VIRY.CZ

Dobrý den,
program Superantispyware mi detekuje 4 trojské koně, není je však schopný odstranit. AVAST se mi zároveň nedaří zapnout. Prosím o kontrolu Logu, případně o radu. Děkuji.

Logfile of random's system information tool 1.09 (written by random/random)
Run by konik at 2012-10-09 12:56:42
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 886 MB (5%) free of 20 GB
Total RAM: 511 MB (19% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-682003330-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-682003330-839522115-1003.job
C:\WINDOWS\tasks\ReclaimerUpdateFiles_konik.job
C:\WINDOWS\tasks\ReclaimerUpdateXML_konik.job
C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_konik.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 20b08432-af07-4d75-a73b-50defbb593e0.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 2f1e9f2f-5576-4b8b-a1ee-29e0e6a3bf4d.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\konik\Data aplikací\Mozilla\Firefox\Profiles\ar4aqz0q.default

prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT17505 ... hSource=13"
prefs.js - "extensions.enabledItems" - "{A89AED22-9133-424c-88E7-C8235C5FF302}:0.9.1, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2, {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0, TFToolbarX@torrent-finder:1.2.5, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.278 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35]
"Description"=
"Path"=C:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647]
"Description"=12.0.1.647
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53]
"Description"=RealPlayer Download Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0]
"Description"=Rhapsody Control
"Path"=C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsjsrealplayerplugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
nprpplugin.dll
npwachk.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\konik\Data aplikací\Mozilla\Firefox\Profiles\ar4aqz0q.default\extensions\
LogMeInClient@logmein.com
{20a82645-c095-46ed-80e3-08825760534b}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{ba14329e-9550-4989-b3f2-9732e92d17cc}

