 20:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-10-11 19:51:31 ----D---- C:\WINDOWS\temp
2010-10-11 17:24:04 ----D---- C:\Program Files\Crawler
2010-10-11 17:24:00 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2010-10-11 17:23:58 ----D---- C:\Documents and Settings\fraňour\Data aplikací\Spyware Terminator
2010-10-11 17:23:33 ----D---- C:\Program Files\Spyware Terminator
2010-10-11 17:23:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-10-11 16:27:55 ----RASHD---- C:\cmdcons
2010-10-11 16:13:54 ----A---- C:\WINDOWS\system32\CF11791.exe
2010-10-11 15:31:51 ----A---- C:\WINDOWS\system32\CF3552.exe
2010-10-09 20:34:20 ----D---- C:\totalcmd
2010-10-09 20:34:20 ----D---- C:\Documents and Settings\fraňour\Data aplikací\GHISLER
2010-10-09 20:34:20 ----A---- C:\WINDOWS\UC.PIF
2010-10-09 20:34:20 ----A---- C:\WINDOWS\RAR.PIF
2010-10-09 20:34:20 ----A---- C:\WINDOWS\PKZIP.PIF
2010-10-09 20:34:20 ----A---- C:\WINDOWS\PKUNZIP.PIF
2010-10-09 20:34:20 ----A---- C:\WINDOWS\NOCLOSE.PIF
2010-10-09 20:34:20 ----A---- C:\WINDOWS\LHA.PIF
2010-10-09 20:34:20 ----A---- C:\WINDOWS\ARJ.PIF

