Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

injector.GT

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
m.leky
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 31 bře 2010 22:06

injector.GT

#1 Příspěvek od m.leky »

AVG objevilo Injector.Gt a nevi co s nim. Je mozne , ze tam je i neco vic.Prosim o kontrolu logu.Diky
Logfile of random's system information tool 1.06 (written by random/random)
Run by Filip at 2010-04-03 13:34:37
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 26 GB (29%) free of 89 GB
Total RAM: 2047 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:52, on 3.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\ASUS\EZVCR\Agent.exe
C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Documents and Settings\Filip\Desktop\RSIT.exe
C:\Program Files\trend micro\Filip.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/servle ... d=Symantec
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EzAgent] C:\Program Files\ASUS\EZVCR\Agent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GuideMenu] C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MultiFrame.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: IPSec Dial Client.lnk = C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{90B0EFA5-822E-4A93-AF18-CF16A8AC1FEB}: NameServer = 88.146.192.1,88.146.192.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{91D0DDBE-04D6-4572-8E8C-E0EEE1E32615}: NameServer = 88.146.192.1,88.146.192.9
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: winmm.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1ca8a37ccc1b844) (gupdate1ca8a37ccc1b844) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 14220 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-03-31 1602912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-04 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-05 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-03 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WEBIE.DLL [2008-01-17 315392]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-04 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-08-23 110592]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-20 7581696]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-07-20 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-08-06 573440]
"PowerForPhone"=C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe [2006-09-07 778240]
"ASUS Live Update"=C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2006-02-21 180224]
"ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2006-05-30 811008]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2005-10-17 987136]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-06-08 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
"ABLKSR"=C:\WINDOWS\ABLKSR\ABLKSR.exe [2006-01-02 61440]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-03-14 90112]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-08-02 802816]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-08-02 696320]
"EzAgent"=C:\Program Files\ASUS\EZVCR\Agent.exe [2006-07-26 122880]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-03 148888]
"GuideMenu"=C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe [2007-08-07 1282048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-31 2064224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09 26100520]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-02-08 95800]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-07 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
MultiFrame.lnk - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
IPSec Dial Client.lnk - C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-31 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\RealVNC\VNC4\vncviewer.exe"="C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:Run VNC Viewer"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Counter Strike\HLDS.EXE"="D:\Counter Strike\HLDS.EXE:*:Enabled:HLDS"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe"="C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe:*:Enabled:IreIke"
"C:\Program Files\CoSine Communications\IPSec Dial Client\ViewLog.exe"="C:\Program Files\CoSine Communications\IPSec Dial Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\Program Files\CoSine Communications\IPSec Dial Client\CmonApp.exe"="C:\Program Files\CoSine Communications\IPSec Dial Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\Program Files\CoSine Communications\IPSec Dial Client\Vpn.exe"="C:\Program Files\CoSine Communications\IPSec Dial Client\Vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe"="C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe:*:Enabled:IreIke"
"C:\Program Files\CoSine Communications\IPSec Dial Client\ViewLog.exe"="C:\Program Files\CoSine Communications\IPSec Dial Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\Program Files\CoSine Communications\IPSec Dial Client\CmonApp.exe"="C:\Program Files\CoSine Communications\IPSec Dial Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\Program Files\CoSine Communications\IPSec Dial Client\Vpn.exe"="C:\Program Files\CoSine Communications\IPSec Dial Client\Vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\Setup.exe


======List of files/folders created in the last 1 months======

2010-04-02 19:48:08 ----SHD---- C:\FOUND.003
2010-04-01 21:03:38 ----D---- C:\Program Files\Common Files\Skype
2010-03-31 22:39:11 ----D---- C:\Program Files\trend micro
2010-03-31 22:39:10 ----D---- C:\rsit
2010-03-31 18:26:52 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-03-31 18:26:42 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-03-31 18:26:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-03-31 18:26:16 ----D---- C:\WINDOWS\SxsCaPendDel
2010-03-25 08:49:02 ----D---- C:\Program Files\Common Files\PCSuite
2010-03-25 08:48:59 ----D---- C:\Program Files\Common Files\Nokia
2010-03-24 18:02:02 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2010-03-24 17:39:30 ----D---- C:\Config.Msi
2010-03-21 19:21:56 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-03-21 18:45:29 ----A---- C:\WINDOWS\system32\muweb.dll
2010-03-21 18:45:29 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-03-21 18:45:29 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-03-18 23:23:26 ----D---- C:\Documents and Settings\All Users\Application Data\Nokia
2010-03-18 21:49:18 ----D---- C:\Documents and Settings\Filip\Application Data\Nokia Ovi Suite
2010-03-18 21:37:49 ----HD---- C:\WINDOWS\$NtUninstallWudf01007$
2010-03-18 19:06:48 ----D---- C:\Documents and Settings\Filip\Application Data\Nokia
2010-03-18 19:04:42 ----D---- C:\Documents and Settings\Filip\Application Data\PC Suite
2010-03-18 19:04:42 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2010-03-18 19:00:38 ----D---- C:\Program Files\PC Connectivity Solution
2010-03-18 19:00:22 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2010-03-18 18:59:42 ----D---- C:\Program Files\Nokia
2010-03-18 18:59:42 ----D---- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
2010-03-18 18:31:40 ----D---- C:\Program Files\Microsoft Silverlight
2010-03-17 18:09:17 ----D---- C:\Documents and Settings\Filip\Application Data\Help
2010-03-17 17:58:19 ----A---- C:\WINDOWS\ModemLog_Standard 33600 bps Modem #2.txt
2010-03-16 14:18:30 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2010-03-16 14:17:38 ----D---- C:\Program Files\iPod
2010-03-16 14:17:35 ----D---- C:\Program Files\iTunes
2010-03-16 14:17:35 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-16 14:17:17 ----D---- C:\Program Files\Bonjour
2010-03-16 14:16:47 ----D---- C:\Program Files\QuickTime
2010-03-16 14:16:07 ----D---- C:\Program Files\Apple Software Update
2010-03-16 14:15:59 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2010-03-16 14:15:33 ----D---- C:\Program Files\Common Files\Apple
2010-03-16 14:15:33 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2010-03-14 22:57:05 ----HD---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-14 18:03:04 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-04 16:51:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-03-04 16:51:49 ----D---- C:\Program Files\Common Files\Adobe

