Trojský kôň BackDoor.Generic13.SYH

Zpráva

mifoIV · #1 Příspěvek od **mifoIV** » 05 pro 2010 13:57

Prosím Vás, AVG mi stále vyhadzuje toto a vždy to je v inom súbore naposledy mi vyhodilo toto : C:\WINDOWS\system32\drivers\gimnfuqv.sys predtím bolo C:\WINDOWS\system32\drivers\pkzuvoop.sys a ešte dalších asi 10 takýchto.Vždy ich presuniem do trezoru a dnes pri zapínaní pc mi vyhodilo :

A7522IMS V1.1 111208
Intel(R) Core(TM) i7 CPU 920 (nejaký divný znak) 2.67GHz, Speed :

Dram Frequency For DDR3 1066 (Dual Channel)

Initializing USB Controllers .. Done.
Warning !!! The previous overclocking had failed, and system will restore its default setting.
Press any key to continue...

Som vypol počítač z prúdu, zapol a už to tam nebolo šiel normálne,a ako vždy vyhodilo hned C:\WINDOWS\system32\drivers\gimnfuqv.sys. Som si stiahol ten program na ten log tak tu je :

Logfile of random's system information tool 1.08 (written by random/random)
Run by owner at 2010-12-05 13:39:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 257 GB (54%) free of 477 GB
Total RAM: 2038 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:40:04, on 5.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\Explorer.EXE
C:\windows\RTHDCPL.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\DOCUME~1\owner\LOCALS~1\Temp\8069.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
C:\Program Files\Devnz\GBPVR\GBPVRRecordingService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\StudioLine Photo Basic\NMSAccess32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\System32\svchost.exe
C:\Documents and Settings\owner\Desktop\RSIT.exe
C:\Program Files\trend micro\owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mydtzone.com/
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [AutoStart] C:\DOCUME~1\owner\LOCALS~1\Temp\8069.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [System] C:\Documents and Settings\owner\Music\lst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: GB-PVR Tray.lnk = C:\Program Files\Devnz\GBPVR\GBPVRTray.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: GB-PVR Tray.lnk = C:\Program Files\Devnz\GBPVR\GBPVRTray.exe (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: GB-PVR Tray.lnk = C:\Program Files\Devnz\GBPVR\GBPVRTray.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Asset Management Daemon (adu0ylyyatl) - Unknown owner - C:\windows\system32\namuf.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: GB-PVR Recording Service - WelltonWay - C:\Program Files\Devnz\GBPVR\GBPVRRecordingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Basic\NMSAccess32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 9044 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1659004503-839522115-1003Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1659004503-839522115-1003UA.job
C:\windows\tasks\ScanSpyware.job
C:\windows\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-06-14 97760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-11-25 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-10-06 2475336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-10-06 2475336]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2008-10-28 17331200]
"Alcmtr"=C:\windows\ALCMTR.EXE [2008-06-19 57344]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-11-25 2069344]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-09-17 153608]
"AutoStart"=C:\DOCUME~1\owner\LOCALS~1\Temp\8069.exe [2010-11-28 49696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2004-08-03 15360]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"Google Update"=C:\Documents and Settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 136176]
"Steam"=C:\Program Files\Steam\Steam.exe [2010-11-18 1242448]
"System"=C:\Documents and Settings\owner\Music\lst.exe [2010-09-17 10752]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Livestation"=C:\Program Files\Livestation\Livestation.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2008-02-18 1057064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-01-24 2289664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-02-27 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2008-02-18 1629480]

C:\Documents and Settings\owner\Start Menu\Programs\Startup
GB-PVR Tray.lnk - C:\Program Files\Devnz\GBPVR\GBPVRTray.exe
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\windows\system32\avgrsstx.dll [2010-08-15 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"D:\CDS\Nero\Installation\SetupX.exe"="D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Program Files\Codemasters\DiRT2\dirt2_game.exe"="C:\Program Files\Codemasters\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"C:\Program Files\Saints Row 2\SR2_pc.exe"="C:\Program Files\Saints Row 2\SR2_pc.exe:*:Disabled:SR2_pc"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Activision\Blur(TM)\Blur.exe"="C:\Program Files\Activision\Blur(TM)\Blur.exe:*:Disabled:Blur"
"C:\Program Files\Ubisoft\Assassin's Creed II\mitm.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\mitm.exe:*:Disabled:mitm"
"C:\Program Files\Ubisoft\Assassin's Creed II\server.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\server.exe:*:Disabled:server"
"C:\Program Files\Codemasters\FUEL\FUEL.exe"="C:\Program Files\Codemasters\FUEL\FUEL.exe:*:Enabled:FUEL"
"C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe"="C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Disabled:iw4mp"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\Left 4 Dead 2\left4dead2.exe"="C:\Program Files\Left 4 Dead 2\left4dead2.exe:*:Disabled:left4dead2"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Activision\Singularity(TM)\Binaries\Singularity.exe"="C:\Program Files\Activision\Singularity(TM)\Binaries\Singularity.exe:*:Enabled:Singularity"
"C:\Program Files\Activision\Prototype\prototypef.exe"="C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"C:\Documents and Settings\owner\Desktop\_20_novoline_games_\gamin16\gamin16\gameunp.exe"="C:\Documents and Settings\owner\Desktop\_20_novoline_games_\gamin16\gamin16\gameunp.exe:*:Disabled:gameunp"
"C:\Program Files\Novomatic\Multi-Gaminator (22in1)\game.exe"="C:\Program Files\Novomatic\Multi-Gaminator (22in1)\game.exe:*:Disabled:game"
"C:\Program Files\NOVOMATIC Gaminator CF1 Final\game.exe"="C:\Program Files\NOVOMATIC Gaminator CF1 Final\game.exe:*:Disabled:game"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\EA Sports\FIFA 11 Demo\Game\fifa.exe"="C:\Program Files\EA Sports\FIFA 11 Demo\Game\fifa.exe:*:Disabled:FIFA 11"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2011\pes2011.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe"="C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Disabled:BlackOps"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-05 13:39:52 ----D---- C:\Program Files\trend micro
2010-12-05 13:39:51 ----D---- C:\rsit
2010-11-27 22:06:43 ----RA---- C:\Documents and Settings\owner\Application Data\BG0Ai.txt
2010-11-26 20:28:55 ----D---- C:\Documents and Settings\owner\Application Data\ScanSpyware
2010-11-25 15:10:12 ----D---- C:\Program Files\Common Files\Borland Shared
2010-11-25 15:10:12 ----A---- C:\windows\system32\DBCLIENT.DLL
2010-11-25 14:32:00 ----D---- C:\Documents and Settings\owner\Application Data\Obsidium
2010-11-25 14:31:56 ----D---- C:\Documents and Settings\All Users\Application Data\AllMyMovies
2010-11-22 18:24:05 ----A---- C:\windows\system32\msvcr100.dll
2010-11-20 20:50:15 ----D---- C:\windows\system32\NtmsData
2010-11-20 20:16:54 ----D---- C:\Program Files\Capcom
2010-11-18 19:54:30 ----A---- C:\windows\system32\kbdkor.dll
2010-11-18 19:54:29 ----A---- C:\windows\system32\kbdjpn.dll
2010-11-18 19:54:29 ----A---- C:\windows\system32\kbd106.dll
2010-11-18 19:54:29 ----A---- C:\windows\system32\kbd103.dll
2010-11-18 19:54:29 ----A---- C:\windows\system32\kbd101c.dll
2010-11-18 19:54:29 ----A---- C:\windows\system32\kbd101b.dll

