VIRY.CZ

Ahoj, již nějakou dobu mi Spybot nachází cosi, co označuje jako trojáka a jmenuje se to Asta-Killer (možná se to píše jinak). Přestože to vždycky nechám odstranit, najde mi to znovu. Mohli byste mi pomoci to odstranit? Posílám log z RSITu.

Díky moc,
Lucka

P.S. Žádné jiné programy jako MBAM, CCleaner, Superantipyware, Spyware Terminator nic nanacházejí.



Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-04 18:24:03
Microsoft Windows XP Professional Service Pack 3
System drive F: has 7 GB (5%) free of 131 GB
Total RAM: 255 MB (11% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
F:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-12-02 1192960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - F:\Program Files\AVG\AVG8\avgssie.dll [2009-12-14 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - F:\PROGRA~1\ICQTOO~1\toolbaru.dll []
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - F:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-12-02 1192960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=F:\WINDOWS\SOUNDMAN.EXE [2002-06-18 46592]
"AtiPTA"=F:\WINDOWS\system32\atiptaxx.exe [2002-07-25 290816]
"WinFast Schedule"=F:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2002-09-05 147456]
"WinampAgent"=F:\Program Files\Winamp\winampa.exe [2006-06-21 35328]
"HP Software Update"=F:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"NeroFilterCheck"=F:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=F:\WINDOWS\system32\qttask.exe [2008-02-18 28672]
"GrooveMonitor"=F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SSBkgdUpdate"=F:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=F:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"AVG8_TRAY"=F:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-14 2043160]
"KernelFaultCheck"=F:\WINDOWS\system32\dumprep 0 -k []
"SpywareTerminator"=F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-09-21 2171904]
"WinFastDTV"=F:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2008-07-11 90112]
"ArcSoft Connection Service"=F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264]
"DWQueuedReporting"=F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2008-11-04 435096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=F:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"SpywareTerminatorUpdate"=F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-09-21 3055616]
"WinFast Schedule"=F:\Program Files\WinFast\WFDTV\WFWIZ.exe [2008-06-20 2887680]
"SUPERAntiSpyware"=F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2007-06-21 1318912]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup
Firewall Engine.lnk - F:\WINDOWS\system32\net.exe
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office10\OSA.EXE
SALAMAND.lnk - F:\Program Files\SALAMAND.EXE

F:\Documents and Settings\Administrator\Start Menu\Programs\Startup
OpenOffice.org 2.3.lnk - F:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
F:\WINDOWS\system32\avgrsstx.dll [2009-09-04 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
F:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\ICQLite\ICQLite.exe"="F:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"F:\Program Files\ICQ6\ICQ.exe"="F:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"F:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="F:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"F:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="F:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"F:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="F:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\Program Files\AVG\AVG8\avgupd.exe"="F:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"F:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe"="F:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe:*:Disabled:Sunbelt Kerio Personal Firewall 4 - GUI"
"F:\Program Files\Skype\Phone\Skype.exe"="F:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be91fbc6-0648-11de-8387-0020edb5044d}]
shell\AutoRun\command - opgde.exe
shell\open\command - opgde.exe