C:\Documents and Settings\konik\Data aplikací\Mozilla\Firefox\Profiles\ar4aqz0q.default\searchplugins\
conduit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-06-03 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-09-10 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-07-05 4018888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-09-10 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-09-10 79856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_0.dll [2011-05-09 176936]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-05-04 311296]
"TkBellExe"=C:\Program Files\real\realplayer\update\realsched.exe [2012-06-03 296056]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"Anti Trojan Elite"=C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]
"byzjanpaxnod"=C:\Documents and Settings\konik\byzjanpaxnod.exe [2012-10-05 30720]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-10-04 4763008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_278_Plugin.exe [2012-10-04 690096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\hry\Age Of Empires II\empires2.exe"="D:\hry\Age Of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"G:\games\Call of Duty - portable\CoDMP.exe"="G:\games\Call of Duty - portable\CoDMP.exe:*:Enabled:CoDMP"
"D:\hry\quake\quake3.exe"="D:\hry\quake\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Games\World_of_Tanks_closed_Beta\WOTLauncher.exe"="C:\Games\World_of_Tanks_closed_Beta\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Games\World_of_Tanks_closed_Beta\WorldOfTanks.exe"="C:\Games\World_of_Tanks_closed_Beta\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Games\World_of_Tanks\WOTLauncher.exe"="C:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"D:\hry\World_of_Tanks\WOTLauncher.exe"="D:\hry\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2012-10-09 12:56:51 ----D---- C:\Program Files\trend micro
2012-10-09 12:56:42 ----D---- C:\rsit
2012-10-09 12:23:44 ----A---- C:\Documents and Settings\konik\Data aplikací\39.exe
2012-10-09 11:14:47 ----A---- C:\Documents and Settings\konik\Data aplikací\22.exe
2012-10-09 10:51:41 ----A---- C:\Documents and Settings\konik\Data aplikací\1D.exe
2012-10-09 10:28:44 ----A---- C:\Documents and Settings\konik\Data aplikací\1C.exe
2012-10-09 10:05:48 ----A---- C:\Documents and Settings\konik\Data aplikací\1B.exe
2012-10-08 17:06:35 ----A---- C:\Documents and Settings\konik\Data aplikací\45.exe
2012-10-08 14:09:29 ----A---- C:\Documents and Settings\konik\Data aplikací\3D.exe
2012-10-08 13:46:34 ----A---- C:\Documents and Settings\konik\Data aplikací\3C.exe
2012-10-08 13:00:33 ----A---- C:\Documents and Settings\konik\Data aplikací\3A.exe
2012-10-08 11:02:12 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-10-08 11:02:12 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-10-08 11:02:04 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-10-08 11:02:03 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-10-08 11:02:01 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-10-08 11:01:58 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-10-08 11:01:57 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-10-08 11:01:55 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-10-08 11:00:50 ----SHD---- C:\Config.Msi
2012-10-08 10:59:19 ----A---- C:\WINDOWS\avastSS.scr
2012-10-08 10:59:12 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-10-08 10:51:30 ----A---- C:\Documents and Settings\konik\Data aplikací\1A.exe
2012-10-08 10:19:44 ----A---- C:\Documents and Settings\konik\Data aplikací\51.exe
2012-10-08 10:01:55 ----D---- C:\Documents and Settings\konik\Data aplikací\SUPERAntiSpyware.com
2012-10-08 10:01:20 ----D---- C:\Program Files\SUPERAntiSpyware
2012-10-08 10:01:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2012-10-08 09:56:48 ----A---- C:\Documents and Settings\konik\Data aplikací\4F.exe
2012-10-08 09:33:30 ----A---- C:\Documents and Settings\konik\Data aplikací\47.exe
2012-10-08 09:10:27 ----A---- C:\Documents and Settings\konik\Data aplikací\43.exe
2012-10-08 08:47:29 ----A---- C:\Documents and Settings\konik\Data aplikací\42.exe
2012-10-08 08:24:34 ----A---- C:\Documents and Settings\konik\Data aplikací\41.exe
