Nefunkční Windows SpaceCard, padající IE, VLC,...

Zpráva

La Défense · #1 Příspěvek od **La Défense** » 26 led 2012 20:40

Zdravím,
včera při prohlížení gelerie na stránkách (autobusy.org), vyskočila hláška od Residentního štítu AVG, že zabránil napadení. Přesunul jsem tedy do virového trezoru, avšak od té doby se počítač chová nestandartně. Při jeho spuštění, mi vyskočí chybná hláška o nemožnosti spuštění, nefunkčnosti Windows CardSpace (Tak nějak se to jmenuje, ještě jsem se s tím nesetkal.) Nejdou mi přehrávat videa ve VLC (zapne se a samo spadne, bez jakékoliv hlášky), IE dělá totéž (zapne se a o pár chvil spadne, bez hlášky), Firefox je jakštakš stabilní, a odpoledne mi nešel ani Salamander, zkrátka se nezapnul. Zdá se mi také, že chvilkama vynechává klávesnice, při psaní textu ve Wordu, jsem si několikrát všiml, že mi nezapsal slovo, jako by se na chvilku zasekl. Nejdříve jsem to přikládal svojí nepozornosti, ale pak mi to přišlo přece jen divné, píšu často a nestává se mi to. Prosím o radu.

Tohle mi vypsal AVG:
Test "Test celého počítače" byl dokončen.
Informace;"5"
Složky vybrané k testování:;"Test celého počítače"
Test zahájen:;"26. ledna 2012, 13:58:14"
Test dokončen:;"26. ledna 2012, 16:00:18 (2 hodin(a) 2 minut(a) 4 sekund(a))"
Celkem otestováno objektů:;"639380"
Uživatel:;"Admin"

Informace
;"Soubor";"Informace";"Výsledek"
;"C:\WINDOWS\_I\SP.XPSP2.CZ\wmp11-windowsxp-x86-CS-CZ.exe";"Soubor má poškozený digitální podpis, který vydal(a): Microsoft Corporation.";""
;"C:\WINDOWS\_I\SP.XPSP2.CZ\dotnetfx.exe";"Soubor má poškozený digitální podpis, který vydal(a): Microsoft Corporation.";""
;"C:\WINDOWS\_I\OFFICE2000\IE55SP2.CZ\PATCH\q828750.exe";"Soubor má poškozený digitální podpis, který vydal(a): Microsoft Corporation.";""
;"C:\WINDOWS\_I\OFFICE2000\IE55SP2.CZ\PATCH\q330994.exe";"Soubor má poškozený digitální podpis, který vydal(a): Microsoft Corporation.";""
;"C:\WINDOWS\_I\OFFICE2000\IE55SP2.CZ\ie5setup.exe";"Soubor má poškozený digitální podpis, který vydal(a): Microsoft Corporation (Europe).";""

A tady mám RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-01-26 20:37:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 406 GB (43%) free of 954 GB
Total RAM: 3053 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:58:02, on 26.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\VstaScan\VsAccess.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\_I\SALAM15\SALAMANDER.EXE
C:\Pernisovci\Martin\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/sm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PERNIS~1\Martin\MALWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [UIWatcher] C:\Pernisovci\Martin\Programy\Ashampoo UnInstaller 4\UIWatcher.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Umax VistaAccess.lnk = ?
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PERNIS~1\Martin\MALWAR~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PERNIS~1\Martin\MALWAR~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1793225500
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 3.13.0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\intelxpv_v103\wdm\STacSV.exe

--
End of file - 6715 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\bziknjzj.default

prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.6, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416, {ec9032c7-c20a-464f-7b0e-13a3a9e97385}:1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.25"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.3.6&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG10\Firefox4\
"avg@igeared"=C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\bziknjzj.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
{ec9032c7-c20a-464f-7b0e-13a3a9e97385}