======List of files/folders created in the last 3 months======

2010-01-04 18:24:11 ----D---- F:\Program Files\trend micro
2010-01-04 18:24:03 ----D---- F:\rsit
2010-01-03 15:11:44 ----D---- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-03 15:09:46 ----D---- F:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-01-03 15:08:18 ----D---- F:\Program Files\Common Files\Wise Installation Wizard
2009-12-29 20:52:31 ----A---- F:\Program Files\RSIT.exe
2009-12-25 20:27:56 ----D---- F:\Comodo
2009-12-20 23:56:46 ----D---- F:\ab3b0497cee347c7670139bf
2009-12-16 17:52:02 ----D---- F:\Fotoalbum_Norbert
2009-12-13 15:17:15 ----D---- F:\Pohadky
2009-12-13 15:16:08 ----D---- F:\dieta - lepek
2009-12-12 18:32:01 ----D---- F:\Program Files\CCleaner
2009-12-12 18:17:01 ----A---- F:\Program Files\ccsetup226.exe
2009-12-09 19:44:06 ----HDC---- F:\WINDOWS\$NtUninstallKB970430$
2009-12-09 19:43:29 ----HDC---- F:\WINDOWS\$NtUninstallKB974318$
2009-12-09 19:36:41 ----HDC---- F:\WINDOWS\$NtUninstallKB973904$
2009-12-09 19:32:17 ----HDC---- F:\WINDOWS\$NtUninstallKB974392$
2009-12-09 19:31:50 ----HDC---- F:\WINDOWS\$NtUninstallKB971737$
2009-12-06 19:00:50 ----D---- F:\c27bbb9877a6143440b928
2009-12-02 19:00:47 ----D---- F:\68da2f040b2d6591f3
2009-11-29 19:00:53 ----D---- F:\70d4d4b2b13ebb3acc
2009-11-28 21:23:54 ----HDC---- F:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-28 21:21:47 ----HDC---- F:\WINDOWS\$NtUninstallKB973687$
2009-11-18 19:00:40 ----D---- F:\77aecc06d3fc1fd41a9fc1830b3c848b
2009-11-14 19:00:48 ----D---- F:\862d100794816d10fa45672d40bd76
2009-11-11 22:49:56 ----D---- F:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-11-11 22:49:32 ----D---- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-11 22:49:30 ----D---- F:\Program Files\Malwarebytes' Anti-Malware
2009-11-11 22:47:43 ----D---- F:\Program Files\SuperAntispyware
2009-11-11 22:47:30 ----D---- F:\Program Files\RSIT
2009-11-11 22:47:00 ----D---- F:\Program Files\MBAM
2009-11-11 00:01:24 ----HDC---- F:\WINDOWS\$NtUninstallKB969947$
2009-11-01 17:58:07 ----D---- F:\% fotky - dovolená 2008, 2009 Vláďa Kubát
2009-11-01 17:48:58 ----D---- F:\% fotky - album NKN
2009-10-31 18:45:51 ----N---- F:\WINDOWS\system32\SSRemove.Exe
2009-10-31 18:45:45 ----A---- F:\WINDOWS\system32\XRXS1LMK.DLL
2009-10-31 18:45:35 ----A---- F:\WINDOWS\system32\SSCoInst.exe
2009-10-31 18:45:34 ----A---- F:\WINDOWS\system32\SSCoInst.dll
2009-10-31 18:44:50 ----D---- F:\WINDOWS\Xerox
2009-10-22 00:46:48 ----D---- F:\Documents and Settings\Administrator\Application Data\CoSoSys
2009-10-20 19:59:43 ----A---- F:\WINDOWS\system32\ptpusb.dll
2009-10-20 19:59:41 ----A---- F:\WINDOWS\system32\ptpusd.dll
2009-10-17 21:17:32 ----D---- F:\493a100964db0199ace3
2009-10-16 06:38:17 ----HDC---- F:\WINDOWS\$NtUninstallKB969059$
2009-10-16 06:38:07 ----HDC---- F:\WINDOWS\$NtUninstallKB974112$
2009-10-16 06:37:59 ----HDC---- F:\WINDOWS\$NtUninstallKB975025$
2009-10-15 18:08:24 ----HDC---- F:\WINDOWS\$NtUninstallKB958869$
2009-10-15 18:07:23 ----HDC---- F:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 18:07:00 ----HDC---- F:\WINDOWS\$NtUninstallKB974571$
2009-10-15 18:02:00 ----HDC---- F:\WINDOWS\$NtUninstallKB975467$
2009-10-14 21:45:07 ----HDC---- F:\WINDOWS\$NtUninstallKB971486$
2009-10-13 22:15:22 ----D---- F:\9f620a992423cf13393a887ec3606431
2009-10-13 22:06:59 ----HDC---- F:\WINDOWS\$NtUninstallKB973525$
2009-10-13 20:41:50 ----D---- F:\Program Files\IrfanView42
2009-10-10 18:10:22 ----D---- F:\SW - DBVT dongl - ještě nepřekopírované na WDD
2009-10-10 18:09:39 ----A---- F:\WINDOWS\WFD_DrvVer.ini
2009-10-10 18:09:38 ----A---- F:\WINDOWS\WFD_FindDevID.ini
2009-10-10 18:09:37 ----A---- F:\WINDOWS\WFD_FindMceDev.ini
2009-10-10 18:08:34 ----A---- F:\WINDOWS\system32\Dvbpws.dll
2009-10-10 16:33:54 ----D---- F:\Documents and Settings\All Users\Application Data\ArcSoft
2009-10-10 16:33:43 ----A---- F:\WINDOWS\system32\unicows.dll
2009-10-10 16:33:42 ----D---- F:\Program Files\Common Files\ArcSoft
2009-10-10 16:32:37 ----D---- F:\Program Files\Common Files\Ulead Systems
2009-10-10 16:28:13 ----A---- F:\WINDOWS\system32\PsisDecd.dll
2009-10-10 16:09:22 ----D---- F:\WINDOWS\system32\WinFast
2009-10-10 16:09:17 ----D---- F:\Program Files\Leadtek Research Inc
2009-10-10 16:09:04 ----D---- F:\Documents and Settings\Administrator\Application Data\InstallShield