2012-10-08 07:36:12 ----A---- C:\Documents and Settings\konik\Data aplikací\38.exe
2012-10-08 07:23:38 ----A---- C:\Documents and Settings\konik\Data aplikací\37.exe
2012-10-08 05:25:00 ----A---- C:\Documents and Settings\konik\Data aplikací\32.exe
2012-10-08 05:02:00 ----A---- C:\Documents and Settings\konik\Data aplikací\31.exe
2012-10-08 04:39:01 ----A---- C:\Documents and Settings\konik\Data aplikací\30.exe
2012-10-08 04:15:45 ----A---- C:\Documents and Settings\konik\Data aplikací\2F.exe
2012-10-08 03:03:45 ----A---- C:\Documents and Settings\konik\Data aplikací\2A.exe
2012-10-08 02:44:13 ----A---- C:\Documents and Settings\konik\Data aplikací\29.exe
2012-10-08 02:10:08 ----A---- C:\Documents and Settings\konik\Data aplikací\28.exe
2012-10-08 01:42:03 ----A---- C:\Documents and Settings\konik\Data aplikací\27.exe
2012-10-07 15:11:14 ----A---- C:\Documents and Settings\konik\Data aplikací\E0.exe
2012-10-07 13:44:14 ----A---- C:\Documents and Settings\konik\Data aplikací\DD.exe
2012-10-07 12:41:34 ----A---- C:\Documents and Settings\konik\Data aplikací\DA.exe
2012-10-07 12:02:15 ----A---- C:\Documents and Settings\konik\Data aplikací\D7.exe
2012-10-07 11:24:37 ----A---- C:\Documents and Settings\konik\Data aplikací\8C.exe
2012-10-07 11:12:55 ----A---- C:\Documents and Settings\konik\Data aplikací\89.exe
2012-10-07 10:47:27 ----A---- C:\Documents and Settings\konik\Data aplikací\86.exe
2012-10-07 10:16:10 ----A---- C:\Documents and Settings\konik\Data aplikací\85.exe
2012-10-07 10:02:10 ----A---- C:\Documents and Settings\konik\Data aplikací\84.exe
2012-10-07 09:48:48 ----A---- C:\Documents and Settings\konik\Data aplikací\83.exe
2012-10-07 08:20:50 ----A---- C:\Documents and Settings\konik\Data aplikací\82.exe
2012-10-07 07:46:06 ----A---- C:\Documents and Settings\konik\Data aplikací\7F.exe
2012-10-07 06:45:54 ----A---- C:\Documents and Settings\konik\Data aplikací\7E.exe
2012-10-07 05:33:27 ----A---- C:\Documents and Settings\konik\Data aplikací\7D.exe
2012-10-07 05:00:53 ----A---- C:\Documents and Settings\konik\Data aplikací\7C.exe
2012-10-07 03:53:26 ----A---- C:\Documents and Settings\konik\Data aplikací\7A.exe
2012-10-07 03:18:52 ----A---- C:\Documents and Settings\konik\Data aplikací\79.exe
2012-10-07 02:46:36 ----A---- C:\Documents and Settings\konik\Data aplikací\78.exe
2012-10-07 02:32:36 ----A---- C:\Documents and Settings\konik\Data aplikací\77.exe
2012-10-07 02:10:32 ----A---- C:\Documents and Settings\konik\Data aplikací\76.exe
2012-10-07 01:48:20 ----A---- C:\Documents and Settings\konik\Data aplikací\75.exe
2012-10-07 01:26:19 ----A---- C:\Documents and Settings\konik\Data aplikací\74.exe
2012-10-07 01:04:21 ----A---- C:\Documents and Settings\konik\Data aplikací\73.exe
2012-10-07 00:42:23 ----A---- C:\Documents and Settings\konik\Data aplikací\72.exe
2012-10-07 00:20:21 ----A---- C:\Documents and Settings\konik\Data aplikací\71.exe
2012-10-06 23:57:53 ----A---- C:\Documents and Settings\konik\Data aplikací\70.exe
2012-10-06 23:22:36 ----A---- C:\Documents and Settings\konik\Data aplikací\6F.exe
2012-10-06 23:01:33 ----A---- C:\Documents and Settings\konik\Data aplikací\6E.exe
2012-10-06 22:30:52 ----A---- C:\Documents and Settings\konik\Data aplikací\6D.exe
2012-10-06 22:08:44 ----A---- C:\Documents and Settings\konik\Data aplikací\6C.exe
2012-10-06 21:48:02 ----A---- C:\Documents and Settings\konik\Data aplikací\6B.exe
2012-10-06 21:38:12 ----A---- C:\Documents and Settings\konik\Data aplikací\6A.exe
2012-10-06 21:13:31 ----A---- C:\Documents and Settings\konik\Data aplikací\67.exe
2012-10-06 20:49:43 ----A---- C:\Documents and Settings\konik\Data aplikací\66.exe
2012-10-06 20:11:14 ----A---- C:\Documents and Settings\konik\Data aplikací\62.exe
2012-10-06 19:42:51 ----A---- C:\Documents and Settings\konik\Data aplikací\61.exe
2012-10-06 19:01:03 ----A---- C:\Documents and Settings\konik\Data aplikací\55.exe
2012-10-06 18:38:14 ----A---- C:\Documents and Settings\konik\Data aplikací\54.exe
2012-10-06 17:51:40 ----A---- C:\Documents and Settings\konik\Data aplikací\52.exe
2012-10-06 17:29:35 ----A---- C:\Documents and Settings\konik\Data aplikací\36.exe
2012-10-05 11:11:15 ----A---- C:\Documents and Settings\konik\Data aplikací\40.exe