======List of files/folders modified in the last 1 months======

2010-12-05 13:39:58 ----D---- C:\windows\Prefetch
2010-12-05 13:39:52 ----D---- C:\Program Files
2010-12-05 13:32:03 ----D---- C:\windows\Temp
2010-12-05 13:29:36 ----D---- C:\windows\system32\drivers\Avg
2010-12-05 13:24:39 ----D---- C:\windows\system32\drivers
2010-12-05 13:23:44 ----D---- C:\Program Files\Steam
2010-12-05 09:55:09 ----A---- C:\windows\SchedLgU.Txt
2010-12-04 19:06:38 ----A---- C:\windows\NeroDigital.ini
2010-12-04 15:53:57 ----SHD---- C:\windows\Installer
2010-12-04 15:26:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-04 14:50:05 ----D---- C:\windows\system32\CatRoot2
2010-12-02 18:41:34 ----RSHDC---- C:\windows\system32\dllcache
2010-12-02 15:07:44 ----D---- C:\WINDOWS
2010-11-30 13:52:40 ----D---- C:\windows\Help
2010-11-30 13:52:39 ----D---- C:\windows\system32
2010-11-30 13:52:30 ----RSD---- C:\windows\Fonts
2010-11-29 20:00:32 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-11-29 15:47:13 ----SHD---- C:\RECYCLER
2010-11-28 10:43:33 ----D---- C:\Documents and Settings\owner\Application Data\Tropico 3
2010-11-27 12:11:28 ----SD---- C:\Documents and Settings\owner\Application Data\Microsoft
2010-11-26 20:37:49 ----SD---- C:\windows\Tasks
2010-11-26 15:46:19 ----D---- C:\Program Files\Dont Get Angry 3
2010-11-25 15:10:12 ----D---- C:\Program Files\Common Files
2010-11-25 15:05:30 ----A---- C:\windows\win.ini
2010-11-25 14:28:10 ----D---- C:\Documents and Settings\All Users\Application Data\firebird
2010-11-25 14:18:00 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-11-20 20:50:14 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-11-20 20:26:19 ----D---- C:\windows\system32\DirectX
2010-11-20 20:26:16 ----HD---- C:\windows\inf
2010-11-20 20:25:32 ----RSD---- C:\windows\assembly
2010-11-20 17:03:11 ----D---- C:\Program Files\Activision
2010-11-16 19:28:45 ----D---- C:\Program Files\FreeSoundRecorder
2010-11-14 19:39:11 ----D---- C:\windows\security
2010-11-13 13:00:05 ----D---- C:\windows\system32\CatRoot
2010-11-07 11:43:47 ----D---- C:\Program Files\Microsoft Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 d347bus;d347bus; C:\windows\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\windows\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\windows\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\windows\System32\drivers\sfdrv01.sys [2006-03-26 51200]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\windows\System32\drivers\sfhlp02.sys [2006-03-13 6656]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\windows\System32\drivers\sfsync04.sys [2006-03-24 50176]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-10-10 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\windows\System32\Drivers\avgldx86.sys [2010-08-15 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\windows\System32\Drivers\avgmfx86.sys [2010-08-15 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\windows\System32\Drivers\avgtdix.sys [2010-08-15 243024]
R1 InCDPass;Nero InCDPass; C:\windows\system32\drivers\InCDPass.sys [2008-02-18 36648]
R1 incdrm;Nero InCD MRW Remapper; C:\windows\system32\drivers\InCDRm.sys [2008-02-18 38312]
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R3 Arp1394;1394 ARP Client Protocol; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\windows\system32\drivers\WmBEnum.sys [2009-09-11 22792]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\windows\system32\drivers\WmVirHid.sys [2009-09-11 14984]
R3 WmXlCore;Logitech Translation Layer Driver; C:\windows\system32\drivers\WmXlCore.sys [2009-09-11 66056]
R4 InCDfs;Nero InCD File System; C:\windows\system32\drivers\InCDFs.sys [2008-02-18 118952]
S2 bfnfunqn;bfnfunqn; C:\windows\system32\drivers\bfnfunqn.sys []
S2 bgafpfjb;bgafpfjb; C:\windows\system32\drivers\bgafpfjb.sys []
S2 gijzsaou;gijzsaou; C:\windows\system32\drivers\gijzsaou.sys []
S2 gimnfuqv;gimnfuqv; C:\windows\system32\drivers\gimnfuqv.sys []
S2 hoixifnt;hoixifnt; C:\windows\system32\drivers\hoixifnt.sys []
S2 jvmioarg;jvmioarg; C:\windows\system32\drivers\jvmioarg.sys []
S2 klaycizi;klaycizi; C:\windows\system32\drivers\klaycizi.sys []
S2 lvfofcie;lvfofcie; C:\windows\system32\drivers\lvfofcie.sys []
S2 mcfvgqln;mcfvgqln; C:\windows\system32\drivers\mcfvgqln.sys []
S2 nqmuwvrd;nqmuwvrd; C:\windows\system32\drivers\nqmuwvrd.sys []
S2 nvjddneb;nvjddneb; C:\windows\system32\drivers\nvjddneb.sys []
S2 ochuvmtm;ochuvmtm; C:\windows\system32\drivers\ochuvmtm.sys []
S2 pkzuvoop;pkzuvoop; C:\windows\system32\drivers\pkzuvoop.sys []
S2 qzusciri;qzusciri; C:\windows\system32\drivers\qzusciri.sys []
S2 rifowter;rifowter; C:\windows\system32\drivers\rifowter.sys []
S2 rxciidne;rxciidne; \??\C:\windows\system32\Drivers\rxciidne.sys []
S2 satbbrrf;satbbrrf; C:\windows\system32\drivers\satbbrrf.sys []
S2 sazgfjcr;sazgfjcr; C:\windows\system32\drivers\sazgfjcr.sys []
S2 sbtuqnro;sbtuqnro; C:\windows\system32\drivers\sbtuqnro.sys []
S2 snsbthoh;snsbthoh; C:\windows\system32\drivers\snsbthoh.sys []
S2 uoodrsbs;uoodrsbs; C:\windows\system32\drivers\uoodrsbs.sys []
S2 ybfnsbru;ybfnsbru; C:\windows\system32\drivers\ybfnsbru.sys []
S2 zerscrow;zerscrow; C:\windows\system32\drivers\zerscrow.sys []
S2 zugznfhq;zugznfhq; C:\windows\system32\drivers\zugznfhq.sys []
S2 zumsdvef;zumsdvef; C:\windows\system32\drivers\zumsdvef.sys []
S3 a850yy4t;a850yy4t; C:\windows\system32\drivers\a850yy4t.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\windows\system32\drivers\WmFilter.sys [2009-09-11 35592]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-08-15 308136]
R2 FAH-01;Folding Service #01; C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [2008-06-30 253952]
R2 FAH-02;Folding Service #02; C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
R2 GB-PVR Recording Service;GB-PVR Recording Service; C:\Program Files\Devnz\GBPVR\GBPVRRecordingService.exe [2009-08-30 176128]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2008-02-18 1553704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-03 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
R2 NMSAccess;NMSAccess; C:\Program Files\StudioLine Photo Basic\NMSAccess32.exe [2010-05-06 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-06-10 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-03 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S1 InCDrec;Nero InCD File System Recognizer; C:\windows\system32\drivers\InCDRec.sys [2008-02-18 16040]
S2 adu0ylyyatl;Asset Management Daemon; C:\windows\system32\namuf.exe []
S2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe []
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-10-06 517448]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 05 pro 2010 14:13