======List of files/folders modified in the last 3 months======

2010-01-04 18:24:11 ----RD---- F:\Program Files
2010-01-04 18:23:54 ----D---- F:\WINDOWS\Prefetch
2010-01-04 18:23:34 ----A---- F:\WINDOWS\WINCMD.INI
2010-01-04 17:54:11 ----D---- F:\Program Files\Mozilla Firefox
2010-01-04 17:52:35 ----D---- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-04 17:52:25 ----D---- F:\WINDOWS
2010-01-04 17:50:09 ----D---- F:\WINDOWS\Temp
2010-01-04 17:47:03 ----D---- F:\Program Files\Spyware Terminator
2010-01-04 17:47:03 ----D---- F:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-01-04 17:01:08 ----D---- F:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2010-01-04 16:08:02 ----D---- F:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2010-01-03 21:27:23 ----D---- F:\% Lucka na F
2010-01-03 18:41:43 ----N---- F:\WINDOWS\SchedLgU.Txt
2010-01-03 18:25:13 ----D---- F:\WINDOWS\system
2010-01-03 17:42:37 ----D---- F:\WINDOWS\system32\CatRoot2
2010-01-03 15:10:28 ----SHD---- F:\WINDOWS\Installer
2010-01-03 15:10:25 ----HD---- F:\Config.Msi
2010-01-03 15:08:18 ----D---- F:\Program Files\Common Files
2009-12-28 18:56:08 ----D---- F:\Documents and Settings\Administrator\Application Data\Skype
2009-12-28 17:23:14 ----D---- F:\Documents and Settings\Administrator\Application Data\skypePM
2009-12-25 21:30:05 ----D---- F:\_ vystup z FREEDOWNLOAD
2009-12-25 20:22:01 ----D---- F:\NKN
2009-12-24 12:11:48 ----A---- F:\WINDOWS\_ WDICT32.INI
2009-12-23 18:45:09 ----D---- F:\Documents and Settings\Administrator\Application Data\dvdcss
2009-12-22 11:36:46 ----D---- F:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-12-21 20:33:21 ----D---- F:\% Sandy na F
2009-12-13 10:10:48 ----D---- F:\WINDOWS\Debug
2009-12-13 10:10:40 ----D---- F:\WINDOWS\Minidump
2009-12-13 09:11:34 ----A---- F:\WINDOWS\CSTBox.INI
2009-12-10 20:25:21 ----D---- F:\Documents and Settings\Administrator\Application Data\gtk-2.0
2009-12-09 20:15:17 ----D---- F:\WINDOWS\system32
2009-12-09 20:01:16 ----D---- F:\WINDOWS\system32\drivers
2009-12-09 19:44:11 ----HD---- F:\WINDOWS\inf
2009-12-09 19:44:09 ----RSHDC---- F:\WINDOWS\system32\dllcache
2009-12-09 19:42:24 ----D---- F:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-12-09 19:36:35 ----HD---- F:\WINDOWS\$hf_mig$
2009-12-09 19:35:48 ----D---- F:\WINDOWS\system32\en-US
2009-12-09 19:35:48 ----D---- F:\Program Files\Internet Explorer
2009-12-09 19:35:31 ----D---- F:\WINDOWS\ie7updates
2009-12-01 21:06:19 ----A---- F:\WINDOWS\system32\MRT.exe
2009-11-28 21:17:17 ----D---- F:\WINDOWS\WinSxS
2009-11-06 17:37:29 ----D---- F:\WINDOWS\Help
2009-11-01 19:11:08 ----D---- F:\My Recorded Files - nexus radio
2009-10-31 20:35:47 ----D---- F:\WINDOWS\system32\CatRoot
2009-10-31 18:23:44 ----D---- F:\Program Files\xerox
2009-10-29 19:42:14 ----D---- F:\% fotky z Albanie 2009 vsechny
2009-10-29 08:46:59 ----A---- F:\WINDOWS\system32\wininet.dll
2009-10-29 08:46:59 ----A---- F:\WINDOWS\system32\webcheck.dll
2009-10-29 08:46:58 ----A---- F:\WINDOWS\system32\urlmon.dll
2009-10-29 08:46:58 ----A---- F:\WINDOWS\system32\url.dll
2009-10-29 08:46:58 ----A---- F:\WINDOWS\system32\pngfilt.dll
2009-10-29 08:46:58 ----A---- F:\WINDOWS\system32\occache.dll
2009-10-29 08:46:58 ----A---- F:\WINDOWS\system32\mstime.dll
2009-10-29 08:46:58 ----A---- F:\WINDOWS\system32\msrating.dll
2009-10-29 08:46:57 ----A---- F:\WINDOWS\system32\mshtmled.dll
2009-10-29 08:46:57 ----A---- F:\WINDOWS\system32\mshtml.dll
2009-10-29 08:46:55 ----A---- F:\WINDOWS\system32\msfeedsbs.dll
2009-10-29 08:46:55 ----A---- F:\WINDOWS\system32\msfeeds.dll
2009-10-29 08:46:55 ----A---- F:\WINDOWS\system32\jsproxy.dll
2009-10-29 08:46:54 ----A---- F:\WINDOWS\system32\iertutil.dll