======List of files/folders modified in the last 1 months======

2010-04-03 13:34:28 ----A---- C:\WINDOWS\TRNCOM.INI
2010-04-02 19:53:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-01 23:09:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-01 20:49:06 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2010-03-24 17:42:14 ----A---- C:\WINDOWS\win.ini
2010-03-18 21:38:06 ----A---- C:\WINDOWS\imsins.BAK
2010-03-17 17:55:22 ----A---- C:\WINDOWS\WirelessFTP.INI
2010-03-10 09:39:10 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-31 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-31 29512]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-31 242696]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 IPSECDRV;SafeNet IPSec Plugin; \??\C:\WINDOWS\system32\Drivers\IPSECDRV.sys []
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-16 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-12-13 21419]
R2 Crypto;Crypto; C:\WINDOWS\system32\drivers\Crypto.sys [2004-11-10 521786]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-08-02 12544]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-09-05 139604]
R3 DniVap;SafeNet WAN Miniport (VA); C:\WINDOWS\system32\DRIVERS\vap.sys [2001-12-14 36188]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2009-03-15 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 NETw3x32;Ovladač adaptéru Intel(R) PRO/Wireless 3945ABG pro Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-07-26 1707776]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-11-01 51584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-16 5888]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-08-06 980608]
R3 SynMini;USB2.0 1.3M WebCam; C:\WINDOWS\System32\Drivers\SynMini.sys [2006-08-08 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2006-08-08 7808]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-04-19 47488]
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-05-18 110976]
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-05-09 62848]
R3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-05-09 40192]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2007-01-26 223128]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ASAPIW2K;ASAPIW2K; \??\C:\WINDOWS\system32\Drivers\asapiW2k.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ipswuio;ipswuio; C:\WINDOWS\System32\DRIVERS\ipswuio.sys [2006-01-24 34944]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070308.001\symidsco.sys []
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 u3kmini;ASUS My Cinema-U3000 Mini; C:\WINDOWS\System32\Drivers\u3kmini.sys [2006-08-23 352000]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-31 308064]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-02 434176]
R2 IPSECMON;SafeNet Monitor Service; C:\Program Files\CoSine Communications\IPSec Dial Client\IPSecMon.exe [2005-02-24 65590]
R2 IREIKE;SafeNet IKE Service; C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe [2005-02-24 360498]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-03 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-20 143426]
R2 ProtexisLicensing;ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [2006-11-02 174656]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-02 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-08-02 937984]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-01 217600]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-06-14 61440]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S2 gupdate1ca8a37ccc1b844;Služba Google Update (gupdate1ca8a37ccc1b844); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-31 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-14 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: injector.GT

#2 Příspěvek od Unlimited_Killer »

Dobré odpoledne. :welcome:

1) ComboFix
  • Stáhněte a uložte na Plochu ComboFix.
  • Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
  • Spusťte ho s administrátorským oprávněním.
  • Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'.
  • Budete také dotázáni na instalaci konzole pro zotavení, taktéž klikněte na 'Ano'.
  • Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat.
  • Váš PC bude pravděpodobně restartován, tak se toho nelekněte.
  • Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
  • Po skončení skenu (či následném restartu) na Vás 'vypadne' log, který vkopírujete ve formě textu sem.
  • Pokud žádný log 'nevypadne', naleznete jej v umístění C:\ComboFix.txt
inactive
Nahoru
m.leky
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 31 bře 2010 22:06

Re: injector.GT

#3 Příspěvek od m.leky »