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\bziknjzj.default\searchplugins\
conduit.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2011-09-09 2276704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PERNIS~1\Martin\MALWAR~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-12-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-12-08 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-21 1018680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-12 483422]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-10-16 13851752]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2011-09-10 2338656]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]
"ICQ"=C:\Program Files\ICQ7.7\ICQ.exe [2012-01-23 127040]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-01-26 3620352]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Umax VistaAccess.lnk - C:\VstaScan\VsAccess.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Pernisovci\Martin\Programy\uTorrent.exe"="C:\Pernisovci\Martin\Programy\uTorrent.exe:*:Enabled:µTorrent"
"C:\GAMES\Bohemia Interactive\arma2.exe"="C:\GAMES\Bohemia Interactive\arma2.exe:*:Enabled:ArmA 2"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\games\Sports Interactive\Football Manager 2010\fm.exe"="C:\games\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\AVG\AVG10\avgdiagex.exe"="C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostika 2011"
"C:\Program Files\AVG\AVG10\avgnsx.exe"="C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG10\avgemcx.exe"="C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2012-01-26 20:37:07 ----D---- C:\rsit
2012-01-26 20:14:16 ----A---- C:\ComboFix.txt
2012-01-26 19:34:10 ----A---- C:\WINDOWS\zip.exe
2012-01-26 19:34:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-01-26 19:34:10 ----A---- C:\WINDOWS\SWSC.exe
2012-01-26 19:34:10 ----A---- C:\WINDOWS\SWREG.exe
2012-01-26 19:34:10 ----A---- C:\WINDOWS\sed.exe
2012-01-26 19:34:10 ----A---- C:\WINDOWS\PEV.exe
2012-01-26 19:34:10 ----A---- C:\WINDOWS\NIRCMD.exe
2012-01-26 19:34:10 ----A---- C:\WINDOWS\MBR.exe
2012-01-26 19:34:10 ----A---- C:\WINDOWS\grep.exe
2012-01-26 19:28:51 ----D---- C:\Qoobox
2012-01-26 12:11:12 ----A---- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2012-01-26 12:06:04 ----D---- C:\Program Files\DAEMON Tools Lite
2012-01-12 03:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-01-12 03:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-01-12 03:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-01-12 03:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-01-12 03:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2011-12-28 18:33:26 ----D---- C:\Program Files\ICQ7.7

