VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

trojský kůň

https://forum.viry.cz:443/viewtopic.php?t=99972

Stránka 1 z 1

trojský kůň

Napsal: 11 dub 2010 16:51
od dave314
Dobrý den, mám zde trojského koně. Prosil bych o kontrolu logu:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ing. Popp at 2010-04-11 17:46:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (79%) free of 38 GB
Total RAM: 382 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:41, on 11.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seznam\Postak\Postak.exe
C:\program files\common files\system\ole db\msmdcb80server.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\program files\common files\system\ole db\msmdcb80server.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Ing. Popp\Local Settings\Temp\m.211.tmp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ing. Popp\Local Settings\Temporary Internet Files\Content.IE5\UHQR8XKZ\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Ing. Popp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [msdaenumServer2.81.1132.0] c:\program files\common files\system\ole db\msmdcb80server.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [msdatl3msdatl3] C:\program files\common files\system\ole db\msmdcb80server.exe
O4 - HKLM\..\RunServices: [Providermsdaorar] C:\program files\common files\system\ole db\msmdcb80server.exe
O4 - HKLM\..\RunServices: [Instructions] C:\DOCUME~1\ING~1.POP\LOCALS~1\Temp\Dočasný adresář 1 pro Instructions[1].zip\Instructions.exe
O4 - HKLM\..\RunServices: [MicrosoftMSORUN] C:\program files\common files\microsoft shared\msorun\officemicrosoft.exe
O4 - HKLM\..\RunServices: [WiSC10Soap] c:\program files\common files\mssoap\binaries\wisc10microsoft1.02.814.0.exe
O4 - HKLM\..\RunServices: [msmsgscmsgslang] c:\program files\messenger\msmsgsoperating.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [fheqt9uswos6] C:\Documents and Settings\Ing. Popp\Local Settings\Temp\m.211.tmp.exe
O4 - HKCU\..\Run: [SecurityCenter] C:\Documents and Settings\Ing. Popp\Data aplikací\Desktop Security 2010\securitycenter.exe
O4 - HKCU\..\Run: [Desktop Security 2010] C:\Documents and Settings\Ing. Popp\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9046382375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ED33FD9-1B0E-4086-B10D-0970330C6112}: NameServer = 81.90.168.3,212.96.161.2
O18 - Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - C:\DOCUME~1\ING~1.POP\LOCALS~1\Temp\14.tmp
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7093 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{027935E8-564B-40A6-BCF6-FE1E9B03572E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-28 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-28 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2009-09-23 1413272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - C:\Program Files\Seznam\Postak\SRank.dll [2007-05-16 269632]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-28 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SMail"=C:\Program Files\Seznam\Postak\Postak.exe [2008-02-21 453936]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"msdaenumServer2.81.1132.0"=c:\program files\common files\system\ole db\msmdcb80server.exe [2010-04-07 143872]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]
"msdatl3msdatl3"=C:\program files\common files\system\ole db\msmdcb80server.exe [2010-04-07 143872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-12 68856]
"fheqt9uswos6"=C:\Documents and Settings\Ing. Popp\Local Settings\Temp\m.211.tmp.exe [2010-04-09 4037120]
"SecurityCenter"=C:\Documents and Settings\Ing. Popp\Data aplikací\Desktop Security 2010\securitycenter.exe []
"Desktop Security 2010"=C:\Documents and Settings\Ing. Popp\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507a4326-f8fe-11dc-8050-0007e9c3b180}]
shell\Auto\command - E:\RECYCLER\usbdriver.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\usbdriver.exe


======List of files/folders created in the last 1 months======

2010-04-11 17:46:52 ----D---- C:\rsit
2010-04-10 11:28:09 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-04-10 11:21:03 ----D---- C:\Program Files\Alwil Software
2010-04-10 11:21:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-04-10 10:36:04 ----D---- C:\Program Files\Trend Micro
2010-04-08 07:44:49 ----D---- C:\Documents and Settings\Ing. Popp\Data aplikací\Desktop Security 2010