Zdravim a pekny den preji

Vy jste se dal na chov konicku trojskych a stadecka rootkitu

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu

Pri stahovani ComboFixu - navod a postup nize - jej ulozte jako Beruska.com

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

mifoIV · #3 Příspěvek od **mifoIV** » 05 pro 2010 15:14

Vypol som bránu firewall, aj avg,spustil som rkill vyhodilo mi toto :

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 05.12.2010 at 14:51:02.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\windows\system32\control.exe

Rkill completed on 05.12.2010 at 14:51:04.

Potom som zapol combo fix,všetko šlo až po certifikát, to som potvrdil ale chcel som sa ešte uistiť či som dobre vypol avg aj všetko,tak som combofix zrušil.Pri dalšom zapnutí mi nabehlo že mmám odinštalovať avg, tak som to spravil ale vyhadzuje to stále že ComboFix cannot run when AVG is installed.This is due to AVGs trageting of combofix files/processes. It would dangerous to continue. Please uinstall AVG or use another tooll.
Ale avg som už odinštaloval.

#4 Příspěvek od **vyosek** » 05 pro 2010 15:24

To je tak kdyz AVG je na prd a keca do prubehu mazacich utilit. Ono i AVG neni moc vhodne zabezpeceni - slaba detekce, vysoke naroky...Pouzijte na jeho odstraneni AVG Remover http://download.avg.com/filedir/util/su ... 1_1165.exe

Po ukonceni leceni, poradne zabezpecime PC

Pak znovu spusste ComboFix

mifoIV · #5 Příspěvek od **mifoIV** » 05 pro 2010 15:44

Odinštaloval som avg spustil rkill potom combofix a už to spravilo :