======List of files/folders modified in the last 1 month======

2012-01-26 20:15:32 ----A---- C:\LM9831Log.txt
2012-01-26 20:14:31 ----D---- C:\WINDOWS\Temp
2012-01-26 20:13:37 ----SD---- C:\WINDOWS\Tasks
2012-01-26 20:12:15 ----D---- C:\WINDOWS
2012-01-26 20:12:15 ----A---- C:\WINDOWS\system.ini
2012-01-26 20:12:06 ----D---- C:\WINDOWS\ERDNT
2012-01-26 20:12:00 ----D---- C:\WINDOWS\system32\drivers\etc
2012-01-26 20:01:15 ----D---- C:\WINDOWS\system32\drivers
2012-01-26 20:01:15 ----D---- C:\WINDOWS\system32
2012-01-26 20:01:15 ----D---- C:\WINDOWS\AppPatch
2012-01-26 20:01:12 ----D---- C:\Program Files\Common Files
2012-01-26 19:56:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-26 19:52:05 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-26 19:49:53 ----A---- C:\WINDOWS\vista32.ini
2012-01-26 19:34:05 ----SHD---- C:\System Volume Information
2012-01-26 19:34:05 ----D---- C:\WINDOWS\system32\Restore
2012-01-26 19:22:30 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-01-26 19:17:48 ----D---- C:\Documents and Settings\Admin\Data aplikací\DAEMON Tools Lite
2012-01-26 16:52:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-26 13:12:15 ----HD---- C:\WINDOWS\inf
2012-01-26 13:11:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-01-26 12:06:04 ----RD---- C:\Program Files
2012-01-26 11:00:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-26 09:06:01 ----D---- C:\Program Files\Common Files\LightScribe
2012-01-26 01:22:05 ----A---- C:\WINDOWS\explorer.exe
2012-01-26 00:39:44 ----D---- C:\Program Files\Mozilla Firefox
2012-01-25 23:17:20 ----D---- C:\WINDOWS\_I
2012-01-25 23:16:32 ----D---- C:\WINDOWS\system32\XPSViewer
2012-01-25 23:16:32 ----A---- C:\WINDOWS\UNRecode.exe
2012-01-25 23:16:32 ----A---- C:\WINDOWS\UNNeroBackItUp.exe
2012-01-25 23:16:26 ----A---- C:\WINDOWS\system32\wupdmgr.exe
2012-01-25 23:16:26 ----A---- C:\WINDOWS\system32\WudfHost.exe
2012-01-25 23:16:25 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2012-01-25 23:16:25 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-01-25 23:16:25 ----A---- C:\WINDOWS\system32\wsmprovhost.exe
2012-01-25 23:16:24 ----A---- C:\WINDOWS\system32\wsmanhttpconfig.exe
2012-01-25 23:16:24 ----A---- C:\WINDOWS\system32\wscript.exe
2012-01-25 23:16:24 ----A---- C:\WINDOWS\system32\wscntfy.exe
2012-01-25 23:16:23 ----A---- C:\WINDOWS\system32\wpdshextautoplay.exe
2012-01-25 23:16:20 ----A---- C:\WINDOWS\system32\winrshost.exe
2012-01-25 23:16:20 ----A---- C:\WINDOWS\system32\winrs.exe
2012-01-25 23:16:19 ----A---- C:\WINDOWS\system32\winmsd.exe
2012-01-25 23:16:17 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2012-01-25 23:16:15 ----D---- C:\WINDOWS\system32\wbem
2012-01-25 23:16:12 ----A---- C:\WINDOWS\system32\winchat.exe
2012-01-25 23:16:10 ----A---- C:\WINDOWS\system32\wextract.exe
2012-01-25 23:16:10 ----A---- C:\WINDOWS\system32\wdfmgr.exe
2012-01-25 23:16:02 ----D---- C:\WINDOWS\system32\usmt
2012-01-25 23:16:02 ----A---- C:\WINDOWS\system32\w32tm.exe
2012-01-25 23:16:00 ----A---- C:\WINDOWS\system32\vssadmin.exe
2012-01-25 23:16:00 ----A---- C:\WINDOWS\system32\verifier.exe
2012-01-25 23:16:00 ----A---- C:\WINDOWS\system32\verclsid.exe
2012-01-25 23:15:59 ----D---- C:\WINDOWS\system32\URTTemp
2012-01-25 23:15:59 ----A---- C:\WINDOWS\system32\uwdf.exe
2012-01-25 23:15:59 ----A---- C:\WINDOWS\system32\usrshuta.exe
2012-01-25 23:15:58 ----A---- C:\WINDOWS\system32\usrprbda.exe
2012-01-25 23:15:58 ----A---- C:\WINDOWS\system32\usrmlnka.exe
2012-01-25 23:15:55 ----A---- C:\WINDOWS\system32\userinit.exe
2012-01-25 23:15:53 ----A---- C:\WINDOWS\system32\upnpcont.exe
2012-01-25 23:15:51 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2012-01-25 23:15:50 ----A---- C:\WINDOWS\system32\tracert6.exe
2012-01-25 23:15:50 ----A---- C:\WINDOWS\system32\tftp.exe
2012-01-25 23:15:49 ----A---- C:\WINDOWS\system32\telnet.exe
2012-01-25 23:15:49 ----A---- C:\WINDOWS\system32\tcpsvcs.exe