======List of files/folders modified in the last 1 months======

2010-04-11 17:47:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-04-11 17:46:57 ----D---- C:\WINDOWS\Prefetch
2010-04-11 17:46:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-04-11 17:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2010-04-11 17:46:24 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2010-04-11 17:43:56 ----D---- C:\WINDOWS\Temp
2010-04-11 17:43:21 ----D---- C:\Program Files\Movie Maker
2010-04-11 17:43:18 ----D---- C:\Program Files\NetMeeting
2010-04-11 17:43:11 ----D---- C:\Program Files\Online Services
2010-04-11 17:43:00 ----D---- C:\Program Files\DAEMON Tools Lite
2010-04-11 17:42:23 ----SD---- C:\WINDOWS\Tasks
2010-04-11 17:42:21 ----D---- C:\Program Files\Outlook Express
2010-04-11 17:40:30 ----D---- C:\Program Files\Messenger
2010-04-11 17:40:27 ----D---- C:\Program Files\Seznam.cz
2010-04-11 17:40:22 ----D---- C:\Program Files\Internet Explorer
2010-04-11 17:40:18 ----D---- C:\Program Files\totalcmd
2010-04-11 17:40:07 ----D---- C:\Program Files\Windows NT
2010-04-11 17:39:58 ----D---- C:\Program Files\Common Files\DESIGNER
2010-04-11 17:39:51 ----D---- C:\Program Files\Common Files\System
2010-04-11 17:39:48 ----D---- C:\Program Files\Windows Media Player
2010-04-11 17:37:59 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-11 12:26:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-11 12:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2010-04-11 12:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2010-04-11 12:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-04-11 12:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-04-11 12:23:48 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2010-04-11 12:23:48 ----D---- C:\WINDOWS\AppPatch
2010-04-11 12:23:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-04-11 12:23:40 ----D---- C:\WINDOWS\system32\it-IT
2010-04-11 12:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2010-04-11 12:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-04-11 12:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938829$
2010-04-11 12:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2010-04-11 12:23:18 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-04-11 12:23:17 ----D---- C:\WINDOWS\system32\es-ES
2010-04-11 12:23:15 ----D---- C:\WINDOWS\system32\bits
2010-04-11 12:23:13 ----D---- C:\WINDOWS\system32\da-DK
2010-04-11 12:23:12 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2010-04-11 12:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2010-04-11 12:22:50 ----HDC---- C:\WINDOWS\ie8
2010-04-11 12:22:38 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2010-04-11 12:22:19 ----D---- C:\WINDOWS\system32\sv-SE
2010-04-11 12:22:18 ----RSD---- C:\WINDOWS\Fonts
2010-04-11 12:22:14 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-04-11 12:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2010-04-11 12:21:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-04-11 12:21:46 ----D---- C:\WINDOWS\system32\el-GR
2010-04-11 12:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2010-04-11 12:21:39 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2010-04-11 12:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB920342$
2010-04-11 12:17:43 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-04-11 12:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2010-04-11 12:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2010-04-11 12:17:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-04-11 12:17:37 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-04-11 12:17:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-04-11 12:17:33 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2010-04-11 12:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-04-11 12:17:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-04-11 12:17:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-04-11 12:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-04-11 12:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-04-11 12:17:14 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2010-04-11 12:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2010-04-11 12:17:00 ----D---- C:\WINDOWS\system32\zh-HK
2010-04-11 12:16:59 ----D---- C:\WINDOWS\system32\en-US
2010-04-11 12:16:57 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-04-11 12:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2010-04-11 12:16:54 ----HDC---- C:\WINDOWS\$NtUninstallKB925876$
2010-04-11 12:16:52 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$
2010-04-11 12:16:47 ----D---- C:\WINDOWS\system32\npp
2010-04-11 12:16:46 ----D---- C:\WINDOWS\srchasst
2010-04-11 12:16:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-04-11 12:16:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-04-11 12:16:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-04-11 12:16:22 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-04-11 12:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-04-11 12:16:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-04-11 12:16:18 ----D---- C:\WINDOWS\system32\fr-FR
2010-04-11 12:16:18 ----D---- C:\WINDOWS\ime
2010-04-11 12:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2010-04-11 12:16:12 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2010-04-11 12:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2010-04-11 12:16:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2010-04-11 12:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-04-11 12:15:51 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2010-04-11 12:15:49 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2010-04-11 12:15:48 ----D---- C:\WINDOWS\system32\ko-KR
2010-04-11 12:15:46 ----D---- C:\WINDOWS\system32\zh-TW
2010-04-11 12:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2010-04-11 12:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2010-04-11 12:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-04-11 12:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-04-11 12:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2010-04-11 12:15:22 ----D---- C:\WINDOWS\system32\cs
2010-04-11 12:15:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2010-04-11 12:15:18 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2010-04-11 12:15:17 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-04-11 12:15:17 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2010-04-11 12:15:14 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2010-04-11 12:15:12 ----D---- C:\WINDOWS
2010-04-11 12:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2010-04-11 12:15:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-04-11 12:14:35 ----D---- C:\WINDOWS\system32\tr-TR
2010-04-11 12:14:34 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2010-04-11 12:14:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-04-11 12:14:26 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2010-04-11 12:13:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-04-11 12:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2010-04-11 12:13:57 ----D---- C:\WINDOWS\system32\XPSViewer
2010-04-11 12:13:44 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2010-04-11 12:13:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-04-11 12:13:32 ----D---- C:\WINDOWS\system32
2010-04-11 12:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2010-04-11 12:13:14 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2010-04-11 12:13:10 ----D---- C:\WINDOWS\system32\Setup
2010-04-11 12:13:06 ----D---- C:\WINDOWS\system32\wbem
2010-04-11 12:13:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2010-04-11 12:12:58 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-04-11 12:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-04-11 12:12:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-04-11 12:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB942840$
2010-04-11 12:11:20 ----HDC---- C:\WINDOWS\$NtUninstallKB902344$
2010-04-11 12:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-04-11 12:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2010-04-11 12:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2010-04-11 12:10:10 ----D---- C:\WINDOWS\twain_32
2010-04-11 12:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2010-04-11 12:09:33 ----D---- C:\WINDOWS\system32\nl-NL
2010-04-11 12:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2010-04-11 12:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-04-11 12:09:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2010-04-11 12:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-04-11 12:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-04-11 12:08:30 ----D---- C:\WINDOWS\system32\Com