ComboFix 10-12-04.01 - owner 05.12.2010 15:37:18.1.8 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2038.1578 [GMT 1:00]
Running from: c:\documents and settings\owner\Desktop\beruska.com.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\common.data
c:\documents and settings\owner\Application Data\BG0Ai.txt
c:\recycled\Recycled
c:\windows\daemon.dll
c:\windows\system32\_004767_.tmp.dll
c:\windows\system32\_004768_.tmp.dll
c:\windows\system32\_004769_.tmp.dll
c:\windows\system32\_004770_.tmp.dll
c:\windows\system32\_004777_.tmp.dll
c:\windows\system32\_004778_.tmp.dll
c:\windows\system32\_004779_.tmp.dll
c:\windows\system32\_004780_.tmp.dll
c:\windows\system32\_004782_.tmp.dll
c:\windows\system32\_004783_.tmp.dll
c:\windows\system32\_004786_.tmp.dll
c:\windows\system32\_004787_.tmp.dll
c:\windows\system32\_004790_.tmp.dll
c:\windows\system32\_004791_.tmp.dll
c:\windows\system32\_004793_.tmp.dll
c:\windows\system32\_004796_.tmp.dll
c:\windows\system32\_004797_.tmp.dll
c:\windows\system32\_004802_.tmp.dll
c:\windows\system32\_004804_.tmp.dll
c:\windows\system32\_004807_.tmp.dll
c:\windows\system32\_004809_.tmp.dll
c:\windows\system32\_004810_.tmp.dll
c:\windows\system32\_004811_.tmp.dll
c:\windows\system32\_004812_.tmp.dll
c:\windows\system32\_004813_.tmp.dll
c:\windows\system32\_004816_.tmp.dll
c:\windows\system32\_004817_.tmp.dll
c:\windows\system32\_004818_.tmp.dll
c:\windows\system32\_004819_.tmp.dll
c:\windows\system32\_004820_.tmp.dll
c:\windows\system32\_004825_.tmp.dll
c:\windows\system32\_004827_.tmp.dll
c:\windows\system32\_004828_.tmp.dll
D:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-05 14:26 . 2010-12-05 14:26 82944 ----a-w- c:\windows\system32\drivers\vmqlvfzc.sys
2010-12-05 13:54 . 2010-12-05 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-05 13:16 . 2010-12-05 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Martau
2010-12-05 13:16 . 2010-12-05 13:16 -------- d-----w- c:\program files\Total Uninstall 5
2010-12-05 12:39 . 2010-12-05 12:40 -------- d-----w- c:\program files\trend micro
2010-12-05 12:39 . 2010-12-05 12:40 -------- d-----w- C:\rsit
2010-11-26 19:28 . 2010-11-26 19:38 -------- d-----w- c:\documents and settings\owner\Application Data\ScanSpyware
2010-11-25 14:10 . 2010-11-25 14:10 -------- d-----w- c:\program files\Common Files\Borland Shared
2010-11-25 14:10 . 1999-11-12 04:11 183808 ----a-w- c:\windows\system32\BDEADMIN.CPL
2010-11-25 14:10 . 1999-01-20 04:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL
2010-11-25 13:32 . 2010-11-25 13:32 -------- d-----w- c:\documents and settings\owner\Application Data\Obsidium
2010-11-25 13:31 . 2010-11-25 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AllMyMovies
2010-11-22 17:24 . 2009-08-24 09:15 761152 ----a-w- c:\windows\system32\msvcr100.dll
2010-11-20 19:50 . 2010-11-20 19:51 -------- d-----w- c:\windows\system32\NtmsData
2010-11-20 19:16 . 2010-11-20 19:16 -------- d-----w- c:\program files\Capcom
2010-11-20 16:33 . 2010-11-20 16:33 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Activision
2010-11-18 18:54 . 2001-08-17 21:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-11-18 18:54 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-11-18 18:54 . 2008-04-14 01:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-11-18 18:54 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-11-18 18:54 . 2001-08-17 21:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-11-18 18:54 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-11-18 18:54 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-11-18 18:54 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-11-18 18:54 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-11-18 18:54 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-11-18 18:54 . 2001-08-17 13:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-11-18 18:54 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-11-07 10:42 . 2009-03-29 16:51 6002921 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon\Zoo tycoon CZ.exe
2010-11-05 19:42 . 2010-11-05 19:42 28160 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{04584A06-E3DA-4A8F-A1A9-E91EFF5B6829}\Icon2934BC78.exe
2010-11-05 19:42 . 2010-11-05 19:42 -------- d-----w- c:\program files\Devnz
2010-11-05 18:45 . 2010-11-05 18:48 -------- d-----w- c:\documents and settings\owner\Livestation
2010-11-05 18:45 . 2010-11-05 18:45 -------- d-----w- c:\documents and settings\owner\Application Data\Mchid
2010-11-05 18:45 . 2010-11-05 18:45 -------- d-----w- c:\documents and settings\owner\Application Data\Livestation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-10 09:21 . 2010-10-10 09:21 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-03 15:20 . 2010-06-10 14:51 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-02 14:19 . 2010-10-02 14:19 295424 -c--a-w- c:\windows\system32\bwmedia1.dll
2010-10-02 14:19 . 2010-10-02 14:19 150016 -c--a-w- c:\windows\system32\bwmedia.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
"Google Update"="c:\documents and settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-20 136176]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-18 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\owner\Start Menu\Programs\Startup\
GB-PVR Tray.lnk - c:\program files\Devnz\GBPVR\GBPVRTray.exe [2009-8-30 208896]
PowerReg Scheduler V3.exe [2010-6-18 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-02-18 12:36 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-01-24 10:32 2289664 -c--a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-27 11:03 570664 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 19:01 71216 -c----w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2008-02-18 12:36 1629480 -c--a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Saints Row 2\\SR2_pc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Blur(TM)\\Blur.exe"=
"c:\\Program Files\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Activision\\Singularity(TM)\\Binaries\\Singularity.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [9. 6. 2010 20:29 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [9. 6. 2010 20:29 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10. 10. 2010 10:21 691696]
R2 FAH-01;Folding Service #01;c:\program files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [30. 6. 2008 19:38 253952]
R2 FAH-02;Folding Service #02;c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [30. 6. 2008 19:38 253952]
S2 adu0ylyyatl;Asset Management Daemon;c:\windows\system32\namuf.exe --> c:\windows\system32\namuf.exe [?]
S2 bfnfunqn;bfnfunqn; [x]
S2 bgafpfjb;bgafpfjb; [x]
S2 gijzsaou;gijzsaou; [x]
S2 gimnfuqv;gimnfuqv; [x]
S2 hoixifnt;hoixifnt; [x]
S2 jvmioarg;jvmioarg; [x]
S2 klaycizi;klaycizi; [x]
S2 lvfofcie;lvfofcie; [x]
S2 mcfvgqln;mcfvgqln; [x]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S2 nqmuwvrd;nqmuwvrd; [x]
S2 nvjddneb;nvjddneb; [x]
S2 ochuvmtm;ochuvmtm; [x]
S2 pkzuvoop;pkzuvoop; [x]
S2 qzusciri;qzusciri; [x]
S2 rifowter;rifowter; [x]
S2 rxciidne;rxciidne;\??\c:\windows\system32\Drivers\rxciidne.sys --> c:\windows\system32\Drivers\rxciidne.sys [?]
S2 satbbrrf;satbbrrf; [x]
S2 sazgfjcr;sazgfjcr; [x]
S2 sbtuqnro;sbtuqnro; [x]
S2 snsbthoh;snsbthoh; [x]
S2 uoodrsbs;uoodrsbs; [x]
S2 vmqlvfzc;vmqlvfzc;c:\windows\system32\drivers\vmqlvfzc.sys [5. 12. 2010 15:26 82944]
S2 ybfnsbru;ybfnsbru; [x]
S2 zerscrow;zerscrow; [x]
S2 zugznfhq;zugznfhq; [x]
S2 zumsdvef;zumsdvef; [x]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 10:30 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1659004503-839522115-1003Core.job
- c:\documents and settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 18:48]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1659004503-839522115-1003UA.job
- c:\documents and settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-20 18:48]