Dobré odpoledne.Tady to je
ComboFix 10-04-02.01 - Filip 03.04.2010 15:00:10.1.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2047.1558 [GMT 2:00]
Spuštěný z: c:\documents and settings\Filip\Desktop\ComboFix.exe
AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\AcAdProc.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-03 do 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-02 17:48 . 2010-04-02 17:48 -------- d-----w- C:\FOUND.003
2010-04-01 19:03 . 2010-04-01 19:03 -------- d-----w- c:\program files\Common Files\Skype
2010-03-31 20:39 . 2010-03-31 20:39 -------- d-----w- c:\program files\trend micro
2010-03-31 20:39 . 2010-03-31 20:39 -------- d-----w- C:\rsit
2010-03-31 19:14 . 2010-02-23 12:04 1664256 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-03-31 19:00 . 2010-03-31 19:00 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-31 19:00 . 2010-03-31 19:00 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-31 16:26 . 2010-03-31 16:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-31 16:26 . 2010-03-31 16:26 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-31 16:26 . 2010-03-31 16:26 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-31 16:26 . 2010-03-31 16:26 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-31 16:26 . 2010-03-31 16:26 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-31 16:26 . 2010-03-31 16:26 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-31 16:26 . 2010-03-31 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-03-31 16:26 . 2010-03-31 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-31 16:26 . 2010-03-31 16:26 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-25 06:49 . 2010-03-25 06:49 -------- d-----w- c:\program files\Common Files\PCSuite
2010-03-25 06:48 . 2010-03-25 06:49 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-25 06:48 . 2010-03-25 06:47 34701512 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_cze.exe
2010-03-25 06:47 . 2010-03-25 06:47 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-03-25 06:47 . 2010-03-25 06:47 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-03-25 06:47 . 2010-03-25 06:47 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-03-25 06:47 . 2010-03-25 06:47 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-03-24 16:02 . 2010-03-24 16:01 34557984 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_cze_web[1].exe
2010-03-24 16:02 . 2010-03-24 16:02 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe
2010-03-24 16:02 . 2010-03-24 16:02 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe
2010-03-24 16:02 . 2010-03-24 16:02 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-03-24 16:02 . 2010-03-24 16:02 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe
2010-03-24 16:02 . 2010-03-24 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-03-21 17:21 . 2010-03-21 17:21 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-21 16:45 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-21 16:45 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-18 21:23 . 2010-03-18 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-03-18 19:49 . 2010-03-18 19:49 -------- d-----w- c:\documents and settings\Filip\Application Data\Nokia Ovi Suite
2010-03-18 17:06 . 2010-03-18 17:06 -------- d-----w- c:\documents and settings\Filip\Application Data\Nokia
2010-03-18 17:04 . 2010-03-18 17:04 -------- d-----w- c:\documents and settings\Filip\Local Settings\Application Data\Nokia
2010-03-18 17:04 . 2010-03-18 17:04 -------- d-----w- c:\documents and settings\Filip\Application Data\PC Suite
2010-03-18 17:04 . 2010-03-18 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-03-18 17:04 . 2010-03-18 17:04 -------- d-----w- c:\documents and settings\Filip\Local Settings\Application Data\NokiaAccount
2010-03-18 17:00 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-18 17:00 . 2010-03-18 17:00 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-18 17:00 . 2009-12-30 09:30 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-03-18 17:00 . 2010-03-18 17:00 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-03-18 16:59 . 2010-03-18 17:00 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-03-18 16:59 . 2010-03-18 16:59 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-03-18 16:59 . 2010-03-18 16:59 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-03-18 16:59 . 2010-03-18 16:59 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-03-18 16:59 . 2010-03-18 16:59 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-03-18 16:59 . 2010-03-18 16:59 -------- d-----w- c:\program files\Nokia
2010-03-18 16:59 . 2010-03-18 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2010-03-18 16:59 . 2010-03-18 16:58 98366952 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_webinstaller_ALL[1].exe
2010-03-18 16:31 . 2010-03-18 16:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-18 07:04 . 2010-03-18 07:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-03-16 12:18 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-16 12:18 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-16 12:17 . 2010-03-16 12:17 -------- d-----w- c:\program files\iPod
2010-03-16 12:17 . 2010-03-16 12:17 -------- d-----w- c:\program files\iTunes
2010-03-16 12:17 . 2010-03-16 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-16 12:17 . 2010-03-16 12:17 -------- d-----w- c:\program files\Bonjour
2010-03-16 12:16 . 2010-03-16 12:16 -------- d-----w- c:\program files\QuickTime
2010-03-16 12:16 . 2010-03-16 12:16 -------- d-----w- c:\documents and settings\Filip\Local Settings\Application Data\Apple
2010-03-16 12:16 . 2010-03-16 12:16 -------- d-----w- c:\program files\Apple Software Update
2010-03-16 12:15 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-03-16 12:15 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-03-16 12:15 . 2010-03-16 12:15 -------- d-----w- c:\program files\Common Files\Apple
2010-03-16 12:15 . 2010-03-16 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-14 16:03 . 2010-02-12 09:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-14 07:51 . 2009-10-23 14:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-04 14:51 . 2010-03-04 14:51 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 19:10 . 2006-12-13 18:33 56720 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-18 19:38 . 2010-03-18 19:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-18 19:38 . 2010-03-18 19:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-03-03 12:52 . 2009-11-25 17:54 79488 ----a-w- c:\documents and settings\Filip\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-25 06:24 . 2006-09-18 08:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-15 16:41 . 2010-02-15 16:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-09 20:11 . 2008-01-17 16:33 1956072 ----a-w- c:\documents and settings\Filip\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-02-01 21:36 . 2009-11-04 19:25 152576 ----a-w- c:\documents and settings\Filip\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2007-04-25 07:49 . 2009-03-15 09:57 328 ------w- c:\program files\GuideMenuSetup.iss
2007-04-06 02:28 . 2009-03-15 09:59 1237 ------w- c:\program files\WinDVDSetup.iss
2009-10-01 19:50 . 2009-03-15 11:29 2984 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-03-15 11:29 . 2009-03-15 11:29 8 --sh--r- c:\windows\system32\A6646DFD4F.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 12:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-07 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-20 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-06 573440]
"PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone\PowerForPhone.exe" [2006-09-07 778240]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"EzAgent"="c:\program files\ASUS\EZVCR\Agent.exe" [2006-07-26 122880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-03 148888]
"GuideMenu"="c:\program files\Corel\Corel GuideMenu\GuideMenu.exe" [2007-08-07 1282048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MultiFrame.lnk - c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe [2006-12-13 491520]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
IPSec Dial Client.lnk - c:\program files\CoSine Communications\IPSec Dial Client\SafeCfg.exe [2007-2-1 69684]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-31 16:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CoSine Communications\\IPSec Dial Client\\IreIKE.exe"=
"c:\program files\CoSine Communications\IPSec Dial Client\ViewLog.exe"= c:\program files\CoSine Communications\IPSec Dial Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\CoSine Communications\IPSec Dial Client\CmonApp.exe"= c:\program files\CoSine Communications\IPSec Dial Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\CoSine Communications\IPSec Dial Client\Vpn.exe"= c:\program files\CoSine Communications\IPSec Dial Client\Vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc port
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [31.3.2010 18:26 52872]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.1.2007 17:46 642560]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31.3.2010 18:26 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31.3.2010 18:26 242696]
R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [1.2.2007 13:06 129592]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [31.3.2010 18:26 308064]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [1.2.2007 13:06 521786]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [1.2.2007 13:04 36188]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [8.8.2006 23:15 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [8.8.2006 23:15 7808]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [26.1.2007 17:49 223128]
S2 gupdate1ca8a37ccc1b844;Služba Google Update (gupdate1ca8a37ccc1b844);c:\program files\Google\Update\GoogleUpdate.exe [31.12.2009 17:39 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [31.3.2010 18:26 369920]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [13.12.2006 20:38 34944]
S3 u3kmini;ASUS My Cinema-U3000 Mini;c:\windows\system32\drivers\u3kmini.sys [29.1.2007 21:35 352000]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 15:39]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 15:39]

2010-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.symantec.com/techsupp/servlet/Produ ... d=Symantec
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
TCP: {90B0EFA5-822E-4A93-AF18-CF16A8AC1FEB} = 88.146.192.1,88.146.192.9
TCP: {91D0DDBE-04D6-4572-8E8C-E0EEE1E32615} = 88.146.192.1,88.146.192.9
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-LaunchList - c:\program files\Pinnacle\Studio 11\LaunchList2.exe
AddRemove-Ad-Aware SE Personal - c:\progra~1\LAVASOFT\AD-AWA~1\UNWISE.EXE
AddRemove-Web Translator - c:\documents and settings\Filip\Local Settings\Temporary Internet Files\UN32.EXE
AddRemove-ZoomPlayerLang - c:\program files\Zoom Player\Language\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 15:08
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A890808]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8a890808
\Driver\ACPI -> ACPI.sys @ 0xba697cb8
\Driver\atapi -> atapi.sys @ 0xba62cb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1880)
c:\windows\system32\wininet.dll

- - - - - - - > 'explorer.exe'(6088)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
c:\program files\CoSine Communications\IPSec Dial Client\IreIKE.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\ACEngSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-04-03 15:12:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-03 13:12

Před spuštěním: 27 512 340 480 bytes free
Po spuštění: Volných bajtů: 27 767 832 576

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 9A8587330F96B6BF84C427353471C06E
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: injector.GT

#4 Příspěvek od Unlimited_Killer »

Omlouvám se za prodlevu a pokračujeme. ↓

1) Skript do ComboFix-u
  • Otevřete si Poznámkový blok [Start → Spustit → notepad → Enter].
  • Do něj vkopírujte následující text:

    Kód: Vybrat vše

    KillAll::

File::
c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk 
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\AppleSoftwareUpdate.job

Folder::
c:\documents and settings\All Users\Application Data\AVG Security Toolbar
c:\program files\AVG\AVG9\Toolbar

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-
[-HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"QuickTime Task"=-

Driver::
AVG Security Toolbar Service

Extra::

DDS::
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

Reboot::
  • Uložte tento soubor na Plochu pod jménem CFScript (koncovka .txt).
  • Přetáhněte tento soubor nad ComboFix a pusťte ho.
  • I tento soubor, i ComboFix musí být na Ploše!
    Obrázek
  • ComboFix se spustí a vykoná příkazy ze skriptu.
  • Počítač bude pravděpodobně restartován.
  • Po restartu na Vás vyskočí okno s logem, který mi vkopírujete sem ve formě textu.
2) SystemLook
  • Stáhněte SystemLook na Plochu.
  • Dvojklikem spusťte soubor SystemLook.exe
  • Do textového pole vkopírujte následující skript:

    Kód: Vybrat vše

    :dir
C:\FOUND.003
  • Nyní klikněte na 'Look'.
  • Poté se Vám otevře Poznámkový blok, jehož obsah vkopírujte sem do tématu.
3) Znáte následující port 4) Odinstalace virtuálních mechanik
  • Odinstalujte všechny virtuální mechaniky - například Alcohol, DeamonTools atd.
5) Odinstalace SPTD
  • Přejděte na tento odkaz.
  • Zde si stáhněte verzi SPTD dle Vašeho operačního systému (XP/Vista/W7 - 32/64bit).
  • Stažený soubor dvojklikem spusťte.
  • Klikněte na prostřední tlačítko 'Uninstall'.
  • Restartujte PC.
6) MBR.exe
  • Stáhněte MBR.exe na Plochu.
  • Proklikejte se na Start → Spustit [Win+R] a zadejte či vkopírujte následující text:

    Kód: Vybrat vše

    "%userprofile%\plocha\mbr" -t
  • Nyní stiskněte 'Enter'.
  • Na Ploše by se měl vytvořit soubor MBR.log, jehož obsah mi sem vkopírujete ve formě textu.
7) GMER
  • Stáhněte GMER, rozbalte ho na Plochu a dvojklikem ho spusťte.
  • Několik sekund bude skenovat.
  • Až sken dokončí, klikněte na 'Save' - to vygeneruje první log, který mi vložíte ve formě textu sem.
  • Poté vytvořte druhý log, přičemž se budete řídit tímto návodem - tento log mi sem taktéž vložíte.
8) Kde konkrétně Vám AVG infekci hlásí?
inactive
Nahoru
m.leky
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 31 bře 2010 22:06

Re: injector.GT

#5 Příspěvek od m.leky »

Po probehnuti scriptu v CF se PC sam restartoval,nicmene se nacetla jen plocha bez ikon.Pockal jsem az se Pc vypne sam.Pak jsem ho pustil,opet byl bez ikon tak jsem ho restartnul a ikony byly zpatky.Nicmene ted nevim jak dal a co mam vkopirovat. Po pretahnuti scriptu na CF jsem byl dvakrat dotazan ,ze je nova verze Cf a zda ji chci aktualizovat,dal jsem ze ano.Nevim jestli to souvisi, ale rano 4.4 jsme mel velke problemy Pc vubec spustit.Zasekl se vzdy v cerne obrazovce tesne pred uvitaci modrou obrazovkou Windowsu.Po nekolikate, a po te co jsem notebook odpojil fyzicky od pripojeni a vytahl napajeni konecne nabehl.Jeste jedna vec, pri spousteni toho scriptu v CF ma byt rezidentni stit vypnut nebo zapnut?
Tohle je z AVG .Ted jich uz je min.
"C:\WINDOWS\system32\wuauclt.exe (1728):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\WINDOWS\system32\wuauclt.exe (1728)";"Trojský kůň Injector.GT";""
"C:\WINDOWS\system32\winlogon.exe (1880):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\WINDOWS\system32\winlogon.exe (1880)";"Trojský kůň Injector.GT";""
"C:\WINDOWS\system32\taskmgr.exe (2892):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\WINDOWS\system32\taskmgr.exe (2892)";"Trojský kůň Injector.GT";""
"C:\WINDOWS\system32\svchost.exe (712):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\WINDOWS\system32\svchost.exe (712)";"Trojský kůň Injector.GT";""
"C:\WINDOWS\system32\svchost.exe (3832):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\WINDOWS\system32\svchost.exe (3832)";"Trojský kůň Injector.GT";""
"C:\WINDOWS\system32\svchost.exe (308):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\WINDOWS\system32\svchost.exe (308)";"Trojský kůň Injector.GT";""
"C:\WINDOWS\System32\svchost.exe (2588):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\WINDOWS\System32\svchost.exe (2588)";"Trojský kůň Injector.GT";""
"C:\WINDOWS\system32\spoolsv.exe (1660):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\WINDOWS\system32\spoolsv.exe (1660)";"Trojský kůň Injector.GT";""
"C:\WINDOWS\system32\rundll32.exe (676):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\WINDOWS\system32\rundll32.exe (676)";"Trojský kůň Injector.GT";""
"C:\WINDOWS\system32\lsass.exe (1940):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\WINDOWS\system32\lsass.exe (1940)";"Trojský kůň Injector.GT";""
"C:\WINDOWS\system32\ctfmon.exe (2964):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\WINDOWS\system32\ctfmon.exe (2964)";"Trojský kůň Injector.GT";""
"C:\WINDOWS\explorer.exe (4028):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\WINDOWS\explorer.exe (4028)";"Trojský kůň Injector.GT";""
"C:\WINDOWS\ehome\ehtray.exe (3820):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\WINDOWS\ehome\ehtray.exe (3820)";"Trojský kůň Injector.GT";""
"C:\Program Files\Wireless Console 2\wcourier.exe (976):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\Program Files\Wireless Console 2\wcourier.exe (976)";"Trojský kůň Injector.GT";""
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (964):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (964)";"Trojský kůň Injector.GT";""
"C:\Program Files\AVG\AVG9\avgui.exe (4040):\memory_10000000";"Trojský kůň Injector.GT";"Objekt je nedostupný."
"C:\Program Files\AVG\AVG9\avgui.exe (4040)";"Trojský kůň Injector.GT";""
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: injector.GT

#6 Příspěvek od Unlimited_Killer »

Zkuste najít log v C:\ComboFix1.txt - místo jedničky může být i jiné číslo, pokud nějaké bude, tak sem vkopírujte log s nejvyšším číslem.
inactive
Nahoru
m.leky
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 31 bře 2010 22:06

Re: injector.GT

#7 Příspěvek od m.leky »

Tady to je, melo by to byt ono.Mam pokracovat dal dle navodu tj. Systemlook?
Ten port 5900Vnc znam
ComboFix 10-04-03.02 - Filip 04.04.2010 21:09:09.2.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2047.1310 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Filip\Desktop\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Filip\Desktop\CFScript.txt
AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: injector.GT

#8 Příspěvek od Unlimited_Killer »

Evidentně dojel, ale CF spadl. Nejdříve otestujte všechny soubory, v nichž AVG hlásilo infekci na http://www.virustotal.com

Poté vložte odkazy na výsledky.
inactive
Nahoru
m.leky
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 31 bře 2010 22:06

Re: injector.GT

#9 Příspěvek od m.leky »

http://www.virustotal.com/cs/analisis/4 ... 1270371731
http://www.virustotal.com/cs/analisis/f ... 1270408879
http://www.virustotal.com/cs/analisis/2 ... 1270397123
http://www.virustotal.com/cs/analisis/1 ... 1270114314
http://www.virustotal.com/cs/analisis/d ... 1270392172
http://www.virustotal.com/cs/analisis/8 ... 1270065655
http://www.virustotal.com/cs/analisis/5 ... 1270289423
http://www.virustotal.com/cs/analisis/1 ... 1270389477
http://www.virustotal.com/cs/analisis/a ... 1269206502
http://www.virustotal.com/cs/analisis/3 ... 1268343485
http://www.virustotal.com/cs/analisis/9 ... 1247791840
http://www.virustotal.com/cs/analisis/4 ... 1270402515


Tento jsme vůbec nenašel,divný :???:
:\WINDOWS\system32\lsass.exe (1940):\memory_10000000;"Trojský kůň Injector.GT";"Objekt je nedostupný."
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: injector.GT

#10 Příspěvek od Unlimited_Killer »

Zkuste nyní spustit ComboFix, ale bez skriptu.
inactive
Nahoru
m.leky
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 31 bře 2010 22:06

Re: injector.GT

#11 Příspěvek od m.leky »

CF mi nejde vůbec spustit. :( .Objeví se pouze takový obdelníček , že se načítá, a tím to skončí,znova jsem si ho stáhnul se stejným výsledkem.Rezidentni štít AVG byl deaktivován
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: injector.GT

#12 Příspěvek od Unlimited_Killer »

No nevadí.

1) Malwarebytes' Anti-Malware
  • Stáhněte MbAM a postupujte podle popisu.
  • Zatím nic nemažte, MbAM má občas falešné detekce.
  • Poté mi sem vložte log ve formě textu.
inactive
Nahoru
m.leky
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 31 bře 2010 22:06

Re: injector.GT

#13 Příspěvek od m.leky »

Dnes ráno po spuštění počítače, až na podruhé s odpojenim od netu, na mě vyjelo tohle:
Jinak budu pokračovat MbAM
ComboFix 10-04-03.02 - Filip 04.04.2010 21:09:09.2.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2047.1310 [GMT 2:00]
Spuštěný z: c:\documents and settings\Filip\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Filip\Desktop\CFScript.txt
AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\AVG Security Toolbar
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Languages\en.ini
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Languages\languages.cfg
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\osd.xml
c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
c:\program files\AVG\AVG9\Toolbar
c:\program files\AVG\AVG9\Toolbar\Firefox\41_sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\42_sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\49_sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\autocomplete.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\avgapi.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils.xpt
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\notifications.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\sp.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgdatabaseversion.xpt
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgprogramversion.xpt
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgsearchratingsconfig.xpt
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.xpt
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgverdicts.xpt
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\crc.dat
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_26\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_26\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_26\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_26\chrome\content\Languages\en.ini
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_26\chrome\skin\searchProvider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_26\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_41\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_41\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_41\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_41\chrome\content\Languages\en.ini
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_41\chrome\skin\searchProvider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_41\chrome\skin\spYandex.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_41\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_42\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_42\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_42\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_42\chrome\content\Languages\en.ini
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_42\chrome\skin\searchProvider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_42\chrome\skin\spGeneralSearch.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_42\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_49\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_49\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_49\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_49\chrome\content\Languages\en.ini
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_49\chrome\skin\searchProvider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_49\chrome\skin\spBaidu.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_49\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\channels.dat
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome.manifest
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\after_install.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\after_uninstall.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\autocomplete-popup.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\avg\avgtbapi.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\avg\customwrapper.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\avg\partFiles.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\avg\shield.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\avg\statusindicator.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\config.xml.old
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\contexthtml.xul
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\custom.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\ex\marquee.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\about.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_AB.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_ABSearch.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_arrow.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_bottom_shadow.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_confirm.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_confirmAVGSafe.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_confirmTbr.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_general.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_IDV.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_IDV1.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_IDV2.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_logo.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_protection.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_search.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_searchSearchBox.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_searchSearchBoxBaidu.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_searchSearchBoxBlank.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_SPupdate.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_SPupdateSearchBox.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_style.css
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_top_shadow.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\deletehistory_processing.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_config.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifier.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierBackground.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierBullet.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierClose.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierDown.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierDownActive.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierDownDisabled.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierIco.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierNext.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierNextActive.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierNextDisabled.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierPrevious.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierPreviousActive.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierPreviousDisabled.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierScrollbar.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierSettings.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierUp.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierUpActive.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierUpDisabled.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBAccess.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBCalc.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBExcel.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBExplorer.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBMediaPlayer.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBNotepad.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBOutlook.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBOutlookExpress.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBPaint.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBPowerPoint.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBWord.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!backgroundGrey.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!backgroundRed.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!bullet.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!close.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoiDNES.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoRead.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoRSS.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoSimple.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoUnread.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!logo.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!settings.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!tabHilighted.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_advanced.css
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_advanced.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_config.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_simple.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_askdialog.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_background.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_closedialog.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_checkboxdialog.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_icohelp.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_icoQuest.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_icoRisk.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_icoSafe.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_icoUnkn.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_loading.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_logo.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_main.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu1.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu2.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu3.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu4.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_style.css
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_arrow_gray.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_arrow_green.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_arrow_orange.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_arrow_red.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_arrow_yellow.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_gray.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_green.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_orange.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_red.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_yellow.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_background_top_gray.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_background_top_green.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_background_top_orange.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_background_top_red.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_background_top_yellow.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_blocked.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_gray.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_green.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_orange.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_red.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_yellow.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_border_top_gray.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_border_top_green.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_border_top_orange.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_border_top_red.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_border_top_yellow.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_caution.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_dangerous.html
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_icons_blocked.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_icons_caution.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_icons_close.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_icons_safe.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_icons_unknown.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_icons_warning.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_LS_Logo_Results.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_questionable.html
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_risky.html
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_safe.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_safe.html
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_unknown.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_unknown.html
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_waiting.html
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_warning.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome.htm.old
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_button.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_button_hilight.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_buttonHilight.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7footer.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7header.htm.old
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_poweredByBlank.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_poweredByYahoo.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tbapi.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\toolbarprotector_window.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\updater_error.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\updater_ok.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\updater_processing.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\htmlwindow.xul
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\imageButton.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\Languages\en.ini
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\Languages\en.ini.old
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\Languages\languages.cfg
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\bubbles.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\cache.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\cookie.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\directory.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\dns.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\dom.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\dragdrop.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\file.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\chevron.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\include.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\include_lite.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\loader.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\log.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\mutex.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\newtab.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\pass.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\prefs.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\privacy.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\refreshControl.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\registry.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\resources.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\searches.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\searchplugin.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\searchProvs.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\settings.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\splitter.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\stats.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\tabs.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\translation.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\update.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\updatecontrol.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\updateext.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\updater.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\updates.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\usefulbuttons.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\utils.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\visibility.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\wrapper.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\xml.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\xmlconfig.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\xmlitems.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libsex\mail.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libsex\mime.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libsex\pop3.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libsex\rss.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libsex\ticker.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libsex\xmlitemsex.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\overlay.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\overlay.xul
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\searchProviders.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\icons\default\htmlwindow.ico
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\contexthtml.css
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\dragdrop.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\emailchecker_icoEmail.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\emailchecker_icoEmailNew.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\gripper.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\chevron.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoAbout.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoAVGInfo.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoGoButtonBG.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoHomepage.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoIdentityGuard.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoNoProtection.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoOptions.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoProtection.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoProtectionLimited.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSS.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSSBlue.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSSGray.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSSGreen.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_D.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_Q.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_R.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_S.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_U.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_W.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoTrash.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBAccess.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBCalc.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBExcel.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBExplorer.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBMediaPlayer.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBNotepad.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBOutlook.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBOutlookExpress.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBPaint.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBPowerPoint.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBWord.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUpdate.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\logo.ico
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\logo.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\overlay.css
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\rssreader_!icoRead.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\rssreader_!icoUnread.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\Search_provider_drop.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\searchProvider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\searchProvider.png.old
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\settings_icon.ico
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\slider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spGeneralSearch.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spImages.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spLocal.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spShopping.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spVideo.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spWiki.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spYahoo.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spYahooBG.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spYahooBG_small.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\toolbarprotector_icon.ico
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\install.rdf
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\xpfunc.dll
c:\program files\AVG\AVG9\Toolbar\Firefox\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\sp.xml.old
c:\program files\AVG\AVG9\Toolbar\IE8Lib.dll
c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVG Security Toolbar Service


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-05 do 2010-04-05 )))))))))))))))))))))))))))))))
.

2010-04-04 23:11 . 2010-04-04 07:57 -------- d-----w- C:\32788R22FWJFW
2010-04-04 20:01 . 2010-04-04 20:01 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-03 22:16 . 2010-04-03 22:16 -------- d-----w- C:\FOUND.004
2010-04-02 17:48 . 2010-04-02 17:48 -------- d-----w- C:\FOUND.003
2010-04-01 19:03 . 2010-04-01 19:03 -------- d-----w- c:\program files\Common Files\Skype
2010-03-31 20:39 . 2010-03-31 20:39 -------- d-----w- c:\program files\trend micro
2010-03-31 20:39 . 2010-03-31 20:39 -------- d-----w- C:\rsit
2010-03-31 19:00 . 2010-03-31 19:00 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-31 19:00 . 2010-03-31 19:00 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-31 16:26 . 2010-03-31 16:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-31 16:26 . 2010-03-31 16:26 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-31 16:26 . 2010-03-31 16:26 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-31 16:26 . 2010-03-31 16:26 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-31 16:26 . 2010-03-31 16:26 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-31 16:26 . 2010-03-31 16:26 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-31 16:26 . 2010-03-31 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-31 16:26 . 2010-03-31 16:26 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-25 06:49 . 2010-03-25 06:49 -------- d-----w- c:\program files\Common Files\PCSuite
2010-03-25 06:48 . 2010-03-25 06:49 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-25 06:48 . 2010-03-25 06:47 34701512 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_cze.exe
2010-03-25 06:47 . 2010-03-25 06:47 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-03-25 06:47 . 2010-03-25 06:47 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-03-25 06:47 . 2010-03-25 06:47 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-03-25 06:47 . 2010-03-25 06:47 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-03-24 16:02 . 2010-03-24 16:01 34557984 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_cze_web[1].exe
2010-03-24 16:02 . 2010-03-24 16:02 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe
2010-03-24 16:02 . 2010-03-24 16:02 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe
2010-03-24 16:02 . 2010-03-24 16:02 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-03-24 16:02 . 2010-03-24 16:02 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe
2010-03-24 16:02 . 2010-03-24 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-03-21 17:21 . 2010-03-21 17:21 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-21 16:45 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-21 16:45 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-18 21:23 . 2010-03-18 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-03-18 19:49 . 2010-03-18 19:49 -------- d-----w- c:\documents and settings\Filip\Application Data\Nokia Ovi Suite
2010-03-18 17:06 . 2010-03-18 17:06 -------- d-----w- c:\documents and settings\Filip\Application Data\Nokia
2010-03-18 17:04 . 2010-03-18 17:04 -------- d-----w- c:\documents and settings\Filip\Local Settings\Application Data\Nokia
2010-03-18 17:04 . 2010-03-18 17:04 -------- d-----w- c:\documents and settings\Filip\Application Data\PC Suite
2010-03-18 17:04 . 2010-03-18 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-03-18 17:04 . 2010-03-18 17:04 -------- d-----w- c:\documents and settings\Filip\Local Settings\Application Data\NokiaAccount
2010-03-18 17:00 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-18 17:00 . 2010-03-18 17:00 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-18 17:00 . 2009-12-30 09:30 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-03-18 17:00 . 2010-03-18 17:00 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-03-18 16:59 . 2010-03-18 17:00 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-03-18 16:59 . 2010-03-18 16:59 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-03-18 16:59 . 2010-03-18 16:59 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-03-18 16:59 . 2010-03-18 16:59 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-03-18 16:59 . 2010-03-18 16:59 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-03-18 16:59 . 2010-03-18 16:59 -------- d-----w- c:\program files\Nokia
2010-03-18 16:59 . 2010-03-18 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2010-03-18 16:59 . 2010-03-18 16:58 98366952 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_webinstaller_ALL[1].exe
2010-03-18 16:31 . 2010-03-18 16:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-18 07:04 . 2010-03-18 07:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-03-16 12:18 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-16 12:18 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-16 12:17 . 2010-03-16 12:17 -------- d-----w- c:\program files\iPod
2010-03-16 12:17 . 2010-03-16 12:17 -------- d-----w- c:\program files\iTunes
2010-03-16 12:17 . 2010-03-16 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-16 12:17 . 2010-03-16 12:17 -------- d-----w- c:\program files\Bonjour
2010-03-16 12:16 . 2010-03-16 12:16 -------- d-----w- c:\program files\QuickTime
2010-03-16 12:16 . 2010-03-16 12:16 -------- d-----w- c:\documents and settings\Filip\Local Settings\Application Data\Apple
2010-03-16 12:16 . 2010-03-16 12:16 -------- d-----w- c:\program files\Apple Software Update
2010-03-16 12:15 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-03-16 12:15 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-03-16 12:15 . 2010-03-16 12:15 -------- d-----w- c:\program files\Common Files\Apple
2010-03-16 12:15 . 2010-03-16 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-14 16:03 . 2010-02-12 09:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-14 07:51 . 2009-10-23 14:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 19:10 . 2006-12-13 18:33 56720 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-18 19:38 . 2010-03-18 19:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-18 19:38 . 2010-03-18 19:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-03-04 14:51 . 2010-03-04 14:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-03 12:52 . 2009-11-25 17:54 79488 ----a-w- c:\documents and settings\Filip\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-25 06:24 . 2006-09-18 08:36 916480 ------w- c:\windows\system32\wininet.dll
2010-02-15 16:41 . 2010-02-15 16:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-09 20:11 . 2008-01-17 16:33 1956072 ----a-w- c:\documents and settings\Filip\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-02-01 21:36 . 2009-11-04 19:25 152576 ----a-w- c:\documents and settings\Filip\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2007-04-25 07:49 . 2009-03-15 09:57 328 ------w- c:\program files\GuideMenuSetup.iss
2007-04-06 02:28 . 2009-03-15 09:59 1237 ------w- c:\program files\WinDVDSetup.iss
2009-10-01 19:50 . 2009-03-15 11:29 2984 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-03-15 11:29 . 2009-03-15 11:29 8 --sh--r- c:\windows\system32\A6646DFD4F.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-04-03_13.08.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-05 06:34 . 2010-04-05 06:34 16384 c:\windows\temp\Perflib_Perfdata_6fc.dat
+ 2006-09-18 08:36 . 2010-04-04 22:49 53098 c:\windows\system32\perfc009.dat
- 2006-09-18 08:36 . 2010-04-03 13:01 53098 c:\windows\system32\perfc009.dat
+ 2006-09-18 08:36 . 2010-04-04 22:49 380684 c:\windows\system32\perfh009.dat
- 2006-09-18 08:36 . 2010-04-03 13:01 380684 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-20 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-06 573440]
"PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone\PowerForPhone.exe" [2006-09-07 778240]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"EzAgent"="c:\program files\ASUS\EZVCR\Agent.exe" [2006-07-26 122880]
"GuideMenu"="c:\program files\Corel\Corel GuideMenu\GuideMenu.exe" [2007-08-07 1282048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MultiFrame.lnk - c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe [2006-12-13 491520]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
IPSec Dial Client.lnk - c:\program files\CoSine Communications\IPSec Dial Client\SafeCfg.exe [2007-2-1 69684]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-31 16:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=c:\docume~1\Filip\LOCALS~1\Temp\bluj.bak 2nAKBMPANK

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CoSine Communications\\IPSec Dial Client\\IreIKE.exe"=
"c:\program files\CoSine Communications\IPSec Dial Client\ViewLog.exe"= c:\program files\CoSine Communications\IPSec Dial Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\CoSine Communications\IPSec Dial Client\CmonApp.exe"= c:\program files\CoSine Communications\IPSec Dial Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\CoSine Communications\IPSec Dial Client\Vpn.exe"= c:\program files\CoSine Communications\IPSec Dial Client\Vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc port
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [31.3.2010 18:26 52872]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.1.2007 17:46 642560]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31.3.2010 18:26 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31.3.2010 18:26 242696]
R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [1.2.2007 13:06 129592]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [31.3.2010 18:26 308064]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [1.2.2007 13:06 521786]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [1.2.2007 13:04 36188]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [8.8.2006 23:15 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [8.8.2006 23:15 7808]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [26.1.2007 17:49 223128]
S2 gupdate1ca8a37ccc1b844;Služba Google Update (gupdate1ca8a37ccc1b844);c:\program files\Google\Update\GoogleUpdate.exe [31.12.2009 17:39 133104]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [13.12.2006 20:38 34944]
S3 u3kmini;ASUS My Cinema-U3000 Mini;c:\windows\system32\drivers\u3kmini.sys [29.1.2007 21:35 352000]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.symantec.com/techsupp/servlet/Produ ... d=Symantec
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
TCP: {90B0EFA5-822E-4A93-AF18-CF16A8AC1FEB} = 88.146.192.1,88.146.192.9
TCP: {91D0DDBE-04D6-4572-8E8C-E0EEE1E32615} = 88.146.192.1,88.146.192.9
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-05 08:36
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A8905D0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8a8905d0
\Driver\ACPI -> ACPI.sys @ 0xba697cb8
\Driver\atapi -> atapi.sys @ 0xba62cb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1884)
c:\windows\system32\wininet.dll

- - - - - - - > 'explorer.exe'(4600)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
c:\program files\CoSine Communications\IPSec Dial Client\IreIKE.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Skype\Phone\Skype.exe
c:\windows\system32\dumprep.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-04-05 08:38:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-05 06:38
ComboFix2.txt 2010-04-03 13:12

Před spuštěním: 27 455 324 160 bytes free
Po spuštění: 27 186 987 008 bytes free

- - End Of File - - B5507BE6A325B3743D9F8A179BC5757E
Nahoru
m.leky
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 31 bře 2010 22:06

Re: injector.GT

#14 Příspěvek od m.leky »

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3955

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5.4.2010 10:02:44
mbam-log-2010-04-05 (10-02-44).txt

Typ skenu: Rychlý sken
Skenované objekty: 113451
Uplynulý čas: 3 minuta(y), 53 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: injector.GT

#15 Příspěvek od Unlimited_Killer »

Super, to je ono, ten log. Každopádně se nám zjevila pěkně zákeřná havěť. :D

1) DaonolFix
  • Stáhněte a uložte na Plochu DaonolFix.
  • Program spusťte dvojklikem na DaonolFix.exe
  • Otevře se černé okno, stiskněte číslo '1' a potvrďte stisknutím Enteru.
  • Program bude pracovat, nic nedělejte než svou práci dokončí.
  • Po dokončení se Vám ukáže (a bude uložen na Ploše) log s názvem DaonolFix.txt
    • Obsah tohoto logu mi sem ve formě textu vkopírujete.
inactive
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“