2010-04-11 12:08:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2010-04-11 12:07:58 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2010-04-11 12:07:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2010-04-11 12:07:41 ----D---- C:\WINDOWS\system32\fi-FI
2010-04-11 12:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2010-04-11 12:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2010-04-11 12:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-04-11 12:06:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-04-11 12:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2010-04-11 12:06:34 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2010-04-11 12:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-04-11 12:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2010-04-11 12:06:09 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2010-04-11 12:06:00 ----D---- C:\WINDOWS\system32\drivers
2010-04-11 12:05:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2010-04-11 12:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-04-11 12:05:36 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2010-04-11 12:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-04-11 12:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2010-04-11 12:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2010-04-11 12:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2010-04-11 12:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2010-04-11 12:04:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-04-11 12:04:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2010-04-11 12:04:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-11 12:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB944533$
2010-04-11 12:03:04 ----HDC---- C:\WINDOWS\ie7
2010-04-11 12:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2010-04-11 12:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2010-04-11 12:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2010-04-11 12:01:46 ----D---- C:\WINDOWS\network diagnostic
2010-04-11 12:01:37 ----D---- C:\WINDOWS\system32\Restore
2010-04-11 12:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2010-04-11 12:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-04-11 12:00:27 ----D---- C:\WINDOWS\PeerNet
2010-04-11 12:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-04-11 12:00:04 ----D---- C:\WINDOWS\system32\cs-cz
2010-04-11 11:59:30 ----D---- C:\WINDOWS\Help
2010-04-11 11:59:20 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2010-04-11 11:58:05 ----D---- C:\WINDOWS\msagent
2010-04-11 11:57:59 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2010-04-11 11:57:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2010-04-11 11:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2010-04-11 11:57:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2010-04-11 11:57:11 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2010-04-11 11:55:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-04-11 11:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2010-04-11 11:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-04-11 11:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2010-04-11 11:54:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-04-11 11:54:22 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-04-11 11:54:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2010-04-11 11:54:03 ----D---- C:\WINDOWS\ehome
2010-04-11 11:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2010-04-11 11:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2010-04-11 11:53:21 ----D---- C:\WINDOWS\system32\usmt
2010-04-11 11:52:54 ----D---- C:\WINDOWS\system32\oobe
2010-04-11 11:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-04-11 11:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2010-04-11 11:52:29 ----D---- C:\WINDOWS\system32\inetsrv
2010-04-11 11:52:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-04-11 11:51:46 ----D---- C:\WINDOWS\system32\pt-BR
2010-04-11 11:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-04-11 11:51:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-04-11 11:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2010-04-11 11:51:24 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2010-04-11 11:50:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-04-11 11:50:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-04-11 11:50:36 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2010-04-11 11:50:19 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2010-04-11 11:50:14 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2010-04-11 11:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2010-04-11 11:50:07 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-04-11 11:50:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2010-04-11 11:49:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2010-04-11 11:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-04-11 11:49:38 ----HDC---- C:\WINDOWS\$NtUninstallKB941568$
2010-04-11 11:49:31 ----D---- C:\WINDOWS\system32\ar-SA
2010-04-11 11:49:30 ----D---- C:\WINDOWS\system32\nb-NO
2010-04-11 11:49:28 ----D---- C:\WINDOWS\system32\he-IL
2010-04-11 11:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2010-04-11 11:48:41 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2010-04-11 11:48:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-04-11 11:48:10 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2010-04-11 11:47:44 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2010-04-11 11:47:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-04-11 11:46:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-11 11:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2010-04-11 11:46:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2010-04-11 11:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2010-04-11 11:45:49 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-04-11 11:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2010-04-11 11:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2010-04-11 11:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2010-04-11 11:45:14 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2010-04-11 11:45:03 ----D---- C:\WINDOWS\system32\de-DE
2010-04-11 11:44:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-04-11 11:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-04-11 11:44:38 ----D---- C:\WINDOWS\system32\1029
2010-04-11 11:44:36 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2010-04-11 11:43:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-04-11 11:43:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-04-11 11:43:05 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2010-04-11 11:42:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2010-04-11 11:42:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-04-11 11:42:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-04-11 11:42:40 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2010-04-11 11:42:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-04-11 11:42:33 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2010-04-11 11:42:04 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2010-04-11 11:41:44 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2010-04-11 11:41:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2010-04-11 11:41:37 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2010-04-11 11:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-04-11 11:41:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2010-04-11 11:40:55 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2010-04-11 11:40:54 ----D---- C:\WINDOWS\system
2010-04-11 11:39:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2010-04-11 11:38:58 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-04-11 11:38:17 ----D---- C:\WINDOWS\system32\1033
2010-04-11 11:38:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2010-04-10 11:29:24 ----SHD---- C:\WINDOWS\Installer
2010-04-10 11:29:23 ----D---- C:\WINDOWS\WinSxS
2010-04-10 11:21:03 ----RD---- C:\Program Files
2010-04-06 11:25:05 ----HD---- C:\WINDOWS\inf
2010-04-06 11:23:38 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-28 10:32:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
R3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 act5dpxv;act5dpxv; C:\WINDOWS\system32\drivers\act5dpxv.sys []
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-04 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-04 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-04 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-04 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-04 22271]
S3 s3m;s3m; C:\WINDOWS\system32\DRIVERS\s3m.sys [2001-08-17 166720]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: trojský kůň

