VIRY.CZ

Dobrý den, AVG mi hlásí infekci Dropper.Generic2.CFAL v souboru c:\Windows\System32\autochk.exe Prosím o radu jak se toho zbavit. Log z RSIT je níže:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Adélka at 2010-12-11 13:53:22
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 79 GB (55%) free of 143 GB
Total RAM: 1015 MB (16% free)

HijackThis download failed

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\User_Feed_Synchronization-{6DADDB75-16F7-42CB-A3E7-C0203B12415B}.job
C:\windows\tasks\User_Feed_Synchronization-{BD17606F-889E-43CA-B2A3-993BD05FEAD5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-04-09 688128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-11-04 2731360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1acb83b-3713-4784-b2b3-64c6d06565e9}]
SoftGate.DownloadManager.IE.DownloadManagerPlugin - C:\windows\system32\mscoree.dll [2008-07-27 282112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyAs.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-10-25 2475336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-28 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-28 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce10bf86-da68-441e-91fa-38336363e3cd}]
Movier-media Toolbar - C:\Program Files\Movier-media\tbMov1.dll [2010-05-21 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\Dealio Toolbar\SearchSettings.dll [2009-03-30 1091584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-04-09 688128]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-10-25 2475336]
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyAs.dll [2009-12-31 2349080]
{ce10bf86-da68-441e-91fa-38336363e3cd} - Movier-media Toolbar - C:\Program Files\Movier-media\tbMov1.dll [2010-05-21 2515552]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-28 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-05-22 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-05-22 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-05-22 133656]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-18 178712]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2007-05-08 331552]
"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1045800]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-04-21 197904]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 148888]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-11-07 177456]
"HP Software Update"=c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"SearchSettings"=C:\Program Files\Dealio Toolbar\SearchSettings.exe [2009-03-30 970240]
"PAC207_Monitor"=C:\windows\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-10-22 2745696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... er=9.0.872 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-18 2289664]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"ares"=C:\Program Files\Ares\Ares.exe [2010-02-08 1015808]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-09-02 13351304]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

C:\Users\Adélka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\windows\system32\DeviceNP.dll [2007-06-08 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\windows\System32\Notepad.exe %1
.js - open - C:\windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-11 12:15:40 ----D---- C:\Program Files\trend micro
2010-12-11 12:15:39 ----D---- C:\rsit
2010-12-10 18:22:03 ----D---- C:\Users\Adélka\AppData\Roaming\AVG
2010-12-10 18:20:30 ----AD---- C:\ProgramData\TEMP
2010-12-10 17:59:47 ----D---- C:\Users\Adélka\AppData\Roaming\AVG10
2010-12-10 17:57:42 ----HD---- C:\ProgramData\Common Files
2010-12-10 17:57:18 ----D---- C:\ProgramData\AVG Security Toolbar
2010-12-10 17:55:34 ----D---- C:\windows\system32\drivers\AVG
2010-12-10 17:55:34 ----D---- C:\ProgramData\AVG10
2010-12-10 17:48:00 ----D---- C:\ProgramData\MFAData
2010-12-10 17:40:38 ----N---- C:\windows\system32\MpSigStub.exe
2010-12-10 00:14:49 ----A---- C:\windows\SWXCACLS.exe
2010-12-09 23:32:27 ----ASH---- C:\hiberfil.sys
2010-12-09 23:30:51 ----SD---- C:\ComboFix
2010-12-09 23:27:10 ----A---- C:\windows\ntbtlog.txt
2010-12-09 22:30:37 ----A---- C:\windows\zip.exe
2010-12-09 22:30:37 ----A---- C:\windows\SWSC.exe
2010-12-09 22:30:37 ----A---- C:\windows\SWREG.exe
2010-12-09 22:30:37 ----A---- C:\windows\sed.exe
2010-12-09 22:30:37 ----A---- C:\windows\PEV.exe
2010-12-09 22:30:37 ----A---- C:\windows\NIRCMD.exe
2010-12-09 22:30:37 ----A---- C:\windows\MBR.exe
2010-12-09 22:30:37 ----A---- C:\windows\grep.exe
2010-12-09 22:30:26 ----D---- C:\windows\ERDNT
2010-12-09 22:15:42 ----A---- C:\windows\myClean.bat
2010-12-09 21:24:16 ----D---- C:\Qoobox
2010-12-09 21:19:56 ----D---- C:\Users\Adélka\AppData\Roaming\SoftGate
2010-12-06 21:15:05 ----A---- C:\windows\system32\pncrt.dll
2010-12-06 21:13:05 ----D---- C:\Program Files\FreeTime
2010-12-06 20:28:37 ----D---- C:\zStore
2010-12-06 20:28:27 ----A---- C:\windows\system32\win-bash.exe
2010-12-06 20:28:25 ----A---- C:\windows\system32\mencoder31648.exe
2010-12-06 20:28:25 ----A---- C:\windows\system32\FLVLib.dll
2010-12-06 20:28:25 ----A---- C:\windows\system32\flvbind.exe
2010-12-06 20:28:24 ----A---- C:\windows\system32\ffmpeg25150.exe
2010-12-06 20:28:24 ----A---- C:\windows\system32\ffmpeg22900.exe
2010-12-06 20:28:23 ----D---- C:\windows\system32\sntemp
2010-12-06 20:28:22 ----D---- C:\Program Files\AudVidder
2010-12-06 20:08:07 ----D---- C:\Program Files\Haali
2010-12-06 20:06:43 ----D---- C:\Program Files\Free Video Converter
2010-12-06 20:06:11 ----D---- C:\ProgramData\VideoConverter
2010-12-06 19:47:02 ----D---- C:\Program Files\Digiarty

======List of files/folders modified in the last 1 months======

2010-12-11 13:53:19 ----D---- C:\windows\Temp
2010-12-11 13:46:28 ----D---- C:\windows\Prefetch
2010-12-11 13:36:08 ----D---- C:\windows\System32
2010-12-11 13:36:06 ----A---- C:\windows\system32\rpcnetp.exe
2010-12-11 13:35:55 ----A---- C:\windows\system32\rpcnetp.dll
2010-12-11 13:35:55 ----A---- C:\windows\system32\rpcnet.dll
2010-12-11 12:15:40 ----RD---- C:\Program Files
2010-12-10 18:23:47 ----SD---- C:\windows\Downloaded Program Files
2010-12-10 18:20:30 ----HD---- C:\ProgramData
2010-12-10 18:20:17 ----D---- C:\Program Files\AVG
2010-12-10 18:01:57 ----SHD---- C:\windows\Installer
2010-12-10 17:56:41 ----D---- C:\windows\system32\drivers
2010-12-10 17:55:15 ----SHD---- C:\System Volume Information
2010-12-10 17:54:51 ----D---- C:\windows\winsxs
2010-12-10 00:16:08 ----D---- C:\Windows
2010-12-09 23:50:32 ----D---- C:\windows\Minidump
2010-12-09 22:15:25 ----D---- C:\ProgramData\SiteAdvisor
2010-12-09 22:13:04 ----D---- C:\windows\system32\catroot2
2010-12-09 22:12:29 ----D---- C:\ProgramData\McAfee
2010-12-09 22:12:29 ----D---- C:\Program Files\Common Files
2010-12-09 22:10:18 ----D---- C:\windows\inf
2010-12-09 22:10:18 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-12-09 22:01:27 ----D---- C:\ProgramData\avg9

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\drivers\iastor.sys [2008-04-15 312344]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2008-04-08 44944]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\windows\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\windows\System32\drivers\sfsync02.sys [2004-12-03 20544]
R1 Avgldx86;AVG AVI Loader Driver; C:\windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\windows\system32\DRIVERS\avgtdix.sys [2010-11-09 299984]
R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2009-01-03 165376]
R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2009-01-03 18048]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2008-04-24 309248]
R3 Afc;PPdus ASPI Shell; C:\windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 AVGIDSDriver;AVGIDSDriver; C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; C:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 27216]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl6.sys [2008-03-21 1207288]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\windows\system32\DRIVERS\e1e6032.sys [2007-05-24 223616]
R3 HBtnKey;HBtnKey; C:\windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2008-03-27 199472]
S0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\windows\System32\drivers\sfdrv01.sys [2005-03-03 48640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 catchme;catchme; \??\C:\Users\ADLKA~1\AppData\Local\Temp\catchme.sys []
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PAC207;PC Camer@; C:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 PROCEXP113;PROCEXP113; \??\C:\windows\system32\Drivers\PROCEXP113.SYS []
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2008-01-21 45624]
S3 WUDFRd;WUDFRd; C:\windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-18 354840]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-18 73728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\windows\system32\rpcnet.exe [2010-06-26 57752]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-04-16 165192]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-25 517448]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\Windows\system32\flcdlock.exe [2007-06-08 172131]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-13 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe []

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

ComboFix spuštěn dle instrukcí. Po zobrazení hlášky že soubor c:\Windows\System32\autochk.exe je infikován došlo po cca 5minutách k zobrazení modré obrazovky s hlášením že ve windows nastala chyba,došlo k restartu PC. po naběhnutí windows. Nebyl nikde nalezen soubor s Logem z ComboFix

Zkuste to ještě jednou, ale v nouz. režimu.

V nouzovém režimu se již log z ComboFix vytvořil. V průběhu testu ComboFiX se v pravém dolním rohu obrazovky zobrazilo výstražné hlášení že soubor NirCmd.cfxxe a soubor PEV.exe a PEV.cfxxe jsou poškozeny.

Log z ComboFix:

ComboFix 10-12-11.03 - Adélka 12.12.2010 14:04:47.2.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.420.1029.18.1015.554 [GMT 1:00]
Spuštěný z: c:\users\Adélka_2\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Předchozí spuštění --

c:\windows\System32\autochk.exe . . . je infikován!!

--------

c:\windows\System32\autochk.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-12 do 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-12 13:28 . 2010-12-12 13:28 -------- d-----w- c:\users\Adélka\AppData\Local\temp
2010-12-12 13:28 . 2010-12-12 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-12 13:28 . 2010-12-12 13:28 -------- d-----w- c:\users\Adélka_2\AppData\Local\temp
2010-12-11 11:15 . 2010-12-11 20:51 -------- d-----w- c:\program files\trend micro
2010-12-11 11:15 . 2010-12-11 12:54 -------- d-----w- C:\rsit
2010-12-10 18:46 . 2010-12-10 18:46 -------- d-----w- c:\users\Adélka_2\AppData\Roaming\AVG10
2010-12-10 16:59 . 2010-12-10 16:59 -------- d-----w- c:\users\Adélka\AppData\Roaming\AVG10
2010-12-10 16:57 . 2010-12-10 16:57 -------- d--h--w- c:\programdata\Common Files
2010-12-10 16:55 . 2010-12-11 20:06 -------- d-----w- c:\programdata\AVG10
2010-12-10 16:48 . 2010-12-10 16:55 -------- d-----w- c:\programdata\MFAData
2010-12-10 16:40 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6599EA22-990E-4817-9BA8-58EC0FAC950B}\mpengine.dll
2010-12-10 16:40 . 2010-10-19 09:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-09 21:15 . 2008-04-21 06:28 384 ----a-w- c:\windows\myClean.bat
2010-12-09 20:19 . 2010-12-09 20:19 -------- d-----w- c:\users\Adélka\AppData\Roaming\SoftGate
2010-12-06 20:13 . 2010-12-06 20:13 -------- d-----w- c:\program files\FreeTime
2010-12-06 19:28 . 2010-12-06 19:28 -------- d-----w- C:\zStore
2010-12-06 19:28 . 2006-03-06 08:38 801484 ----a-w- c:\windows\system32\win-bash.exe
2010-12-06 19:28 . 2010-09-08 08:54 14856192 ----a-w- c:\windows\system32\mencoder31648.exe
2010-12-06 19:28 . 2008-04-27 15:11 16384 ----a-w- c:\windows\system32\flvbind.exe
2010-12-06 19:28 . 2006-09-27 08:55 77824 ----a-w- c:\windows\system32\FLVLib.dll
2010-12-06 19:28 . 2010-09-21 07:45 10962944 ----a-w- c:\windows\system32\ffmpeg25150.exe
2010-12-06 19:28 . 2010-07-27 17:37 6569984 ----a-w- c:\windows\system32\ffmpeg22900.exe
2010-12-06 19:28 . 2010-12-06 19:28 -------- d-----w- c:\windows\system32\sntemp
2010-12-06 19:28 . 2010-12-06 19:28 -------- d-----w- c:\program files\AudVidder
2010-12-06 19:12 . 2010-12-06 19:12 -------- d-----w- c:\users\Adélka_2\AppData\Local\Video Converter
2010-12-06 19:08 . 2010-12-06 19:08 -------- d-----w- c:\users\Adélka\AppData\Local\Video Converter
2010-12-06 19:08 . 2010-12-06 19:08 -------- d-----w- c:\program files\Haali
2010-12-06 19:06 . 2010-12-06 19:16 -------- d-----w- c:\program files\Free Video Converter
2010-12-06 19:06 . 2010-12-06 19:06 -------- d-----w- c:\programdata\VideoConverter
2010-12-06 18:47 . 2010-12-06 18:47 -------- d-----w- c:\program files\Digiarty
2010-12-06 17:58 . 2010-12-06 17:58 -------- d-----w- c:\users\Adélka_2\AppData\Roaming\FLV Extract

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-12 12:57 . 2009-09-25 06:09 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-12-12 12:44 . 2009-09-25 06:13 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-12-12 12:44 . 2009-05-09 08:27 17408 ----a-w- c:\windows\system32\rpcnetp.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
"{ce10bf86-da68-441e-91fa-38336363e3cd}"= "c:\program files\Movier-media\tbMov1.dll" [2010-05-21 2515552]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-08 21:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1acb83b-3713-4784-b2b3-64c6d06565e9}]
2008-07-27 18:03 282112 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce10bf86-da68-441e-91fa-38336363e3cd}]
2010-05-21 08:57 2515552 ----a-w- c:\program files\Movier-media\tbMov1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
"{ce10bf86-da68-441e-91fa-38336363e3cd}"= "c:\program files\Movier-media\tbMov1.dll" [2010-05-21 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
"{CE10BF86-DA68-441E-91FA-38336363E3CD}"= "c:\program files\Movier-media\tbMov1.dll" [2010-05-21 2515552]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ares"="c:\program files\Ares\Ares.exe" [2010-02-08 1015808]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 133656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 148888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Ad‚lka_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\users\Ad‚lka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2005-9-9 2737288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-8-4 197904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 16:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R2 rpcnetp;rpcnetp;c:\windows\System32\rpcnetp.exe [2010-12-12 17408]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
R3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:56]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:56]

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{6DADDB75-16F7-42CB-A3E7-C0203B12415B}.job
- c:\windows\system32\msfeedssync.exe [2009-12-25 04:59]

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{BD17606F-889E-43CA-B2A3-993BD05FEAD5}.job
- c:\windows\system32\msfeedssync.exe [2009-12-25 04:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=14672&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: {{bb7f932c-881f-4b88-837d-cf84adff062b} - {707f6b7e-a2f2-490e-b857-38fcd1a2326b} - mscoree.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-eBay Icon - c:\users\Adélka\AppData\Roaming\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 14:28
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\users\Adélka\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5R7P4B84\skype.com\#ui

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-12-12 14:31:33
ComboFix-quarantined-files.txt 2010-12-12 13:31

Před spuštěním: Volných bajtů: 99 386 351 616
Po spuštění: Volných bajtů: 99 288 510 464

- - End Of File - - 8512650A073D2CC4B61CC8A6C2E3D384

1: Stáhněte přiložený soubor a rozbalte ho na plochu.

2. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\AskBarDis

Collect::
c:\users\Adélka\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5R7P4B84\skype.com\#ui

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-

FCopy::
c:\users\Adélka_2\Desktop\autochk.exe | c:\windows\System32\autochk.exe

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikionu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix spuštěný se pomocí skriptu proběhl až do konce, po restaru a znovu naběhnutí win se pokoušel vytvořit Log ele došlo k chybě ve win a restaru bez vytvoření logu. Po spuštění v nouzovém režimu se Log vytvořil. Upozornění na poškození souborů uvedených výše se opakovalo

Log:
ComboFix 10-12-11.06 - Adélka 12.12.2010 17:38:44.3.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.420.1029.18.1015.563 [GMT 1:00]
Spuštěný z: c:\users\Adélka_2\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-12 do 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-12 16:46 . 2010-12-12 16:46 -------- d-----w- c:\users\Adélka\AppData\Local\temp
2010-12-12 16:46 . 2010-12-12 16:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-12 16:46 . 2010-12-12 16:46 -------- d-----w- c:\users\Adélka_2\AppData\Local\temp
2010-12-12 16:11 . 2010-12-12 16:11 -------- d-----w- C:\found.000
2010-12-11 11:15 . 2010-12-11 20:51 -------- d-----w- c:\program files\trend micro
2010-12-11 11:15 . 2010-12-11 12:54 -------- d-----w- C:\rsit
2010-12-10 18:46 . 2010-12-10 18:46 -------- d-----w- c:\users\Adélka_2\AppData\Roaming\AVG10
2010-12-10 16:59 . 2010-12-10 16:59 -------- d-----w- c:\users\Adélka\AppData\Roaming\AVG10
2010-12-10 16:57 . 2010-12-10 16:57 -------- d--h--w- c:\programdata\Common Files
2010-12-10 16:55 . 2010-12-11 20:06 -------- d-----w- c:\programdata\AVG10
2010-12-10 16:48 . 2010-12-10 16:55 -------- d-----w- c:\programdata\MFAData
2010-12-10 16:40 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6599EA22-990E-4817-9BA8-58EC0FAC950B}\mpengine.dll
2010-12-10 16:40 . 2010-10-19 09:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-09 21:15 . 2008-04-21 06:28 384 ----a-w- c:\windows\myClean.bat
2010-12-09 20:19 . 2010-12-09 20:19 -------- d-----w- c:\users\Adélka\AppData\Roaming\SoftGate
2010-12-06 20:13 . 2010-12-06 20:13 -------- d-----w- c:\program files\FreeTime
2010-12-06 19:28 . 2010-12-06 19:28 -------- d-----w- C:\zStore
2010-12-06 19:28 . 2006-03-06 08:38 801484 ----a-w- c:\windows\system32\win-bash.exe
2010-12-06 19:28 . 2010-09-08 08:54 14856192 ----a-w- c:\windows\system32\mencoder31648.exe
2010-12-06 19:28 . 2008-04-27 15:11 16384 ----a-w- c:\windows\system32\flvbind.exe
2010-12-06 19:28 . 2006-09-27 08:55 77824 ----a-w- c:\windows\system32\FLVLib.dll
2010-12-06 19:28 . 2010-09-21 07:45 10962944 ----a-w- c:\windows\system32\ffmpeg25150.exe
2010-12-06 19:28 . 2010-07-27 17:37 6569984 ----a-w- c:\windows\system32\ffmpeg22900.exe
2010-12-06 19:28 . 2010-12-06 19:28 -------- d-----w- c:\windows\system32\sntemp
2010-12-06 19:28 . 2010-12-06 19:28 -------- d-----w- c:\program files\AudVidder
2010-12-06 19:12 . 2010-12-06 19:12 -------- d-----w- c:\users\Adélka_2\AppData\Local\Video Converter
2010-12-06 19:08 . 2010-12-06 19:08 -------- d-----w- c:\users\Adélka\AppData\Local\Video Converter
2010-12-06 19:08 . 2010-12-06 19:08 -------- d-----w- c:\program files\Haali
2010-12-06 19:06 . 2010-12-06 19:16 -------- d-----w- c:\program files\Free Video Converter
2010-12-06 19:06 . 2010-12-06 19:06 -------- d-----w- c:\programdata\VideoConverter
2010-12-06 18:47 . 2010-12-06 18:47 -------- d-----w- c:\program files\Digiarty
2010-12-06 17:58 . 2010-12-06 17:58 -------- d-----w- c:\users\Adélka_2\AppData\Roaming\FLV Extract

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-12 16:28 . 2009-09-25 06:09 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-12-12 16:28 . 2009-09-25 06:13 57752 ----a-w- c:\windows\system32\rpcnet.dll
2010-12-12 16:13 . 2009-05-09 08:27 17408 ----a-w- c:\windows\system32\rpcnetp.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
"{ce10bf86-da68-441e-91fa-38336363e3cd}"= "c:\program files\Movier-media\tbMov1.dll" [2010-05-21 2515552]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1acb83b-3713-4784-b2b3-64c6d06565e9}]
2008-07-27 18:03 282112 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce10bf86-da68-441e-91fa-38336363e3cd}]
2010-05-21 08:57 2515552 ----a-w- c:\program files\Movier-media\tbMov1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
"{ce10bf86-da68-441e-91fa-38336363e3cd}"= "c:\program files\Movier-media\tbMov1.dll" [2010-05-21 2515552]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
"{CE10BF86-DA68-441E-91FA-38336363E3CD}"= "c:\program files\Movier-media\tbMov1.dll" [2010-05-21 2515552]

[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]

[HKEY_CLASSES_ROOT\clsid\{ce10bf86-da68-441e-91fa-38336363e3cd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ares"="c:\program files\Ares\Ares.exe" [2010-02-08 1015808]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 133656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 148888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Ad‚lka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2005-9-9 2737288]

c:\users\Ad‚lka_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-8-4 197904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 16:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
R3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:56]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:56]

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{6DADDB75-16F7-42CB-A3E7-C0203B12415B}.job
- c:\windows\system32\msfeedssync.exe [2009-12-25 04:59]

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{BD17606F-889E-43CA-B2A3-993BD05FEAD5}.job
- c:\windows\system32\msfeedssync.exe [2009-12-25 04:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=14672&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: {{bb7f932c-881f-4b88-837d-cf84adff062b} - {707f6b7e-a2f2-490e-b857-38fcd1a2326b} - mscoree.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 17:46
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-12-12 17:49:11
ComboFix-quarantined-files.txt 2010-12-12 16:49
ComboFix2.txt 2010-12-12 13:31

Před spuštěním: Volných bajtů: 99 078 508 544
Po spuštění: Volných bajtů: 99 012 575 232

- - End Of File - - A79C87DDE17B5B04687B0414DFF01849

Log již vypadá čistý. Nastala nějaká změna? Pozn.: poškozené soubory patří ComboFixu.

Po kontrole AVG infekce Dropper.Generic2.CFAL v souboru c:\Windows\System32\autochk.exe již nebyla nalezena

PC by již měl být čistý.

Bezva moc děkuju za pomoc

Nemáte zač!