2009-10-29 08:46:54 ----A---- F:\WINDOWS\system32\iernonce.dll
2009-10-29 08:46:54 ----A---- F:\WINDOWS\system32\ieframe.dll
2009-10-29 08:46:52 ----A---- F:\WINDOWS\system32\ieencode.dll
2009-10-29 08:46:52 ----A---- F:\WINDOWS\system32\iedkcs32.dll
2009-10-29 08:46:51 ----A---- F:\WINDOWS\system32\ieapfltr.dll
2009-10-29 08:46:51 ----A---- F:\WINDOWS\system32\ieaksie.dll
2009-10-29 08:46:51 ----A---- F:\WINDOWS\system32\ieakeng.dll
2009-10-29 08:46:51 ----A---- F:\WINDOWS\system32\icardie.dll
2009-10-29 08:46:51 ----A---- F:\WINDOWS\system32\extmgr.dll
2009-10-29 08:46:51 ----A---- F:\WINDOWS\system32\dxtrans.dll
2009-10-29 08:46:50 ----A---- F:\WINDOWS\system32\dxtmsft.dll
2009-10-29 08:46:50 ----A---- F:\WINDOWS\system32\corpol.dll
2009-10-29 08:46:50 ----A---- F:\WINDOWS\system32\advpack.dll
2009-10-28 16:07:15 ----N---- F:\WINDOWS\system32\tzchange.exe
2009-10-28 15:36:11 ----A---- F:\WINDOWS\system32\ieudinit.exe
2009-10-28 15:36:11 ----A---- F:\WINDOWS\system32\ie4uinit.exe
2009-10-28 09:36:42 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI
2009-10-28 07:52:46 ----A---- F:\WINDOWS\system32\ieakui.dll
2009-10-21 06:38:36 ----A---- F:\WINDOWS\system32\strmfilt.dll
2009-10-21 06:38:36 ----A---- F:\WINDOWS\system32\httpapi.dll
2009-10-19 22:12:13 ----RSD---- F:\WINDOWS\Fonts
2009-10-19 22:12:01 ----D---- F:\Program Files\Common Files\Microsoft Shared
2009-10-19 22:11:13 ----D---- F:\Program Files\Microsoft Works
2009-10-19 22:06:42 ----A---- F:\WINDOWS\win.ini
2009-10-19 22:06:41 ----D---- F:\Program Files\Common Files\System
2009-10-16 14:42:08 ----D---- F:\WINDOWS\Microsoft.NET
2009-10-16 14:42:00 ----RSD---- F:\WINDOWS\assembly
2009-10-15 14:56:23 ----HD---- F:\Program Files\InstallShield Installation Information
2009-10-13 11:30:16 ----A---- F:\WINDOWS\system32\oakley.dll
2009-10-12 14:38:19 ----A---- F:\WINDOWS\system32\rastls.dll
2009-10-12 14:38:18 ----A---- F:\WINDOWS\system32\raschap.dll
2009-10-11 11:57:11 ----D---- F:\Documents and Settings\Administrator\Application Data\ArcSoft
2009-10-10 16:29:57 ----D---- F:\Program Files\WinFast
2009-10-10 16:25:39 ----D---- F:\WINDOWS\system32\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; F:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; F:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-04 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; F:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-04 27784]
R1 fwdrv;Firewall Driver; F:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 274432]
R1 khips;Kerio HIPS Driver; F:\WINDOWS\system32\drivers\khips.sys [2005-12-15 81920]
R1 SASDIFSV;SASDIFSV; \??\F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\F:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\F:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 VIAPFD;VIAPFD; F:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R2 BT848;WinFast TV2000 XP WDM Video Capture; F:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
R2 DgiVecp;Team MFP Comm Driver; F:\WINDOWS\System32\Drivers\DgiVecp.sys [2009-06-15 40448]
R2 Hardlock;Hardlock; \??\F:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\F:\WINDOWS\system32\drivers\Haspnt.sys []
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; F:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; F:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); F:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-06-21 655596]