Napsal: 11 dub 2010 17:20
od Rudy
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Re: trojský kůň

Napsal: 11 dub 2010 17:58
od dave314
ComboFix 10-04-10.02 - Ing. Popp 11.04.2010 18:48:05.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.382.199 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ing. Popp\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-11 do 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-11 15:46 . 2010-04-11 15:47 -------- d-----w- C:\rsit
2010-04-10 09:29 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-10 09:29 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-10 09:29 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-10 09:29 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-10 09:29 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-10 09:29 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-10 09:29 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-10 09:28 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-10 09:28 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-10 09:21 . 2010-04-10 09:21 -------- d-----w- c:\program files\Alwil Software
2010-04-10 08:36 . 2010-04-10 08:36 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 15:43 . 2008-04-24 13:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-11 15:40 . 2009-04-26 14:18 -------- d-----w- c:\program files\Seznam.cz
2010-04-11 15:40 . 2008-03-07 14:33 -------- d-----w- c:\program files\totalcmd
2010-03-28 08:32 . 2001-10-25 14:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 08:32 . 2001-10-25 14:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-02-25 06:18 . 2004-08-17 15:49 916480 ----a-w- c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-12 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.4.2010 11:29 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.4.2010 11:29 19024]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.4.2008 15:54 717296]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [7.3.2008 1:31 166720]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-11 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-04-11 c:\windows\Tasks\User_Feed_Synchronization-{027935E8-564B-40A6-BCF6-FE1E9B03572E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: {5ED33FD9-1B0E-4086-B10D-0970330C6112} = 81.90.168.3,212.96.161.2
Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-SecurityCenter - c:\documents and settings\Ing. Popp\Data aplikací\Desktop Security 2010\securitycenter.exe
HKCU-Run-Desktop Security 2010 - c:\documents and settings\Ing. Popp\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe
AddRemove-Desktop Security 2010 - c:\documents and settings\Ing. Popp\Data aplikací\Desktop Security 2010\securityhelper.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 18:53
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-04-11 18:55:59
ComboFix-quarantined-files.txt 2010-04-11 16:55

Před spuštěním: Volných bajtů: 31 627 751 424
Po spuštění: Volných bajtů: 31 796 330 496

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4AFA0CD11E58FC4F73C1457D7F0C1FCC

Re: trojský kůň

Napsal: 11 dub 2010 18:40
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Collect::
C:\Documents and Settings\Ing. Popp\Local Settings\Temp\m.211.tmp.exe

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"fheqt9uswos6"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507a4326-f8fe-11dc-8050-0007e9c3b180}]

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Dále tyto soubory:
c:\program files\common files\system\ole db\msmdcb80server.exe
c:\program files\common files\mssoap\binaries\wisc10microsoft1.02.814.0.exe
C:\Documents and Settings\Ing. Popp\Data aplikací\Desktop Security 2010\securitycenter.exe
C:\program files\common files\microsoft shared\msorun\officemicrosoft.exe
otestujte online na www.virustotal.com . Oznamte výsledek.

Re: trojský kůň

Napsal: 11 dub 2010 19:20
od dave314
ComboFix se úspěšně spustil, ale ani jeden z těch 4 souborů jsem nenašel.

Re: trojský kůň

Napsal: 11 dub 2010 20:06
od Rudy
OK. Dejte nový log z RSIT.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz