VIRY.CZ

Zdravim. Mam problem s tímto nejspis trojanem. Po kazdem spusteni ntb ukazuje problem v jinem souboru, ani jsem neklikal dal, ale predpokladam ze mi to doporuci nejaky super antiviry, ktery to odstrani, kdyz zaplatim... Kdyz se pokousim spustit Spravce uloh, prohlizece a mozna jeste nejake jine programy, tak jenom probliknou a vypnou se. exe soubor ze ktereho to nejspis pochazi jsem uz odstranil (bohuzel avg nic nenasel, kdyz jsem ho kontroloval pred spustenim). Zde prikladam log z RSIT.. Prozatim dekuji za pomoc

Logfile of random's system information tool 1.08 (written by random/random)
Run by KL Intermoto at 2010-12-08 11:05:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (1%) free of 238 GB
Total RAM: 2047 MB (71% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-115176313-1417001333-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-115176313-1417001333-1003UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-11-25 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nuclear Games Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nuclear Games Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-20 8462336]
"nwiz"=nwiz.exe /install []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-09 17021440]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-06-29 89541]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-11-25 2069344]
"LMANAGER"=C:\Program Files\Links Manager\Links Manager.exe notify []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-08-10 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-09-01 421160]
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-11-04 2087424]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"Adobe_ID0ENQBO"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE [2008-08-15 378224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\KL Intermoto\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-07-03 133104]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2010-10-30 2975640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
VPN Client.lnk - C:\WINDOWS\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-17 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Hry\Sacred - underworld\sacred.exe"="C:\Hry\Sacred - underworld\sacred.exe:*:Enabled:Sacred"
"C:\Hry\Sacred - underworld\gameserver.exe"="C:\Hry\Sacred - underworld\gameserver.exe:*:Enabled:Sacred Gameserver"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Hry\TmNationsForever\TmForever.exe"="C:\Hry\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe"="C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe:*:Enabled:Logitech"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Hry\Lotro\lotroclient.exe"="C:\Hry\Lotro\lotroclient.exe:*:Enabled:lotroclient"
"C:\Hry\DDO Unlimited\dndclient.exe"="C:\Hry\DDO Unlimited\dndclient.exe:*:Enabled:dndclient"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"
"C:\Program Files\ASUS\Printer Utilities\UsbService.exe"="C:\Program Files\ASUS\Printer Utilities\UsbService.exe:*:Enabled:ASUS Virtual USB Service"
"D:\Printer\Printer.exe"="D:\Printer\Printer.exe:*:Enabled:ASUS Virtual USB Utility"
"C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe"="C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe:*:Enabled:Adobe Flash CS4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 1 months======

2010-12-08 11:05:39 ----D---- C:\rsit
2010-12-08 11:05:39 ----D---- C:\Program Files\trend micro
2010-12-08 10:45:14 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-08 10:45:10 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-08 10:45:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-07 22:57:13 ----ASH---- C:\hiberfil.sys
2010-12-07 19:20:50 ----A---- C:\WINDOWS\avgrep.txt
2010-12-07 19:05:20 ----A---- C:\Documents and Settings\KL Intermoto\Data aplikací\jkgbkhjkv.bat
2010-12-07 19:05:20 ----A---- C:\Documents and Settings\KL Intermoto\Data aplikací\hotfix.exe
2010-12-01 16:14:29 ----A---- C:\crlog_.tot.tmp
2010-11-30 13:29:11 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-28 21:45:21 ----RA---- C:\WINDOWS\system32\drivers\vuhub.sys
2010-11-26 17:44:11 ----D---- C:\Program Files\PSPad editor
2010-11-22 16:29:12 ----D---- C:\Documents and Settings\KL Intermoto\Data aplikací\com.adobe.ExMan
2010-11-18 14:10:36 ----A---- C:\WINDOWS\system32\drivers\PCASp50a64.sys
2010-11-18 14:10:36 ----A---- C:\WINDOWS\system32\drivers\PCASp50.sys
2010-11-18 14:10:36 ----A---- C:\WINDOWS\system32\ASIW32N50.dll
2010-11-18 14:10:36 ----A---- C:\WINDOWS\system32\ASINDIS5.sys
2010-11-18 14:10:32 ----D---- C:\Program Files\ASUS
2010-11-16 18:16:26 ----RA---- C:\WINDOWS\system32\AdobePDFUI.dll
2010-11-16 18:16:26 ----RA---- C:\WINDOWS\system32\AdobePDF.dll
2010-11-16 17:31:38 ----D---- C:\Program Files\Adobe Media Player
2010-11-16 17:26:14 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-11-15 20:15:45 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt

======List of files/folders modified in the last 1 months======

2010-12-08 11:05:39 ----RD---- C:\Program Files
2010-12-08 11:03:26 ----D---- C:\WINDOWS\system32
2010-12-08 11:03:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-08 11:02:17 ----D---- C:\WINDOWS\Temp
2010-12-08 10:59:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-08 10:45:14 ----D---- C:\WINDOWS\system32\drivers
2010-12-07 19:20:50 ----D---- C:\WINDOWS
2010-12-07 18:53:10 ----SHD---- C:\WINDOWS\Installer
2010-12-07 18:38:55 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-12-07 13:31:01 ----D---- C:\WINDOWS\Prefetch
2010-12-07 09:35:19 ----A---- C:\WINDOWS\wincmd.ini
2010-12-06 15:14:28 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-12-06 09:14:53 ----D---- C:\WINDOWS\Minidump
2010-12-01 16:14:17 ----D---- C:\Documents and Settings\KL Intermoto\Data aplikací\Adobe
2010-11-30 19:56:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-30 15:28:04 ----RSD---- C:\WINDOWS\Fonts
2010-11-29 15:32:00 ----D---- C:\Documents and Settings\KL Intermoto\Data aplikací\vlc
2010-11-28 21:45:20 ----HD---- C:\WINDOWS\inf
2010-11-26 17:03:03 ----D---- C:\Documents and Settings\KL Intermoto\Data aplikací\XnView
2010-11-25 14:54:46 ----SD---- C:\Documents and Settings\KL Intermoto\Data aplikací\Microsoft
2010-11-19 18:22:36 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2010-11-18 14:10:27 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-17 23:50:59 ----D---- C:\Program Files\Common Files\Adobe
2010-11-17 12:34:43 ----D---- C:\Program Files\Adobe
2010-11-17 12:21:48 ----D---- C:\WINDOWS\WinSxS
2010-11-17 10:36:28 ----D---- C:\Program Files\Common Files
2010-11-16 22:19:18 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-11-16 18:17:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-11-15 18:17:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\SeoAdministrator
2010-11-11 08:54:03 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-10 23:31:48 ----A---- C:\WINDOWS\system32\semtempl.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 O2MDRDR;O2MDRDR; C:\WINDOWS\system32\DRIVERS\o2media.sys [2007-04-03 39680]
R0 O2SDRDR;O2SDRDR; C:\WINDOWS\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-07-09 45200]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-03-27 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-17 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-03 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-17 243024]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SSHDRV85;SSHDRV85; \??\C:\WINDOWS\system32\drivers\SSHDRV85.sys []
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-01-30 278728]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-30 25416]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-29 1160320]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-08-28 131856]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-07-06 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-13 4879360]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-11-17 3636864]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-20 6804416]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vuhub;Virtual Usb Hub; C:\WINDOWS\system32\DRIVERS\vuhub.sys [2007-12-20 66432]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 azvjgqa7;azvjgqa7; C:\WINDOWS\system32\drivers\azvjgqa7.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-12-30 101120]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\WINDOWS\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-11-28 52800]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2006-11-30 113792]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-10-05 73600]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2006-11-22 53504]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2006-10-27 40960]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2009-01-13 1528608]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-20 155716]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Oz128 Driver\o2flash.exe [2007-02-12 65536]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 77824]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UsbService;ASUS Virtual MFP Service; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [2008-07-21 217088]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-11-04 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-09-22 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-11-16 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 820008]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-02-24 3432444]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

Po vypnutí rezidentního štítu combofix i nadale rika, ze mam odinstalovat avg nebo pouzit jiny nastroj...

no bohuzial AVG je nepriatelske voci CF, ale v tomto pripade by som doporucil odinstalovat AVG a vratit ho po vycisteni ,,,

možná místo AVG by bylo do budoucna lepší použít jiný antivirovy program? Bohuzel ale potrebuji free program...

při odinstalovavani AVG to vyhodi tuto hlasku:
Tento počítač: instalace selhala
Instalace:
Chyba: Selhala akce pro klíč registru HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: vytváření registrového klíče....
Přístup je odepřen.

pouzi odinstalator - http://www.viry.cz/forum/viewtopic.php? ... VG#p929853

hláška Microsoft Security Essentials Alert se prestala zobrazovat po prvnim nepovedenym spusteni combofixu coz nechapu proc.. po odinstalaci avg combofix jede normalne. tady je log:


ComboFix 10-12-07.04 - KL Intermoto 08.12.2010 12:50:00.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1521 [GMT 1:00]
Spuštěný z: c:\documents and settings\KL Intermoto\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-08 do 2010-12-08 )))))))))))))))))))))))))))))))
.

2010-12-08 10:05 . 2010-12-08 10:05 -------- d-----w- C:\rsit
2010-12-08 10:05 . 2010-12-08 10:05 -------- d-----w- c:\program files\trend micro
2010-12-08 09:45 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 09:45 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 09:45 . 2010-12-08 09:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-07 18:05 . 2010-12-07 18:05 601088 ----a-w- c:\documents and settings\KL Intermoto\Data aplikací\hotfix.exe
2010-12-07 18:05 . 2010-12-07 18:05 302 ----a-w- c:\documents and settings\KL Intermoto\Data aplikací\jkgbkhjkv.bat
2010-12-01 15:14 . 2010-12-01 15:14 110168 ----a-w- C:\crlog_.tot.tmp
2010-11-28 20:45 . 2007-12-20 09:55 66432 ----a-r- c:\windows\system32\drivers\vuhub.sys
2010-11-26 16:44 . 2010-11-26 16:44 -------- d-----w- c:\program files\PSPad editor
2010-11-22 15:29 . 2010-11-22 15:29 -------- d-----w- c:\documents and settings\KL Intermoto\Library
2010-11-22 15:29 . 2010-11-22 15:29 -------- d-----w- c:\documents and settings\KL Intermoto\Data aplikací\com.adobe.ExMan
2010-11-18 13:10 . 2006-11-28 20:46 52800 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2010-11-18 13:10 . 2006-11-28 20:46 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
2010-11-18 13:10 . 2003-04-21 20:46 61440 ----a-w- c:\windows\system32\ASIW32N50.dll
2010-11-18 13:10 . 2002-09-10 18:35 16302 ----a-w- c:\windows\system32\ASINDIS5.sys
2010-11-18 13:10 . 2001-04-16 04:48 15577 ----a-w- c:\windows\system32\ASINDIS3.vxd
2010-11-18 13:10 . 2010-11-28 20:45 -------- d-----w- c:\program files\ASUS
2010-11-16 17:16 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-11-16 17:16 . 2008-04-07 04:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-11-16 16:31 . 2010-11-16 16:31 -------- d-----w- c:\program files\Adobe Media Player
2010-11-16 16:26 . 2010-11-16 16:26 -------- d-----w- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-30 14:11 . 2010-11-30 14:11 1072 ----a-w- c:\windows\Fonts\AMINB___.PFM
2010-11-10 22:31 . 2010-10-14 07:51 914944 ----a-w- c:\windows\system32\semtempl.dll
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 06:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 06:51 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-15 02:50 . 2010-10-14 08:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2009-06-05 14:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:52 . 2008-06-03 16:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-06-03 16:07 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-06-03 16:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
.

------- Sigcheck -------

[-] 2008-06-03 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\KL Intermoto\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-07-03 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-30 2975640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-20 8462336]
"nwiz"="nwiz.exe" [2007-06-20 1626112]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2010-9-15 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 14:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Hry\\Sacred - underworld\\sacred.exe"=
"c:\\Hry\\Sacred - underworld\\gameserver.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Hry\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Hry\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\ASUS\\Printer Utilities\\UsbService.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS4\\Flash.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2006:TCP"= 2006:TCP:5.188.116.76/255.255.255.255,5.188.121.0/255.255.255.0:Enabled:c:\hry\Sacred - underworld\sacred.exe
"56801:TCP"= 56801:TCP:Pando Media Booster
"56801:UDP"= 56801:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [5.6.2009 15:29 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [5.6.2009 15:29 35712]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.7.2009 17:20 691696]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [5.7.2009 21:35 78848]
R2 UsbService;ASUS Virtual MFP Service;c:\program files\ASUS\Printer Utilities\UsbService.exe [28.11.2010 21:45 217088]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4.11.2008 10:39 14336]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [28.11.2010 21:45 66432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22.9.2008 7:00 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 5:46 284016]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [28.6.2010 15:01 18432]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-22 06:00]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-22 06:00]

2010-12-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All by ASUS Download - c:\program files\ASUS\WL-500gP V2 Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files\ASUS\WL-500gP V2 Wireless Router Utilities\ASDownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Stáhnout Star Downloaderem - c:\program files\Star Downloader\sdie.htm
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
FF - ProfilePath - c:\documents and settings\KL Intermoto\Data aplikací\Mozilla\Firefox\Profiles\xlt0h5ei.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\KL Intermoto\Data aplikací\Mozilla\Firefox\Profiles\xlt0h5ei.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.txt=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-LMANAGER - c:\program files\Links Manager\Links Manager.exe
HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
Notify-avgrsstarter - avgrsstx.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 12:59
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1935655697-115176313-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:a8,a3,7b,c4,f9,eb,7b,17,22,5c,00,f1,7a,38,48,9c,c1,0d,cb,e2,6a,
f5,65,b0,22,8f,f8,6d,c7,60,ee,79,32,ae,9d,1f,94,bf,74,bd,a8,79,5a,5a,54,5a,\
"rkeysecu"=hex:65,23,f7,42,3a,37,43,04,47,5c,34,57,1c,af,fc,f6
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1496)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-12-08 13:01:45
ComboFix-quarantined-files.txt 2010-12-08 12:01

Před spuštěním: 3 928 522 752
Po spuštění: 6 725 136 384

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 44A17D2D22C1C5A0FD73131247C6E864

1. odinstaluj ASK Toolbar
2. otestuj na www.virustotal.com c:\documents and settings\KL Intermoto\Data aplikací\hotfix.exe
3. prescanuj s MBAM
4. doinstaluj Aviru a prescanuj PC

1. odinstalováno
2. ve 3/4 antiru to naslo Win32:FakeAV-AZF apod..
3. MBAM našel toto a smazal:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5270

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8.12.2010 14:37:02
mbam-log-2010-12-08 (14-37-02).txt

Typ kontroly: Rychlý test
Testované objekty: 165972
Uplynulý čas: 4 minut, 13 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 7
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-Internetsecurity10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is10-soft-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-Internetsecurity10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\kl intermoto\data aplikací\hotfix.exe (Rogue.ThinkPoint) -> Quarantined and deleted successfully.
c:\documents and settings\kl intermoto\data aplikací\jkgbkhjkv.bat (Malware.Trace) -> Quarantined and deleted successfully.

4. po restartu pridam

super, myslim, ze po vykonani bodu 4 bude cisto ako v zrkadlovom haji

REstart začal v pohodě, ale jakmile jsem dal. přihlásit se do systému, tak to načte nastavení, ale objeví se pouze tapeta, kurzor myši (muzu s ni hybat), ale nezobrazi se zadny ikony, nabidka start, nic... pak jsem zmacknul tesne po sobe alt+tab; ctrl + esc a nakonec alt+f4 a pak to vsechno naskocilo.. instaluju aviru...

tak na prvni scan co se provedl hned po instalaci to nic nenaslo...


Kdyz uz jsem tady, tak mam takovou mensi otazecku... kdyz si projizdel ty logy, nebyly tam jeste nejaky blbosti?

protoze obcas se mi stava, ze kdyz neco stahuju, tak se mi stahovani zniceho nic prerusi... rychlost stahovani postupne pomalu klesa smer nula, ale data nepribyvaji.. jednou se mi to streba 2 dny nestane a pak stahuju 200mb soubor treba az na popaty nebo obcas i hur

no smejdov tam bolo niekolko cast zmazal CF zvysok MBAM
testuj PC par dni, ak bude nejaky problem, hod log na preventivku

Za chvíli mi skonci test z Aviry... zatim ma 9 detekci

ok toto je od Aviry




Avira AntiVir Personal
Report file date: 8. prosince 2010 14:58

Scanning for 3130862 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : KL Intermoto
Computer name : NOTEBOOKMSI

Version information:
BUILD.DAT : 10.0.0.607 31826 Bytes 30.11.2010 19:17:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 30.11.2010 17:13:17
AVSCAN.DLL : 10.0.3.0 46440 Bytes 1.4.2010 11:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 30.11.2010 17:13:24
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.2.2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.1.2010 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.1.2010 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 5.3.2010 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.4.2010 17:13:29
VBASE006.VDF : 7.10.7.218 2294784 Bytes 2.6.2010 17:13:30
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.7.2010 17:13:32
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.9.2010 17:13:34
VBASE009.VDF : 7.10.13.80 2265600 Bytes 2.11.2010 17:13:35
VBASE010.VDF : 7.10.13.81 2048 Bytes 2.11.2010 17:13:35
VBASE011.VDF : 7.10.13.82 2048 Bytes 2.11.2010 17:13:35
VBASE012.VDF : 7.10.13.83 2048 Bytes 2.11.2010 17:13:35
VBASE013.VDF : 7.10.13.116 147968 Bytes 4.11.2010 17:13:35
VBASE014.VDF : 7.10.13.147 146944 Bytes 7.11.2010 17:13:35
VBASE015.VDF : 7.10.13.180 123904 Bytes 9.11.2010 17:13:36
VBASE016.VDF : 7.10.13.211 122368 Bytes 11.11.2010 17:13:36
VBASE017.VDF : 7.10.13.243 147456 Bytes 15.11.2010 17:13:36
VBASE018.VDF : 7.10.14.15 142848 Bytes 17.11.2010 17:13:36
VBASE019.VDF : 7.10.14.41 134144 Bytes 19.11.2010 17:13:36
VBASE020.VDF : 7.10.14.63 128000 Bytes 22.11.2010 17:13:36
VBASE021.VDF : 7.10.14.87 143872 Bytes 24.11.2010 17:13:36
VBASE022.VDF : 7.10.14.116 140800 Bytes 26.11.2010 17:13:36
VBASE023.VDF : 7.10.14.147 150528 Bytes 30.11.2010 17:16:23
VBASE024.VDF : 7.10.14.175 126464 Bytes 3.12.2010 13:54:33
VBASE025.VDF : 7.10.14.203 120320 Bytes 7.12.2010 13:54:33
VBASE026.VDF : 7.10.14.204 2048 Bytes 7.12.2010 13:54:33
VBASE027.VDF : 7.10.14.205 2048 Bytes 7.12.2010 13:54:33
VBASE028.VDF : 7.10.14.206 2048 Bytes 7.12.2010 13:54:33
VBASE029.VDF : 7.10.14.207 2048 Bytes 7.12.2010 13:54:33
VBASE030.VDF : 7.10.14.208 2048 Bytes 7.12.2010 13:54:33
VBASE031.VDF : 7.10.14.224 94720 Bytes 8.12.2010 13:54:34
Engineversion : 8.2.4.122
AEVDF.DLL : 8.1.2.1 106868 Bytes 30.11.2010 17:13:13
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 8.12.2010 13:54:49
AESCN.DLL : 8.1.7.2 127349 Bytes 30.11.2010 17:13:12
AESBX.DLL : 8.1.3.2 254324 Bytes 30.11.2010 17:13:12
AERDL.DLL : 8.1.9.2 635252 Bytes 30.11.2010 17:13:12
AEPACK.DLL : 8.2.4.1 512375 Bytes 8.12.2010 13:54:46
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 30.11.2010 17:13:11
AEHEUR.DLL : 8.1.2.54 3113335 Bytes 8.12.2010 13:54:43
AEHELP.DLL : 8.1.16.0 246136 Bytes 8.12.2010 13:54:36
AEGEN.DLL : 8.1.5.0 397685 Bytes 8.12.2010 13:54:36
AEEMU.DLL : 8.1.3.0 393589 Bytes 30.11.2010 17:13:06
AECORE.DLL : 8.1.19.0 196984 Bytes 8.12.2010 13:54:35
AEBB.DLL : 8.1.1.0 53618 Bytes 30.11.2010 17:13:05
AVWINLL.DLL : 10.0.0.0 19304 Bytes 30.11.2010 17:13:17
AVPREF.DLL : 10.0.0.0 44904 Bytes 30.11.2010 17:13:16
AVREP.DLL : 10.0.0.8 62209 Bytes 17.6.2010 13:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 30.11.2010 17:13:17
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 30.11.2010 17:13:17
AVARKT.DLL : 10.0.22.6 231784 Bytes 30.11.2010 17:13:14
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 30.11.2010 17:13:15
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.6.2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 30.11.2010 17:13:17
NETNT.DLL : 10.0.0.0 11624 Bytes 17.6.2010 13:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.1.2010 12:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 30.11.2010 17:13:38

Configuration settings for the scan:
Jobname.............................: Quick system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\quicksysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 8. prosince 2010 14:58

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'vssvc.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned
Scan process 'PMB.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'Acrotray.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'VMCService.exe' - '1' Module(s) have been scanned
Scan process 'UsbService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'TosBtSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'o2flash.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'cvpnd.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1734' files ).


Starting the file scan:

Begin scan in 'C:\Documents and Settings\KL Intermoto'
C:\Documents and Settings\KL Intermoto\Data aplikací\Sun\Java\Deployment\cache\6.0\46\254ef42e-42194246
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.I Java virus
--> CustomClass.class
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.I Java virus
--> evilPolicy.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2008-5353.SW exploit
--> dostuff.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.W Java virus
--> mosdef.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2008-5353.WA exploit
--> SiteError.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0094.B exploit
--> xmo.ser
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0094.A exploit
C:\Documents and Settings\KL Intermoto\Dokumenty\Downloads\Adobe_CS4_Master_Collection_Keygen.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Dldr.BZW Trojan
--> adobe-master-cs4-keygen.exe
[DETECTION] Is the TR/Dldr.BZW Trojan
C:\Documents and Settings\KL Intermoto\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache\f_000fc9
[DETECTION] Is the TR/Fraud.Gen Trojan
--> Object
[DETECTION] Is the TR/Fraud.Gen Trojan
Begin scan in 'C:\WINDOWS'
Begin scan in 'C:\Documents and Settings\All Users'
C:\Documents and Settings\All Users\Data aplikací\TmForever\Cache\3D1690B822C0DF1CEF2D66247FB26630_ChallengeMusics%5cskadforlife.mux
[DETECTION] Contains recognition pattern of the HTML/IFrame.C HTML script virus
Begin scan in 'C:\Program Files'

Beginning disinfection:
C:\Documents and Settings\All Users\Data aplikací\TmForever\Cache\3D1690B822C0DF1CEF2D66247FB26630_ChallengeMusics%5cskadforlife.mux
[DETECTION] Contains recognition pattern of the HTML/IFrame.C HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '49640ca2.qua'.
C:\Documents and Settings\KL Intermoto\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache\f_000fc9
[DETECTION] Is the TR/Fraud.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '51ec2360.qua'.
C:\Documents and Settings\KL Intermoto\Dokumenty\Downloads\Adobe_CS4_Master_Collection_Keygen.rar
[DETECTION] Is the TR/Dldr.BZW Trojan
[NOTE] The file was moved to the quarantine directory under the name '03f2798d.qua'.
C:\Documents and Settings\KL Intermoto\Data aplikací\Sun\Java\Deployment\cache\6.0\46\254ef42e-42194246
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0094.A exploit
[NOTE] The file was moved to the quarantine directory under the name '6598363c.qua'.


End of the scan: 8. prosince 2010 16:44
Used time: 1:45:24 Hour(s)

The scan has been done completely.

20574 Scanned directories
685226 Files were scanned
9 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
685217 Files not concerned
3955 Archives were scanned
0 Warnings
4 Notes

islo pravdepodobne o neaktivne virusy, ale naco ich skladovat v pocitaci
takze nateraz hotovo