2010-12-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-16 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mydtzone.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Livestation - c:\program files\Livestation\Livestation.exe
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-vmqlvfzc

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 15:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:fc,40,0b,84,6c,76,6e,44,01,f5,9f,19,a2,b8,8f,27,0e,54,20,a4,b6,
f2,ab,67,9d,12,83,4c,98,49,d9,fa,82,72,aa,03,08,a8,0f,e8,95,b0,9d,69,b0,61,\
"rkeysecu"=hex:99,99,3b,e1,ff,68,0f,e4,ba,28,3e,4d,d9,fc,6d,02

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-12-05 15:43:20
ComboFix-quarantined-files.txt 2010-12-05 14:43

Pre-Run: 276 728 074 240 bytes free
Post-Run: 277 163 659 264 bytes free

- - End Of File - - 1914A334BDB6BE43DAFF5AA3507B0805

#6 Příspěvek od **vyosek** » 05 pro 2010 15:53

Pokud nemate, tak presunte Combofix (Berusku) na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Collect::
c:\windows\system32\drivers\vmqlvfzc.sys
c:\windows\system32\namuf.exe
c:\windows\system32\Drivers\rxciidne.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"=-
"Google Update"=-
"Steam"=-
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

Driver::
bfnfunqn
bgafpfjb
gijzsaou
gimnfuqv
hoixifnt
jvmioarg
klaycizi
lvfofcie
mcfvgqln
nqmuwvrd
nvjddneb
ochuvmtm
pkzuvoop
qzusciri
rifowter
rxciidne
satbbrrf
sazgfjcr
sbtuqnro
snsbthoh
uoodrsbs
vmqlvfzc
ybfnsbru
zerscrow
zugznfhq
zumsdvef
SetupNTGLM7X

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1659004503-839522115-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1659004503-839522115-1003UA.job

DDS::
uStart Page = hxxp://www.mydtzone.com/

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

mifoIV · #7 Příspěvek od **mifoIV** » 05 pro 2010 16:07

Hádam som to spravil správne :

ComboFix 10-12-04.01 - owner 05.12.2010 15:58:19.2.8 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2038.1519 [GMT 1:00]
Running from: c:\documents and settings\owner\Desktop\beruska.com.exe
Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1659004503-839522115-1003Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1659004503-839522115-1003UA.job"

file zipped: c:\windows\system32\drivers\vmqlvfzc.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\vmqlvfzc.sys
c:\windows\system32\SET4C7.tmp
c:\windows\system32\SET743.tmp
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1659004503-839522115-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1659004503-839522115-1003UA.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SETUPNTGLM7X
-------\Legacy_VMQLVFZC
-------\Service_bfnfunqn
-------\Service_bgafpfjb
-------\Service_gijzsaou
-------\Service_gimnfuqv
-------\Service_hoixifnt
-------\Service_jvmioarg
-------\Service_klaycizi
-------\Service_lvfofcie
-------\Service_mcfvgqln
-------\Service_nqmuwvrd
-------\Service_nvjddneb
-------\Service_ochuvmtm
-------\Service_pkzuvoop
-------\Service_qzusciri
-------\Service_rifowter
-------\Service_rxciidne
-------\Service_satbbrrf
-------\Service_sazgfjcr
-------\Service_sbtuqnro
-------\Service_SetupNTGLM7X
-------\Service_snsbthoh
-------\Service_uoodrsbs
-------\Service_vmqlvfzc
-------\Service_ybfnsbru
-------\Service_zerscrow
-------\Service_zugznfhq
-------\Service_zumsdvef