2012-10-05 10:24:33 ----A---- C:\Documents and Settings\konik\Data aplikací\3F.exe
2012-10-05 09:49:10 ----A---- C:\Documents and Settings\konik\Data aplikací\3E.exe
2012-10-05 09:36:44 ----A---- C:\Documents and Settings\konik\Data aplikací\3B.exe
2012-10-05 01:30:30 ----A---- C:\Documents and Settings\konik\Data aplikací\33.exe
2012-10-04 09:44:29 ----A---- C:\Documents and Settings\konik\Data aplikací\1.exe
2012-10-04 08:06:42 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2012-10-04 08:04:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-10-04 07:19:40 ----D---- C:\Program Files\Anti Trojan Elite
2012-10-04 07:15:10 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-10-03 14:45:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\clp
2012-10-03 02:12:02 ----A---- C:\Documents and Settings\konik\Data aplikací\35.exe
2012-10-03 01:51:26 ----A---- C:\Documents and Settings\konik\Data aplikací\34.exe
2012-10-03 01:29:54 ----A---- C:\Documents and Settings\konik\Data aplikací\2D.exe
2012-10-03 01:03:29 ----A---- C:\Documents and Settings\konik\Data aplikací\2C.exe
2012-10-03 00:41:33 ----A---- C:\Documents and Settings\konik\Data aplikací\24.exe
2012-10-03 00:02:30 ----A---- C:\Documents and Settings\konik\Data aplikací\23.exe
2012-10-02 22:57:23 ----D---- C:\Program Files\AVAST Software
2012-10-02 22:57:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2012-10-02 22:53:53 ----A---- C:\WINDOWS\system32\drivers\c450ec9a1eb1c16e.sys
2012-10-02 22:21:09 ----A---- C:\Documents and Settings\konik\Data aplikací\1E.exe
2012-10-02 21:57:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Systweak
2012-10-02 21:57:19 ----D---- C:\Program Files\Advanced System Protector
2012-10-02 21:57:19 ----A---- C:\WINDOWS\system32\sasnative32.exe
2012-10-02 21:55:36 ----D---- C:\Documents and Settings\konik\Data aplikací\Systweak
2012-10-02 21:54:54 ----A---- C:\WINDOWS\system32\roboot.exe
2012-10-02 21:54:38 ----D---- C:\Program Files\RegClean Pro
2012-10-02 21:30:05 ----A---- C:\Documents and Settings\konik\Data aplikací\2.exe
2012-10-02 21:22:27 ----A---- C:\Documents and Settings\konik\Data aplikací\2B.exe
2012-10-02 21:10:21 ----A---- C:\Documents and Settings\konik\Data aplikací\15.exe
2012-10-02 21:03:47 ----A---- C:\Documents and Settings\konik\Data aplikací\191.exe
2012-10-02 21:03:39 ----A---- C:\Documents and Settings\konik\Data aplikací\190.exe
2012-10-02 20:03:14 ----A---- C:\Documents and Settings\konik\Data aplikací\187.exe
2012-10-02 19:23:12 ----A---- C:\Documents and Settings\konik\Data aplikací\16A.exe
2012-10-02 19:23:05 ----A---- C:\Documents and Settings\konik\Data aplikací\169.exe
2012-10-02 18:58:05 ----A---- C:\Documents and Settings\konik\Data aplikací\168.exe
2012-10-02 18:58:02 ----A---- C:\Documents and Settings\konik\Data aplikací\167.exe
2012-10-02 16:01:41 ----A---- C:\Documents and Settings\konik\Data aplikací\15C.exe
2012-10-02 16:01:31 ----A---- C:\Documents and Settings\konik\Data aplikací\15B.exe
2012-10-02 15:31:10 ----A---- C:\Documents and Settings\konik\Data aplikací\153.exe
2012-10-02 15:31:10 ----A---- C:\Documents and Settings\konik\Data aplikací\152.exe
2012-10-02 15:01:20 ----A---- C:\Documents and Settings\konik\Data aplikací\14D.exe
2012-10-02 15:01:16 ----A---- C:\Documents and Settings\konik\Data aplikací\14B.exe
2012-10-02 14:57:33 ----D---- C:\Program Files\Common Files\Skype
2012-10-02 14:57:28 ----RD---- C:\Program Files\Skype
2012-10-02 14:51:40 ----A---- C:\Documents and Settings\konik\Data aplikací\11F.exe
2012-10-02 14:51:40 ----A---- C:\Documents and Settings\konik\Data aplikací\11E.exe
2012-09-25 08:24:37 ----A---- C:\WINDOWS\ModemLog_AnyDATA CDMA USB Modem (PID 6501) #4.txt
2012-09-13 01:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$
2012-09-10 21:10:27 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-09-10 21:10:26 ----A---- C:\WINDOWS\system32\javaws.exe
2012-09-10 21:10:26 ----A---- C:\WINDOWS\system32\javaw.exe
2012-09-10 21:10:26 ----A---- C:\WINDOWS\system32\java.exe
2012-09-10 21:07:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2012-09-10 08:45:29 ----D---- C:\Program Files\Conduit
2012-09-10 08:45:22 ----D---- C:\Program Files\BS_Player