R3 ati2mtag;ati2mtag; F:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; F:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; F:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SASENUM;SASENUM; \??\F:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbhub;USB2 Enabled Hub; F:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; F:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; F:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 AF15BDA;WinFast DTV Dongle Gold BDA Filter; F:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-07-04 306816]
S3 CCDECODE;Closed Caption Decoder; F:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GT680x;BearPaw 2448TA Plus Usb Scanner; F:\WINDOWS\System32\Drivers\Gt680x.sys [2003-02-18 17504]
S3 HidUsb;Microsoft HID Class Driver; F:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MPE;BDA MPE Filter; F:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; F:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; F:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; F:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NFWVAD_ds2dhw;NFW Virtual Audio; F:\WINDOWS\system32\drivers\nfwvad.sys [2007-11-09 22368]
S3 SLIP;BDA Slip De-Framer; F:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; F:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndis;USB Remote NDIS Device Driver; F:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbaudio;USB Audio Driver (WDM); F:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; F:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; F:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; F:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; F:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; F:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; F:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; F:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; F:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056]
R2 avg8wd;AVG Free8 WatchDog; F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-04 297752]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; F:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe [2005-12-19 1368064]
R2 MDM;Machine Debug Manager; F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NMSAccessU;NMSAccessU; F:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 71096]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; F:\Program Files\Spyware Terminator\sp_rsser.exe [2009-09-21 487424]
R2 UleadBurningHelper;Ulead Burning Helper; F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; F:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; F:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; F:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Udělejte sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Tady je ten log z MBAM, "Adware.ADON", co to našlo, jsem vymazala až potom.


Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

10.1.2010 11:29:56
mbam-log-2010-01-10 (11-28-39).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 388491
Time elapsed: 3 hour(s), 32 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Documents and Settings\Administrator\Application Data\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe (Adware.ADON) -> No action taken.

Pokud je smazán, PC by měl být čistý. Kde byl trojan nalezen?

Ten posledni byl u aplikace eBay. Vtip je ale v tom, ze to nebyl ten Asta-killer, toho mi nachazel Spybot i po vycisteni MBAMem. Proto me zajimalo, jestli je to chyba ve Spybotu nebo tam nekde opravdu neco je...

Diky moc.

Spybot jako sw má už svá nejlepší léta za sebou. Dnes máme lepší antispywary, např Spyware terminator, Sperantispyware a pod.

Takže to jeho varování mám nechat být a dál se tím nezabývat? Je to falešná zpráva?

Pro všechny případu zkuste stáhnout a nainstalovat Superantispyware: http://www.stahuj.centrum.cz/utility_a_ ... tispyware/ , udělat sken a eventuální nálezy smazat.

Díky

Nemáte zač!