((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-05 13:54 . 2010-12-05 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-05 13:16 . 2010-12-05 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Martau
2010-12-05 13:16 . 2010-12-05 13:16 -------- d-----w- c:\program files\Total Uninstall 5
2010-12-05 12:39 . 2010-12-05 12:40 -------- d-----w- c:\program files\trend micro
2010-12-05 12:39 . 2010-12-05 12:40 -------- d-----w- C:\rsit
2010-11-26 19:28 . 2010-11-26 19:38 -------- d-----w- c:\documents and settings\owner\Application Data\ScanSpyware
2010-11-25 14:10 . 2010-11-25 14:10 -------- d-----w- c:\program files\Common Files\Borland Shared
2010-11-25 14:10 . 1999-11-12 04:11 183808 ----a-w- c:\windows\system32\BDEADMIN.CPL
2010-11-25 14:10 . 1999-01-20 04:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL
2010-11-25 13:32 . 2010-11-25 13:32 -------- d-----w- c:\documents and settings\owner\Application Data\Obsidium
2010-11-25 13:31 . 2010-11-25 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AllMyMovies
2010-11-22 17:24 . 2009-08-24 09:15 761152 ----a-w- c:\windows\system32\msvcr100.dll
2010-11-20 19:50 . 2010-11-20 19:51 -------- d-----w- c:\windows\system32\NtmsData
2010-11-20 19:16 . 2010-11-20 19:16 -------- d-----w- c:\program files\Capcom
2010-11-20 16:33 . 2010-11-20 16:33 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Activision
2010-11-18 18:54 . 2001-08-17 21:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-11-18 18:54 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-11-18 18:54 . 2008-04-14 01:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-11-18 18:54 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-11-18 18:54 . 2001-08-17 21:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-11-18 18:54 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-11-18 18:54 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-11-18 18:54 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-11-18 18:54 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-11-18 18:54 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-11-18 18:54 . 2001-08-17 13:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-11-18 18:54 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-11-07 10:42 . 2009-03-29 16:51 6002921 ----a-w- c:\program files\Microsoft Games\Zoo Tycoon\Zoo tycoon CZ.exe
2010-11-05 19:42 . 2010-11-05 19:42 28160 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{04584A06-E3DA-4A8F-A1A9-E91EFF5B6829}\Icon2934BC78.exe
2010-11-05 19:42 . 2010-11-05 19:42 -------- d-----w- c:\program files\Devnz
2010-11-05 18:45 . 2010-11-05 18:48 -------- d-----w- c:\documents and settings\owner\Livestation
2010-11-05 18:45 . 2010-11-05 18:45 -------- d-----w- c:\documents and settings\owner\Application Data\Mchid
2010-11-05 18:45 . 2010-11-05 18:45 -------- d-----w- c:\documents and settings\owner\Application Data\Livestation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-10 09:21 . 2010-10-10 09:21 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-03 15:20 . 2010-06-10 14:51 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-02 14:19 . 2010-10-02 14:19 295424 -c--a-w- c:\windows\system32\bwmedia1.dll
2010-10-02 14:19 . 2010-10-02 14:19 150016 -c--a-w- c:\windows\system32\bwmedia.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-05_14.42.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-05 15:02 . 2010-12-05 15:02 16384 c:\windows\Temp\Perflib_Perfdata_f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\owner\Start Menu\Programs\Startup\
GB-PVR Tray.lnk - c:\program files\Devnz\GBPVR\GBPVRTray.exe [2009-8-30 208896]
PowerReg Scheduler V3.exe [2010-6-18 225280]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Saints Row 2\\SR2_pc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Blur(TM)\\Blur.exe"=
"c:\\Program Files\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Activision\\Singularity(TM)\\Binaries\\Singularity.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [9. 6. 2010 20:29 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [9. 6. 2010 20:29 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10. 10. 2010 10:21 691696]
R2 FAH-01;Folding Service #01;c:\program files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [30. 6. 2008 19:38 253952]
R2 FAH-02;Folding Service #02;c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [30. 6. 2008 19:38 253952]
S2 adu0ylyyatl;Asset Management Daemon;c:\windows\system32\namuf.exe --> c:\windows\system32\namuf.exe [?]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 10:30 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-16 20:18]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 16:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:fc,40,0b,84,6c,76,6e,44,01,f5,9f,19,a2,b8,8f,27,0e,54,20,a4,b6,
f2,ab,67,9d,12,83,4c,98,49,d9,fa,82,72,aa,03,08,a8,0f,e8,95,b0,9d,69,b0,61,\
"rkeysecu"=hex:99,99,3b,e1,ff,68,0f,e4,ba,28,3e,4d,d9,fc,6d,02
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2548)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\windows\system32\Msi.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\1029\owci10.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\1029\owci11.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Devnz\GBPVR\GBPVRRecordingService.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2010-12-05 16:05:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-05 15:05
ComboFix2.txt 2010-12-05 14:43

Pre-Run: 277 175 853 056 bytes free
Post-Run: 22 adresárov, 277 082 931 200 voľných bajtov

- - End Of File - - AFB6DE080663B3492ED9C439BE5265B7

#8 Příspěvek od **vyosek** » 05 pro 2010 16:09

Ano, udelal, ale jedna mrska se nam tam drzi

Stahnete Avenger (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

Kód: Vybrat vše

Files to delete:
c:\windows\system32\namuf.exe

Drivers to delete:
adu0ylyyatl

Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

mifoIV · #9 Příspěvek od **mifoIV** » 05 pro 2010 16:21

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "c:\windows\system32\namuf.exe" not found!
Deletion of file "c:\windows\system32\namuf.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "adu0ylyyatl" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#10 Příspěvek od **vyosek** » 05 pro 2010 16:25

Jak se chova PC

mifoIV · #11 Příspěvek od **mifoIV** » 05 pro 2010 16:28

Zatial normálne, neviem , ako by sa mal chovať ? Všetko v poriadku, také isté reakcie ako mal.Prečo, neni niečo v poriadku?

#12 Příspěvek od **vyosek** » 05 pro 2010 16:33

No ptam se jestli je v poradku, jestli uz antivir neotravuje apod...

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Zabezpecete PC - clanek a doporuceni je zde http://www.viry.cz/forum/viewtopic.php?f=29&t=6152

Dejte novy log z RSIT

mifoIV · #13 Příspěvek od **mifoIV** » 05 pro 2010 16:37

Antivirus som vymazal, teraz ho inštalujem. Ked sa nainštaluje vrhnem sa na dalšie pokyny a napíšem.Zatial velmi dakujem

#14 Příspěvek od **vyosek** » 05 pro 2010 16:41

Ok, pockam na zaverecny log z RSIT...

mifoIV · #15 Příspěvek od **mifoIV** » 05 pro 2010 17:18

Logfile of random's system information tool 1.08 (written by random/random)
Run by owner at 2010-12-05 17:17:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 268 GB (56%) free of 477 GB
Total RAM: 2038 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:17:50, on 5.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\RTHDCPL.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Devnz\GBPVR\GBPVRTray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\windows\system32\msiexec.exe
C:\Documents and Settings\owner\Desktop\RSIT.exe
C:\Program Files\trend micro\owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 7175 bytes

======Scheduled tasks folder======

C:\windows\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-06-14 97760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-11-04 2731360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2008-10-28 17331200]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-09-17 153608]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-10-22 2745696]

C:\Documents and Settings\owner\Start Menu\Programs\Startup
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Codemasters\DiRT2\dirt2_game.exe"="C:\Program Files\Codemasters\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"C:\Program Files\Saints Row 2\SR2_pc.exe"="C:\Program Files\Saints Row 2\SR2_pc.exe:*:Disabled:SR2_pc"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Activision\Blur(TM)\Blur.exe"="C:\Program Files\Activision\Blur(TM)\Blur.exe:*:Disabled:Blur"
"C:\Program Files\Codemasters\FUEL\FUEL.exe"="C:\Program Files\Codemasters\FUEL\FUEL.exe:*:Enabled:FUEL"
"C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe"="C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Disabled:iw4mp"
"C:\Program Files\Left 4 Dead 2\left4dead2.exe"="C:\Program Files\Left 4 Dead 2\left4dead2.exe:*:Disabled:left4dead2"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Activision\Singularity(TM)\Binaries\Singularity.exe"="C:\Program Files\Activision\Singularity(TM)\Binaries\Singularity.exe:*:Enabled:Singularity"
"C:\Program Files\Activision\Prototype\prototypef.exe"="C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe"="C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Disabled:BlackOps"
"C:\Program Files\AVG\AVG10\avgdiagex.exe"="C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostika 2011"
"C:\Program Files\AVG\AVG10\avgnsx.exe"="C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG10\avgam.exe"="C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:Správce událostí AVG"
"C:\Program Files\AVG\AVG10\avgemcx.exe"="C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Obecná kontrola pošty"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-05 17:17:15 ----D---- C:\rsit
2010-12-05 17:15:49 ----SHD---- C:\Config.Msi
2010-12-05 17:12:01 ----D---- C:\Program Files\CCleaner
2010-12-05 16:55:50 ----SHD---- C:\RECYCLER
2010-12-05 16:44:42 ----D---- C:\Documents and Settings\owner\Application Data\AVG10
2010-12-05 16:43:32 ----HD---- C:\Documents and Settings\All Users\Application Data\Common Files
2010-12-05 16:42:45 ----D---- C:\windows\system32\drivers\AVG
2010-12-05 16:42:45 ----D---- C:\Documents and Settings\All Users\Application Data\AVG10
2010-12-05 16:42:22 ----D---- C:\Program Files\AVG
2010-12-05 14:54:37 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2010-12-05 14:42:48 ----AD---- C:\Qoobox
2010-12-05 14:16:23 ----D---- C:\Documents and Settings\All Users\Application Data\Martau
2010-12-05 14:16:21 ----D---- C:\Program Files\Total Uninstall 5
2010-12-05 14:12:19 ----A---- C:\SLDD.ini.bak
2010-12-05 14:12:16 ----A---- C:\SLDD.ini
2010-12-05 13:39:52 ----D---- C:\Program Files\trend micro
2010-11-26 20:28:55 ----D---- C:\Documents and Settings\owner\Application Data\ScanSpyware
2010-11-25 15:10:12 ----D---- C:\Program Files\Common Files\Borland Shared
2010-11-25 15:10:12 ----A---- C:\windows\system32\DBCLIENT.DLL
2010-11-25 14:32:00 ----D---- C:\Documents and Settings\owner\Application Data\Obsidium
2010-11-25 14:31:56 ----D---- C:\Documents and Settings\All Users\Application Data\AllMyMovies
2010-11-22 18:24:05 ----A---- C:\windows\system32\msvcr100.dll
2010-11-20 20:50:15 ----D---- C:\windows\system32\NtmsData
2010-11-20 20:16:54 ----D---- C:\Program Files\Capcom
2010-11-18 19:54:30 ----A---- C:\windows\system32\kbdkor.dll
2010-11-18 19:54:29 ----A---- C:\windows\system32\kbdjpn.dll
2010-11-18 19:54:29 ----A---- C:\windows\system32\kbd106.dll
2010-11-18 19:54:29 ----A---- C:\windows\system32\kbd103.dll
2010-11-18 19:54:29 ----A---- C:\windows\system32\kbd101c.dll
2010-11-18 19:54:29 ----A---- C:\windows\system32\kbd101b.dll
2010-11-09 22:20:58 ----A---- C:\windows\system32\drivers\avgtdix.sys

======List of files/folders modified in the last 1 months======

2010-12-05 17:17:34 ----D---- C:\windows\Temp
2010-12-05 17:17:24 ----D---- C:\windows\Prefetch
2010-12-05 17:16:34 ----SHD---- C:\windows\Installer
2010-12-05 17:12:01 ----D---- C:\Program Files
2010-12-05 17:09:41 ----D---- C:\windows\system32\CatRoot2
2010-12-05 17:09:29 ----D---- C:\windows\system32
2010-12-05 17:02:19 ----A---- C:\windows\SchedLgU.Txt
2010-12-05 17:02:10 ----D---- C:\WINDOWS
2010-12-05 16:59:12 ----SHD---- C:\System Volume Information
2010-12-05 16:59:12 ----D---- C:\windows\system32\Restore
2010-12-05 16:55:29 ----D---- C:\windows\Minidump
2010-12-05 16:43:14 ----HD---- C:\windows\inf
2010-12-05 16:43:14 ----D---- C:\windows\system32\drivers
2010-12-05 16:42:39 ----RSHDC---- C:\windows\system32\dllcache
2010-12-05 16:42:17 ----D---- C:\windows\WinSxS
2010-12-05 16:02:39 ----A---- C:\windows\system.ini
2010-12-05 16:02:28 ----D---- C:\windows\system32\drivers\etc
2010-12-05 16:00:43 ----D---- C:\windows\system32\config
2010-12-05 16:00:31 ----SD---- C:\windows\Tasks
2010-12-05 15:59:24 ----D---- C:\windows\AppPatch
2010-12-05 15:59:20 ----D---- C:\Program Files\Common Files
2010-12-05 15:30:53 ----D---- C:\Program Files\Steam
2010-12-05 15:28:52 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-12-05 15:28:43 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-12-05 14:45:48 ----SD---- C:\Documents and Settings\owner\Application Data\Microsoft
2010-12-05 14:39:21 ----A---- C:\windows\NeroDigital.ini
2010-12-05 14:12:36 ----D---- C:\DataBase
2010-12-05 14:12:33 ----D---- C:\Galleries
2010-12-05 14:12:29 ----D---- C:\Log
2010-12-04 15:26:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-30 13:52:40 ----D---- C:\windows\Help
2010-11-30 13:52:30 ----RSD---- C:\windows\Fonts
2010-11-28 10:43:33 ----D---- C:\Documents and Settings\owner\Application Data\Tropico 3
2010-11-25 15:05:30 ----A---- C:\windows\win.ini
2010-11-25 14:28:10 ----D---- C:\Documents and Settings\All Users\Application Data\firebird
2010-11-25 14:18:00 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-11-20 20:50:14 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-11-20 20:26:19 ----D---- C:\windows\system32\DirectX
2010-11-20 20:25:32 ----RSD---- C:\windows\assembly
2010-11-20 17:03:11 ----D---- C:\Program Files\Activision
2010-11-16 19:28:45 ----D---- C:\Program Files\FreeSoundRecorder
2010-11-14 19:39:11 ----D---- C:\windows\security
2010-11-13 13:00:05 ----D---- C:\windows\system32\CatRoot
2010-11-07 11:43:47 ----D---- C:\Program Files\Microsoft Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 d347bus;d347bus; C:\windows\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\windows\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\windows\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\windows\System32\drivers\sfdrv01.sys [2006-03-26 51200]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\windows\System32\drivers\sfhlp02.sys [2006-03-13 6656]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\windows\System32\drivers\sfsync04.sys [2006-03-24 50176]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-10-10 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Avgldx86;AVG AVI Loader Driver; C:\windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\windows\system32\DRIVERS\avgtdix.sys [2010-11-09 299984]
R1 InCDPass;Nero InCDPass; C:\windows\system32\drivers\InCDPass.sys [2008-02-18 36648]
R1 incdrm;Nero InCD MRW Remapper; C:\windows\system32\drivers\InCDRm.sys [2008-02-18 38312]
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R3 Arp1394;1394 ARP Client Protocol; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Avgfwdx;Avgfwdx; C:\windows\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
R3 AVGIDSDriver;AVGIDSDriver; C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; C:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 26192]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\windows\system32\drivers\WmBEnum.sys [2009-09-11 22792]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\windows\system32\drivers\WmVirHid.sys [2009-09-11 14984]
R3 WmXlCore;Logitech Translation Layer Driver; C:\windows\system32\drivers\WmXlCore.sys [2009-09-11 66056]
R4 InCDfs;Nero InCD File System; C:\windows\system32\drivers\InCDFs.sys [2008-02-18 118952]
S3 atusjfqi;atusjfqi; C:\windows\system32\drivers\atusjfqi.sys []
S3 Avgfwfd;AVG network filter service; C:\windows\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\windows\system32\drivers\WmFilter.sys [2009-09-11 35592]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG10\avgfws.exe [2010-11-09 3229728]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 FAH-01;Folding Service #01; C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [2008-06-30 253952]
R2 FAH-02;Folding Service #02; C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2008-02-18 1553704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-03 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-06-10 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-03 14336]
S1 InCDrec;Nero InCD File System Recognizer; C:\windows\system32\drivers\InCDRec.sys [2008-02-18 16040]
S2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe []
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

VIRY.CZ

Trojský kôň BackDoor.Generic13.SYH

Trojský kôň BackDoor.Generic13.SYH

Re: Trojský kôň BackDoor.Generic13.SYH

Re: Trojský kôň BackDoor.Generic13.SYH

Re: Trojský kôň BackDoor.Generic13.SYH

Re: Trojský kôň BackDoor.Generic13.SYH

Re: Trojský kôň BackDoor.Generic13.SYH

Re: Trojský kôň BackDoor.Generic13.SYH

Re: Trojský kôň BackDoor.Generic13.SYH

Re: Trojský kôň BackDoor.Generic13.SYH

Re: Trojský kôň BackDoor.Generic13.SYH

Re: Trojský kôň BackDoor.Generic13.SYH

Re: Trojský kôň BackDoor.Generic13.SYH

Re: Trojský kôň BackDoor.Generic13.SYH

Re: Trojský kôň BackDoor.Generic13.SYH

Re: Trojský kôň BackDoor.Generic13.SYH