======List of files/folders modified in the last 1 month======

2012-10-09 12:56:51 ----RD---- C:\Program Files
2012-10-09 12:56:26 ----A---- C:\WINDOWS\ModemLog_AnyDATA CDMA USB Modem (PID 6501).txt
2012-10-09 12:23:49 ----D---- C:\WINDOWS\Prefetch
2012-10-09 12:00:43 ----D---- C:\WINDOWS\Temp
2012-10-09 10:52:19 ----SD---- C:\WINDOWS\Tasks
2012-10-09 09:56:37 ----D---- C:\Documents and Settings\konik\Data aplikací\Skype
2012-10-09 09:53:53 ----A---- C:\WINDOWS\red_dialer.ini
2012-10-09 07:52:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-10-09 00:26:51 ----D---- C:\WINDOWS\system32\CatRoot2
2012-10-08 14:00:17 ----D---- C:\Program Files\O2 Mobilni internet
2012-10-08 11:02:12 ----D---- C:\WINDOWS\system32\drivers
2012-10-08 11:01:15 ----SHD---- C:\WINDOWS\Installer
2012-10-08 11:01:06 ----D---- C:\WINDOWS\WinSxS
2012-10-08 10:59:19 ----D---- C:\WINDOWS
2012-10-08 10:59:12 ----D---- C:\WINDOWS\system32
2012-10-05 18:47:23 ----HD---- C:\WINDOWS\inf
2012-10-04 08:43:27 ----D---- C:\WINDOWS\system32\CatRoot
2012-10-04 08:36:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-10-04 08:36:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-10-04 07:16:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-10-04 06:45:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-10-04 06:17:44 ----D---- C:\Program Files\Common Files
2012-10-02 21:08:28 ----D---- C:\WINDOWS\Minidump
2012-10-02 14:59:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-10-02 08:04:45 ----D---- C:\Documents and Settings\konik\Data aplikací\skypePM
2012-09-24 16:54:32 ----A---- C:\WINDOWS\ModemLog_AnyDATA CDMA USB Modem (PID 6501) #3.txt
2012-09-22 03:02:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-09-22 03:02:44 ----D---- C:\WINDOWS\system32\cs-cz
2012-09-22 03:02:43 ----D---- C:\Program Files\Internet Explorer
2012-09-21 23:11:33 ----HD---- C:\WINDOWS\$hf_mig$
2012-09-21 19:04:41 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-09-15 16:05:11 ----D---- C:\Documents and Settings\konik\Data aplikací\BSplayer
2012-09-15 11:37:13 ----D---- C:\Program Files\Mozilla Firefox
2012-09-13 01:10:37 ----A---- C:\WINDOWS\imsins.BAK
2012-09-13 01:05:32 ----A---- C:\WINDOWS\system32\MRT.exe
2012-09-10 21:11:59 ----D---- C:\Program Files\Common Files\Java
2012-09-10 21:10:00 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-09-10 21:09:48 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-08-21 25256]
S1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-08-21 35928]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-08-21 729752]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-08-21 355632]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-08-21 54232]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
S2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-08-21 97608]
S2 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 AVFSFilter;AVFSFilter; C:\WINDOWS\system32\DRIVERS\avfsfilter.sys []
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\konik\LOCALS~1\Temp\esihdrv.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-09-26 101376]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-09-10 153584]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
S2 gupdate1ca3000983db50;Služba Google Update (gupdate1ca3000983db50); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-07 133104]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-04 250288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-07 133104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-15 114144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

mas tam cele stado
stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

tak tady:

ComboFix 12-10-08.03 - konik 09.10.2012 13:49:39.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.167 [GMT 2:00]
Spuštěný z: c:\documents and settings\konik\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\konik\byzjanpaxnod.exe
c:\documents and settings\konik\Data aplikací\187.exe
c:\documents and settings\konik\Data aplikací\1A.exe
c:\documents and settings\konik\Data aplikací\1B.exe
c:\documents and settings\konik\Data aplikací\1C.exe
c:\documents and settings\konik\Data aplikací\1D.exe
c:\documents and settings\konik\Data aplikací\1E.exe
c:\documents and settings\konik\Data aplikací\2.exe
c:\documents and settings\konik\Data aplikací\22.exe
c:\documents and settings\konik\Data aplikací\23.exe
c:\documents and settings\konik\Data aplikací\27.exe
c:\documents and settings\konik\Data aplikací\28.exe
c:\documents and settings\konik\Data aplikací\29.exe
c:\documents and settings\konik\Data aplikací\2A.exe
c:\documents and settings\konik\Data aplikací\2B.exe
c:\documents and settings\konik\Data aplikací\2C.exe
c:\documents and settings\konik\Data aplikací\2F.exe
c:\documents and settings\konik\Data aplikací\30.exe
c:\documents and settings\konik\Data aplikací\31.exe
c:\documents and settings\konik\Data aplikací\32.exe
c:\documents and settings\konik\Data aplikací\33.exe
c:\documents and settings\konik\Data aplikací\34.exe
c:\documents and settings\konik\Data aplikací\35.exe
c:\documents and settings\konik\Data aplikací\36.exe
c:\documents and settings\konik\Data aplikací\37.exe
c:\documents and settings\konik\Data aplikací\38.exe
c:\documents and settings\konik\Data aplikací\39.exe
c:\documents and settings\konik\Data aplikací\3A.exe
c:\documents and settings\konik\Data aplikací\3B.exe
c:\documents and settings\konik\Data aplikací\3C.exe
c:\documents and settings\konik\Data aplikací\3D.exe
c:\documents and settings\konik\Data aplikací\3E.exe
c:\documents and settings\konik\Data aplikací\3F.exe
c:\documents and settings\konik\Data aplikací\40.exe
c:\documents and settings\konik\Data aplikací\41.exe
c:\documents and settings\konik\Data aplikací\42.exe
c:\documents and settings\konik\Data aplikací\43.exe
c:\documents and settings\konik\Data aplikací\45.exe
c:\documents and settings\konik\Data aplikací\47.exe
c:\documents and settings\konik\Data aplikací\4F.exe
c:\documents and settings\konik\Data aplikací\51.exe
c:\documents and settings\konik\Data aplikací\52.exe
c:\documents and settings\konik\Data aplikací\54.exe
c:\documents and settings\konik\Data aplikací\55.exe
c:\documents and settings\konik\Data aplikací\61.exe
c:\documents and settings\konik\Data aplikací\62.exe
c:\documents and settings\konik\Data aplikací\66.exe
c:\documents and settings\konik\Data aplikací\67.exe
c:\documents and settings\konik\Data aplikací\6A.exe
c:\documents and settings\konik\Data aplikací\6B.exe
c:\documents and settings\konik\Data aplikací\6C.exe
c:\documents and settings\konik\Data aplikací\6D.exe
c:\documents and settings\konik\Data aplikací\6E.exe
c:\documents and settings\konik\Data aplikací\6F.exe
c:\documents and settings\konik\Data aplikací\70.exe
c:\documents and settings\konik\Data aplikací\71.exe
c:\documents and settings\konik\Data aplikací\72.exe
c:\documents and settings\konik\Data aplikací\73.exe
c:\documents and settings\konik\Data aplikací\74.exe
c:\documents and settings\konik\Data aplikací\75.exe
c:\documents and settings\konik\Data aplikací\76.exe
c:\documents and settings\konik\Data aplikací\77.exe
c:\documents and settings\konik\Data aplikací\78.exe
c:\documents and settings\konik\Data aplikací\79.exe
c:\documents and settings\konik\Data aplikací\7A.exe
c:\documents and settings\konik\Data aplikací\7C.exe
c:\documents and settings\konik\Data aplikací\7D.exe
c:\documents and settings\konik\Data aplikací\7E.exe
c:\documents and settings\konik\Data aplikací\7F.exe
c:\documents and settings\konik\Data aplikací\82.exe
c:\documents and settings\konik\Data aplikací\83.exe
c:\documents and settings\konik\Data aplikací\84.exe
c:\documents and settings\konik\Data aplikací\85.exe
c:\documents and settings\konik\Data aplikací\86.exe
c:\documents and settings\konik\Data aplikací\89.exe
c:\documents and settings\konik\Data aplikací\8C.exe
c:\documents and settings\konik\Data aplikací\D7.exe
c:\documents and settings\konik\Data aplikací\DA.exe
c:\documents and settings\konik\Data aplikací\DD.exe
c:\documents and settings\konik\Data aplikací\E0.exe
c:\documents and settings\konik\qetnosopvyfy.exe
c:\program files\AdVantage
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc
c:\windows\daemon.dll
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\c450ec9a1eb1c16e.sys
c:\windows\system32\roboot.exe
c:\windows\system32\SETDCB.tmp
c:\windows\system32\SETDD0.tmp
c:\windows\system32\SETDD7.tmp
c:\windows\system32\SETE34.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_c450ec9a1eb1c16e
-------\Service_c450ec9a1eb1c16e
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-09 do 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 10:56 . 2012-10-09 10:56 -------- d-----w- c:\program files\trend micro
2012-10-09 10:56 . 2012-10-09 10:57 -------- d-----w- C:\rsit
2012-10-08 09:02 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-08 09:02 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-08 09:02 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-08 09:02 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-08 09:02 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-08 09:01 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-08 09:01 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-08 09:01 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-08 08:59 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-08 08:59 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-08 08:01 . 2012-10-08 08:01 -------- d-----w- c:\documents and settings\konik\Data aplikací\SUPERAntiSpyware.com
2012-10-08 08:01 . 2012-10-08 08:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-08 08:01 . 2012-10-08 08:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2012-10-06 08:05 . 2012-10-06 08:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\BS_Player
2012-10-04 07:44 . 2012-10-04 08:17 126976 ----a-w- c:\documents and settings\konik\Data aplikací\1.exe
2012-10-04 06:06 . 2012-10-04 06:06 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-10-04 06:04 . 2012-10-04 06:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2012-10-04 05:19 . 2012-10-04 06:12 -------- d-----w- c:\program files\Anti Trojan Elite
2012-10-04 05:15 . 2012-10-04 06:11 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-04 05:15 . 2012-10-04 06:11 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 12:45 . 2012-10-03 13:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\clp
2012-10-02 23:29 . 2012-10-02 23:29 397312 ----a-w- c:\documents and settings\konik\Data aplikací\2D.exe
2012-10-02 22:41 . 2012-10-02 22:41 397312 ----a-w- c:\documents and settings\konik\Data aplikací\24.exe
2012-10-02 20:57 . 2012-10-08 08:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-10-02 20:57 . 2012-10-08 08:56 -------- d-----w- c:\program files\AVAST Software
2012-10-02 19:57 . 2012-10-02 19:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Systweak
2012-10-02 19:57 . 2012-10-02 19:57 -------- d-----w- c:\program files\Advanced System Protector
2012-10-02 19:57 . 2012-07-24 21:33 17136 ----a-w- c:\windows\system32\sasnative32.exe
2012-10-02 19:55 . 2012-10-03 12:09 -------- d-----w- c:\documents and settings\konik\Data aplikací\Systweak
2012-10-02 19:54 . 2012-10-03 12:09 -------- d-----w- c:\program files\RegClean Pro
2012-10-02 19:10 . 2012-10-02 19:10 397312 ----a-w- c:\documents and settings\konik\Data aplikací\15.exe
2012-10-02 19:03 . 2012-10-02 19:03 37376 ----a-w- c:\documents and settings\konik\Data aplikací\191.exe
2012-10-02 19:03 . 2012-10-02 19:03 397312 ----a-w- c:\documents and settings\konik\Data aplikací\190.exe
2012-10-02 17:23 . 2012-10-02 17:23 397312 ----a-w- c:\documents and settings\konik\Data aplikací\16A.exe
2012-10-02 17:23 . 2012-10-02 17:23 397312 ----a-w- c:\documents and settings\konik\Data aplikací\169.exe
2012-10-02 16:58 . 2012-10-02 16:58 397312 ----a-w- c:\documents and settings\konik\Data aplikací\168.exe
2012-10-02 16:58 . 2012-10-02 16:58 397312 ----a-w- c:\documents and settings\konik\Data aplikací\167.exe
2012-10-02 14:01 . 2012-10-02 14:01 315392 ----a-w- c:\documents and settings\konik\Data aplikací\15C.exe
2012-10-02 14:01 . 2012-10-02 14:01 315392 ----a-w- c:\documents and settings\konik\Data aplikací\15B.exe
2012-10-02 13:31 . 2012-10-02 13:31 315392 ----a-w- c:\documents and settings\konik\Data aplikací\153.exe
2012-10-02 13:31 . 2012-10-02 13:31 315392 ----a-w- c:\documents and settings\konik\Data aplikací\152.exe
2012-10-02 13:01 . 2012-10-02 13:01 315392 ----a-w- c:\documents and settings\konik\Data aplikací\14D.exe
2012-10-02 13:01 . 2012-10-02 13:01 315392 ----a-w- c:\documents and settings\konik\Data aplikací\14B.exe
2012-10-02 12:57 . 2012-10-02 12:57 -------- d-----w- c:\program files\Common Files\Skype
2012-10-02 12:57 . 2012-10-02 12:59 -------- d-----r- c:\program files\Skype
2012-10-02 12:51 . 2012-10-02 12:51 315392 ----a-w- c:\documents and settings\konik\Data aplikací\11F.exe
2012-10-02 12:51 . 2012-10-02 12:51 315392 ----a-w- c:\documents and settings\konik\Data aplikací\11E.exe
2012-09-15 09:36 . 2012-09-15 09:36 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-10 19:10 . 2012-09-10 19:10 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-10 19:07 . 2012-09-10 19:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-09-10 06:45 . 2012-09-10 06:45 -------- d-----w- c:\program files\Conduit
2012-09-10 06:45 . 2012-10-04 05:08 -------- d-----w- c:\documents and settings\konik\Local Settings\Data aplikací\BS_Player
2012-09-10 06:45 . 2012-09-10 06:45 -------- d-----w- c:\documents and settings\konik\Local Settings\Data aplikací\Conduit
2012-09-10 06:45 . 2012-10-04 05:10 -------- d-----w- c:\program files\BS_Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-10 19:10 . 2010-12-29 18:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-10 19:10 . 2010-05-02 19:29 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-27 18:40 . 2004-08-17 13:49 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 18:40 . 2004-08-17 13:49 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 18:40 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 18:40 . 2004-08-17 13:49 17408 ------w- c:\windows\system32\corpol.dll
2012-09-15 09:36 . 2011-10-02 12:10 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-04 4763008]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-04 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-02 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\hry\\Age Of Empires II\\empires2.exe"=
"d:\\hry\\quake\\quake3.exe"=
"d:\\hry\\World_of_Tanks\\WOTLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [1.1.2008 18:42 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [1.1.2008 18:42 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.10.2012 11:02 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.10.2012 11:02 355632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11.7.2012 20:54 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.10.2012 11:02 21256]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [5.7.2012 18:41 3048136]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [7.12.2010 0:54 93440]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate1ca3000983db50;Služba Google Update (gupdate1ca3000983db50);c:\program files\Google\Update\GoogleUpdate.exe [7.9.2009 23:13 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4.10.2012 7:15 250288]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\konik\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\konik\LOCALS~1\Temp\CFcatchme.sys [?]
S3 esihdrv;esihdrv;\??\c:\docume~1\konik\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\konik\LOCALS~1\Temp\esihdrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7.9.2009 23:13 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [10.5.2012 17:35 114144]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSNX
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-04 06:11]
.
2012-10-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-10-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-08 09:12]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 21:13]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 21:13]
.
2012-10-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-682003330-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-10-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-682003330-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-10-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 20b08432-af07-4d75-a73b-50defbb593e0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-10-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2f1e9f2f-5576-4b8b-a1ee-29e0e6a3bf4d.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: Interfaces\{236C8DE3-F36E-4091-A2DE-1ED5091D884B}: NameServer = 160.218.161.60 160.218.167.5
FF - ProfilePath - c:\documents and settings\konik\Data aplikací\Mozilla\Firefox\Profiles\ar4aqz0q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-byzjanpaxnod - c:\documents and settings\konik\byzjanpaxnod.exe
HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-09 14:14
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Xghuhr = c:\documents and settings\konik\Data aplikac?\Xghuhr.exe
.
skenování skrytých souborů ...
.
.
c:\documents and settings\konik\Data aplikací\Xghuhr.exe 389120 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xghuhr"="c:\\Documents and Settings\\konik\\Data aplikací\\Xghuhr.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0010)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1624)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Celkový čas: 2012-10-09 14:28:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-09 12:27
.
Před spuštěním: 2 688 049 152
Po spuštění: 3 790 819 328
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 973A3EF8E5EEC4CECCEC2540FE75479E