======List of files/folders modified in the last 1 months======

2010-11-06 12:34:36 ----D---- C:\Program Files\trend micro
2010-11-06 12:34:33 ----D---- C:\WINDOWS\Prefetch
2010-11-06 12:14:01 ----D---- C:\WINDOWS\system32
2010-11-06 08:58:10 ----D---- C:\Program Files\Mozilla Firefox
2010-11-06 08:49:09 ----A---- C:\WINDOWS\system32\mswrcrt.dll
2010-11-06 05:40:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-06 02:40:56 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-11-05 18:32:19 ----D---- C:\Documents and Settings\fraňour\Data aplikací\vlc
2010-11-05 17:36:13 ----RD---- C:\Program Files
2010-11-05 17:01:24 ----D---- C:\WINDOWS\system32\drivers
2010-11-05 14:36:19 ----D---- C:\Documents and Settings\fraňour\Data aplikací\esmska
2010-11-03 22:43:39 ----D---- C:\Documents and Settings\fraňour\Data aplikací\Skype
2010-11-03 18:43:45 ----D---- C:\Documents and Settings\fraňour\Data aplikací\skypePM
2010-11-02 22:33:52 ----D---- C:\Documents and Settings\fraňour\Data aplikací\dvdcss
2010-11-02 16:13:02 ----D---- C:\Documents and Settings\fraňour\Data aplikací\uTorrent
2010-11-02 14:54:40 ----SHD---- C:\System Volume Information
2010-11-02 14:54:11 ----AD---- C:\WINDOWS
2010-11-01 22:09:53 ----HD---- C:\WINDOWS\inf
2010-11-01 21:28:45 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-01 21:17:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-11-01 20:08:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-01 19:58:25 ----D---- C:\WINDOWS\system32\config
2010-11-01 19:50:31 ----SHD---- C:\WINDOWS\Installer
2010-11-01 16:52:10 ----D---- C:\WINDOWS\Debug
2010-11-01 16:52:09 ----D---- C:\WINDOWS\Minidump
2010-10-31 19:31:57 ----D---- C:\Qoobox
2010-10-31 19:21:52 ----A---- C:\WINDOWS\system.ini
2010-10-31 19:18:50 ----D---- C:\WINDOWS\AppPatch
2010-10-31 19:18:47 ----D---- C:\Program Files\Common Files
2010-10-31 11:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP8$
2010-10-31 10:34:25 ----A---- C:\WINDOWS\MBR.exe
2010-10-31 08:19:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-29 17:05:27 ----RSD---- C:\WINDOWS\assembly
2010-10-29 17:05:03 ----D---- C:\WINDOWS\WinSxS
2010-10-28 17:05:39 ----D---- C:\WINDOWS\system32\CatRoot
2010-10-24 06:58:54 ----D---- C:\WINDOWS\system32\DirectX
2010-10-23 19:06:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-18 17:04:07 ----D---- C:\Documents and Settings\fraňour\Data aplikací\ICQ
2010-10-17 21:07:31 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-17 21:06:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-10-17 21:00:03 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-16 19:11:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-10-16 19:10:31 ----SD---- C:\Documents and Settings\fraňour\Data aplikací\Microsoft
2010-10-11 20:03:05 ----SD---- C:\WINDOWS\Tasks
2010-10-11 19:54:16 ----D---- C:\WINDOWS\system32\drivers\etc
2010-10-11 19:51:37 ----D---- C:\WINDOWS\ERDNT
2010-10-11 16:28:16 ----RASH---- C:\boot.ini
2010-10-11 15:23:18 ----D---- C:\Program Files\Lavasoft
2010-10-11 15:23:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-10-11 15:20:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-10-11 03:50:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-10-09 21:19:30 ----D---- C:\Downloads
2010-10-07 09:08:12 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-07 08:39:41 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 58059362;58059362 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\58059362.sys [2009-10-22 37392]
R0 AVGIDSErHrxpx;AVG9IDSErHr; C:\WINDOWS\System32\Drivers\AVGIDSxx.sys [2010-09-07 25168]
R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-09-07 52872]
R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-21 105344]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-01 691696]
R1 58059361;58059361; C:\WINDOWS\system32\DRIVERS\58059361.sys [2009-09-25 128016]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-09-07 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-09-07 29584]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-09-07 243024]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 setup_9.0.0.722_01.11.2010_22-09drv;setup_9.0.0.722_01.11.2010_22-09drv; C:\WINDOWS\system32\DRIVERS\5805936.sys [2009-10-09 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 SpyMng;SpyMng; \??\C:\WINDOWS\system32\Drivers\SpyMng.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-18 11473]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-09-07 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46592]
S3 aercq37e;aercq37e; C:\WINDOWS\system32\drivers\aercq37e.sys []
S3 aeugv4l3;aeugv4l3; C:\WINDOWS\system32\drivers\aeugv4l3.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-09-07 30104]
S3 catchme;catchme; \??\C:\DOCUME~1\FRAOUR~1\LOCALS~1\Temp\catchme.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 maw800c;maw800c; C:\WINDOWS\System32\Drivers\maw800c.sys [2005-06-16 24784]
S3 maw800m;maw800m; C:\WINDOWS\System32\Drivers\maw800m.sys [2005-06-16 25044]
S3 maw800u;maw800u; C:\WINDOWS\System32\Drivers\maw800u.sys [2005-06-24 51797]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-02-19 380928]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-09-07 308136]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-09-21 2331544]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-10-11 488960]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-09-07 5897808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#6 Příspěvek od **vyosek** » 06 lis 2010 18:00

Havet tam mate a ne jednu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

franni · #7 Příspěvek od **franni** » 06 lis 2010 23:15

ComboFix 10-11-07.01 - fraňour 06.11.2010 23:00:32.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.463 [GMT 1:00]
Spuštěný z: c:\documents and settings\fraňour\Plocha\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Winbooterr
c:\windows\system32\Winbooterr\Svchost.exe
.
---- Předchozí spuštění -------
.
c:\windows\daemon.dll
c:\windows\system32\sshnas21.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-06 do 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-11-06 19:25 . 2010-11-06 19:25 -------- d-----w- c:\program files\IObit
2010-11-06 18:47 . 2010-11-06 19:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Pro
2010-11-06 18:45 . 2010-11-06 19:02 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-11-06 17:24 . 2010-11-06 17:24 -------- d-----w- C:\AVGTemp
2010-11-06 14:57 . 2010-11-06 14:57 208896 ----a-w- c:\windows\Rdukya.exe
2010-11-06 12:20 . 2010-11-06 12:20 -------- d-----w- c:\documents and settings\fraňour\Local Settings\Data aplikací\Tific
2010-11-06 12:18 . 2010-11-06 12:18 -------- d-----w- c:\documents and settings\fraňour\Local Settings\Data aplikací\Symantec
2010-11-06 11:40 . 2010-11-06 11:40 -------- d-----w- c:\program files\Windows Sidebar
2010-11-06 11:40 . 2010-11-06 19:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2010-11-02 19:12 . 2010-11-02 20:59 -------- d-----w- c:\program files\BestPractice
2010-11-01 21:09 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\58059362.sys
2010-11-01 21:09 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\5805936.sys
2010-11-01 21:09 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\58059361.sys
2010-11-01 18:49 . 2010-11-06 18:41 -------- d-----w- c:\windows\Downloaded Installations
2010-11-01 17:35 . 2010-11-01 17:35 -------- d-----w- c:\documents and settings\All Users\Martau
2010-11-01 17:35 . 2010-11-01 17:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Martau
2010-11-01 17:35 . 2010-11-01 17:41 -------- d-----w- c:\program files\Total Uninstall 5
2010-11-01 15:55 . 2010-11-06 19:39 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-11-01 15:51 . 2010-11-01 15:51 -------- d-----w- c:\program files\CCleaner
2010-10-30 20:49 . 2010-10-30 20:49 -------- d-----w- c:\program files\SystemRequirementsLab
2010-10-30 20:49 . 2010-10-30 20:49 -------- d-----w- c:\documents and settings\fraňour\SystemRequirementsLab
2010-10-29 16:09 . 2010-10-29 16:09 -------- d-----w- c:\documents and settings\fraňour\Local Settings\Data aplikací\ATI
2010-10-29 16:09 . 2010-10-29 16:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2010-10-29 16:07 . 2010-10-29 16:07 0 ----a-w- c:\windows\ativpsrm.bin
2010-10-29 15:57 . 2010-10-29 16:04 -------- d-----w- c:\program files\ATI Technologies
2010-10-29 15:55 . 2010-10-29 15:55 -------- d-----w- C:\ATI
2010-10-24 06:23 . 2010-10-24 06:23 3498 ----a-w- c:\windows\system32\sdbackup.reg
2010-10-23 18:52 . 2010-10-23 18:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2010-10-23 18:17 . 2010-10-23 18:17 -------- d-----w- c:\program files\EA GAMES
2010-10-23 18:07 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-10-23 18:04 . 2003-03-24 07:00 68096 -c--a-w- c:\windows\system32\dllcache\dpnhupnp.dll
2010-10-23 18:04 . 2002-12-11 22:14 8192 -c--a-w- c:\windows\system32\dllcache\d3d8thk.dll
2010-10-23 18:04 . 2004-07-09 02:27 381952 -c--a-w- c:\windows\system32\dllcache\dsound.dll
2010-10-23 18:04 . 2004-07-09 02:27 230400 -c--a-w- c:\windows\system32\dllcache\dplayx.dll
2010-10-23 18:04 . 2002-12-11 22:14 28160 -c--a-w- c:\windows\system32\dllcache\dplaysvr.exe
2010-10-23 18:04 . 2002-08-29 01:40 648704 -c--a-w- c:\windows\system32\dllcache\dinput.dll
2010-10-23 18:04 . 2002-12-11 22:14 24064 -c--a-w- c:\windows\system32\dllcache\ddrawex.dll
2010-10-23 18:04 . 2004-07-09 02:27 292864 -c--a-w- c:\windows\system32\dllcache\ddraw.dll
2010-10-23 18:04 . 2003-05-30 07:00 797184 -c--a-w- c:\windows\system32\dllcache\d3dim700.dll
2010-10-23 06:57 . 2010-10-23 06:58 -------- d-----w- c:\program files\BitComet
2010-10-17 07:38 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-17 07:38 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-17 07:38 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-11 16:24 . 2010-11-01 18:53 -------- d-----w- c:\program files\Crawler
2010-10-11 16:24 . 2010-10-11 16:24 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-10-11 16:23 . 2010-11-06 15:49 -------- d-----w- c:\program files\Spyware Terminator
2010-10-11 16:23 . 2010-11-06 02:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2010-10-11 15:13 . 2010-10-11 15:13 390144 ----a-w- c:\windows\system32\CF11791.exe
2010-10-11 14:31 . 2010-10-11 14:31 390144 ----a-w- c:\windows\system32\CF3552.exe
2010-10-09 19:34 . 2010-10-09 19:34 -------- d-----w- C:\totalcmd
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\UC.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\RAR.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\LHA.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\ARJ.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-01 15:55 . 2010-08-28 09:17 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-18 10:23 . 2001-10-25 14:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-10-25 14:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-25 14:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-25 14:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-16 20:56 . 2010-09-16 20:58 390144 ----a-w- c:\windows\system32\CF4942.exe
2010-09-01 11:52 . 2001-10-25 14:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2002-09-20 17:41 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2005-10-17 21:30 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2001-10-25 14:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2001-10-25 14:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2002-09-20 18:03 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-06-10 23:55 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-03-06 02:20 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[-] 2010-05-16 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB917953_0$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-10-31_18.21.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-06 19:07 . 2010-11-06 19:07 16384 c:\windows\temp\Perflib_Perfdata_19c.dat
- 2010-06-14 14:41 . 2010-10-31 17:58 53876 c:\windows\system32\mswrcrt.dll
+ 2010-06-14 14:41 . 2010-11-06 19:08 53876 c:\windows\system32\mswrcrt.dll
+ 2009-12-11 09:35 . 2010-11-06 17:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-11 09:35 . 2010-09-28 08:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-11 09:35 . 2010-11-06 17:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-12-11 09:35 . 2010-09-28 08:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-11-06 17:43 . 2010-11-06 17:43 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-04 2334856]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-16 312640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SpyMng"="c:\documents and settings\fraňour\Dokumenty\Stažené soubory\SpyManager20.exe" [2007-07-27 66560]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-10-11 2183680]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\fraĺour\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_01.11.2010_22-09.lnk - c:\documents and settings\fraĺour\Plocha\Virus Removal Tool\setup_9.0.0.722_01.11.2010_22-09\startup.exe [2010-11-1 72208]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Aktualizovat ESET licenci.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Aktualizovat ESET licenci.lnk
backup=c:\windows\pss\Aktualizovat ESET licenci.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^fraňour^Nabídka Start^Programy^Po spuštění^Vesmír na dlani.lnk]
path=c:\documents and settings\fraňour\Nabídka Start\Programy\Po spuštění\Vesmír na dlani.lnk
backup=c:\windows\pss\Vesmír na dlani.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-27 12:04 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\fraňour\\Dokumenty\\Stažené soubory\\dc strong\\StrongDC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24204:TCP"= 24204:TCP:BitComet 24204 TCP
"24204:UDP"= 24204:UDP:BitComet 24204 UDP
"23695:TCP"= 23695:TCP:BitComet 23695 TCP
"23695:UDP"= 23695:UDP:BitComet 23695 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 58059362;58059362 Boot Guard Driver;c:\windows\system32\drivers\58059362.sys [1.11.2010 22:09 37392]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.8.2010 10:17 691696]
R1 58059361;58059361;c:\windows\system32\drivers\58059361.sys [1.11.2010 22:09 128016]
R1 setup_9.0.0.722_01.11.2010_22-09drv;setup_9.0.0.722_01.11.2010_22-09drv;c:\windows\system32\drivers\5805936.sys [1.11.2010 22:09 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [11.10.2010 17:24 142592]
R1 SpyMng;SpyMng;c:\windows\system32\drivers\SpyMng.sys [14.6.2010 15:41 7552]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [19.2.2010 18:43 380928]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 maw800c;maw800c;c:\windows\system32\drivers\maw800c.sys [24.8.2010 21:34 24784]
S3 maw800m;maw800m;c:\windows\system32\drivers\maw800m.sys [24.8.2010 21:34 25044]
S3 maw800u;maw800u;c:\windows\system32\drivers\maw800u.sys [24.8.2010 21:34 51797]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-06 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-11-06 14:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60341
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: {250AF668-812B-400C-BF0D-86FE88E18075} = 192.168.2.1,0.0.0.0
TCP: {69DF36F2-7AB2-4FC7-8505-7BE1E7AD84D7} = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\fraňour\Data aplikací\Mozilla\Firefox\Profiles\8s9gud4t.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/firefox
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60341&qkw=
FF - component: c:\documents and settings\fraňour\Data aplikací\Mozilla\Firefox\Profiles\8s9gud4t.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\documents and settings\fraňour\Data aplikací\Mozilla\Firefox\Profiles\8s9gud4t.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\documents and settings\fraňour\Data aplikací\Mozilla\Firefox\Profiles\8s9gud4t.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\YouTube Downloader Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 23:06
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-11-06 23:14:16
ComboFix-quarantined-files.txt 2010-11-06 22:13
ComboFix2.txt 2010-10-31 18:31
ComboFix3.txt 2010-10-11 19:09
ComboFix4.txt 2010-10-11 15:48
ComboFix5.txt 2010-11-06 17:46

Před spuštěním: 2 521 649 152
Po spuštění: 2 567 188 480

- - End Of File - - 93798B1EA9590975DC8B61DF92F941D9

#8 Příspěvek od **vyosek** » 07 lis 2010 07:21

Co jste prosim Vas s tim ComboFixem vyvadel - vy umite logy z nej lustit

ComboFix2.txt 2010-10-31 18:31
ComboFix3.txt 2010-10-11 19:09
ComboFix4.txt 2010-10-11 15:48
ComboFix5.txt 2010-11-06 17:46

Zabalte veskere logy a poslete mi je na vyosek@forum.viry.cz podivam se co vse CF delal...

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Odinstalujte Advanced SystemCare 3 a nasledne vse od IObit - jsou to cinske smejdy, ucinnost programu nulova, navic ukradli databazi haveti a hlavne jde o spyware = havet

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\drivers\58059362.sys
c:\windows\system32\drivers\58059361.sys
c:\windows\system32\drivers\5805936.sys
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Send File
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

franni · #9 Příspěvek od **franni** » 08 lis 2010 17:50

http://www.virustotal.com/file-scan/rep ... 1289234069

http://www.virustotal.com/file-scan/rep ... 1289234558

http://www.virustotal.com/file-scan/rep ... 1289234746

http://www.virustotal.com/file-scan/rep ... 1289234916

zbytek zasilam postou

#10 Příspěvek od **vyosek** » 08 lis 2010 18:06

Na mail zatim nic nedorazilo, ale vypadato, ze tam mate malou rodinku rootkitu - to ale jeste proverime...

franni · #11 Příspěvek od **franni** » 08 lis 2010 18:15

kdyz jsem to zabalil,tak to prislo zpet,upl.jsem kazdy zvlast,tak to odeslo,diky mooc

#12 Příspěvek od **vyosek** » 08 lis 2010 18:23

Kde jste si nechaval log resit, nebo skript jste si vytvarel sam

franni · #13 Příspěvek od **franni** » 08 lis 2010 18:23

skript jsem si nechal delat tu na foru,mmt

franni · #14 Příspěvek od **franni** » 08 lis 2010 18:24

http://www.viry.cz/forum/viewtopic.php?f=13&t=104694

#15 Příspěvek od **vyosek** » 08 lis 2010 18:27

Super, tohle jsem potreboval...

Stahnete SPTD http://www.duplexsecure.com/en/downloads

Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
Ulozte na plochu a spustte
Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

Ulozte na plochu a spustte
Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
"%userprofile%\plocha\mbr" -t
```
Kliknete na OK
Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Dejte logy z Gmeru - viz muj podpis

VIRY.CZ

Co našel Kaspersky scan

Co našel Kaspersky scan

Re: Co našel Kaspersky scan

Re: Co našel Kaspersky scan

Re: Co našel Kaspersky scan

Re: Co našel Kaspersky scan

Re: Co našel Kaspersky scan

Re: Co našel Kaspersky scan

Re: Co našel Kaspersky scan

Re: Co našel Kaspersky scan

Re: Co našel Kaspersky scan

Re: Co našel Kaspersky scan

Re: Co našel Kaspersky scan

Re: Co našel Kaspersky scan

Re: Co našel Kaspersky scan

Re: Co našel Kaspersky scan