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:
uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

prosím:

ComboFix 12-10-08.03 - konik 09.10.2012 15:10:41.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.291 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\konik\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\konik\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\konik\Data aplikací\11E.exe"
"c:\documents and settings\konik\Data aplikací\11F.exe"
"c:\documents and settings\konik\Data aplikací\14B.exe"
"c:\documents and settings\konik\Data aplikací\14D.exe"
"c:\documents and settings\konik\Data aplikací\15.exe"
"c:\documents and settings\konik\Data aplikací\152.exe"
"c:\documents and settings\konik\Data aplikací\153.exe"
"c:\documents and settings\konik\Data aplikací\15B.exe"
"c:\documents and settings\konik\Data aplikací\15C.exe"
"c:\documents and settings\konik\Data aplikací\167.exe"
"c:\documents and settings\konik\Data aplikací\168.exe"
"c:\documents and settings\konik\Data aplikací\169.exe"
"c:\documents and settings\konik\Data aplikací\16A.exe"
"c:\documents and settings\konik\Data aplikací\190.exe"
"c:\documents and settings\konik\Data aplikací\191.exe"
"c:\documents and settings\konik\Data aplikací\24.exe"
"c:\documents and settings\konik\Data aplikací\2D.exe"
"c:\documents and settings\konik\Data aplikací\Xghuhr.exe"

log nebol cely ,,,
prescanuj PC s MBAM - uplna kontrola - log vloz

ComboFix včera odblokoval při té první aplikaci AVAST, takže ten už mezitím něco zlikvidoval.
MBAM teď našel ještě 4 objekty:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.0.1400
www.malwarebytes.org

Verze databáze: v2012.10.10.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
konik :: GEORGE [administrátor]

Ochrana: Povolena

10.10.2012 10:15:38
mbam-log-2012-10-10 (13-26-36).txt

Typ: Úplná kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 322006
Uplynulý čas: 3 hodin, 10 minut, 18 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\System Volume Information\_restore{7635499E-094F-4589-A218-1990B2BACD83}\RP644\A0066272.exe (PUP.Adbundler) -> Žádná instrukce nebyla provedena.
D:\SWAT 4\Crack\rld-s4kg.EXE (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
D:\System Volume Information\_restore{0FA98E57-62C4-4AC2-9F2D-CFFC339A8A83}\RP365\A0032240.exe (PUP.RiskWareTool.CK) -> Žádná instrukce nebyla provedena.
D:\System Volume Information\_restore{234ACF03-9791-49BC-9928-28F82CF6FE92}\RP205\A0040732.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.

(konec)

najdene nechaj odstranit a napis, ci su este nejake problemy

vypadá to OK, díky moc.

za malo