2012-01-25 23:15:48 ----A---- C:\WINDOWS\system32\taskmgr.exe
2012-01-25 23:15:47 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2012-01-25 23:15:47 ----A---- C:\WINDOWS\system32\syskey.exe
2012-01-25 23:15:46 ----A---- C:\WINDOWS\system32\syncapp.exe
2012-01-25 23:15:45 ----A---- C:\WINDOWS\system32\stacsv.exe
2012-01-25 23:15:36 ----A---- C:\WINDOWS\system32\sort.exe
2012-01-25 23:15:28 ----A---- C:\WINDOWS\system32\slserv.exe
2012-01-25 23:15:28 ----A---- C:\WINDOWS\system32\slrundll.exe
2012-01-25 23:15:28 ----A---- C:\WINDOWS\system32\sigverif.exe
2012-01-25 23:15:27 ----A---- C:\WINDOWS\system32\shrpubw.exe
2012-01-25 23:15:25 ----A---- C:\WINDOWS\system32\setupn.exe
2012-01-25 23:15:24 ----A---- C:\WINDOWS\system32\sethc.exe
2012-01-25 23:15:22 ----A---- C:\WINDOWS\system32\sdbinst.exe
2012-01-25 23:15:20 ----A---- C:\WINDOWS\system32\runonce.exe
2012-01-25 23:15:19 ----A---- C:\WINDOWS\system32\rtcshare.exe
2012-01-25 23:15:17 ----A---- C:\WINDOWS\system32\rsmui.exe
2012-01-25 23:15:17 ----A---- C:\WINDOWS\system32\rsmsink.exe
2012-01-25 23:15:16 ----A---- C:\WINDOWS\system32\rsh.exe
2012-01-25 23:15:16 ----A---- C:\WINDOWS\system32\routemon.exe
2012-01-25 23:15:15 ----A---- C:\WINDOWS\system32\rexec.exe
2012-01-25 23:14:55 ----A---- C:\WINDOWS\system32\regsvr32.exe
2012-01-25 23:14:54 ----A---- C:\WINDOWS\system32\regini.exe
2012-01-25 23:14:53 ----A---- C:\WINDOWS\system32\rdshost.exe
2012-01-25 23:14:52 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2012-01-25 23:14:52 ----A---- C:\WINDOWS\system32\rdpclip.exe
2012-01-25 23:14:52 ----A---- C:\WINDOWS\system32\rcp.exe
2012-01-25 23:14:51 ----A---- C:\WINDOWS\system32\rasphone.exe
2012-01-25 23:14:50 ----A---- C:\WINDOWS\system32\rasautou.exe
2012-01-25 23:14:48 ----A---- C:\WINDOWS\system32\proquota.exe
2012-01-25 23:14:47 ----A---- C:\WINDOWS\system32\PresentationHost.exe
2012-01-25 23:14:46 ----D---- C:\WINDOWS\system32\oobe
2012-01-25 23:14:46 ----A---- C:\WINDOWS\system32\powercfg.exe
2012-01-25 23:14:46 ----A---- C:\WINDOWS\system32\pintool.exe
2012-01-25 23:14:45 ----A---- C:\WINDOWS\system32\ping6.exe
2012-01-25 23:14:36 ----D---- C:\WINDOWS\system32\npp
2012-01-25 23:14:36 ----A---- C:\WINDOWS\system32\odbcconf.exe
2012-01-25 23:14:34 ----A---- C:\WINDOWS\system32\nvcolor.exe
2012-01-25 23:14:33 ----A---- C:\WINDOWS\system32\ntvdm.exe
2012-01-25 23:14:33 ----A---- C:\WINDOWS\system32\ntsd.exe
2012-01-25 23:14:32 ----A---- C:\WINDOWS\system32\nslookup.exe
2012-01-25 23:14:31 ----A---- C:\WINDOWS\system32\netstat.exe
2012-01-25 23:14:30 ----A---- C:\WINDOWS\system32\netsetup.exe
2012-01-25 23:14:29 ----A---- C:\WINDOWS\system32\net1.exe
2012-01-25 23:14:29 ----A---- C:\WINDOWS\system32\net.exe
2012-01-25 23:14:28 ----A---- C:\WINDOWS\system32\nbtstat.exe
2012-01-25 23:14:28 ----A---- C:\WINDOWS\system32\narrator.exe
2012-01-25 23:14:28 ----A---- C:\WINDOWS\system32\napstat.exe
2012-01-25 23:14:09 ----A---- C:\WINDOWS\system32\mshta.exe
2012-01-25 23:14:07 ----A---- C:\WINDOWS\system32\msg.exe
2012-01-25 23:14:05 ----A---- C:\WINDOWS\system32\MRT.exe
2012-01-25 23:14:03 ----A---- C:\WINDOWS\system32\mpnotify.exe
2012-01-25 23:14:03 ----A---- C:\WINDOWS\system32\mplay32.exe
2012-01-25 23:14:01 ----A---- C:\WINDOWS\system32\mmcperf.exe
2012-01-25 23:14:01 ----A---- C:\WINDOWS\system32\migpwd.exe
2012-01-25 23:13:56 ----A---- C:\WINDOWS\system32\logonui.exe
2012-01-25 23:13:55 ----A---- C:\WINDOWS\system32\logman.exe
2012-01-25 23:13:55 ----A---- C:\WINDOWS\system32\logagent.exe
2012-01-25 23:13:54 ----A---- C:\WINDOWS\system32\lnkstub.exe
2012-01-25 23:13:52 ----A---- C:\WINDOWS\system32\javaws.exe
2012-01-25 23:13:52 ----A---- C:\WINDOWS\system32\javaw.exe
2012-01-25 23:13:52 ----A---- C:\WINDOWS\system32\java.exe
2012-01-25 23:13:51 ----A---- C:\WINDOWS\system32\ipxroute.exe
2012-01-25 23:13:51 ----A---- C:\WINDOWS\system32\ipv6.exe
2012-01-25 23:13:51 ----A---- C:\WINDOWS\system32\ipsec6.exe
2012-01-25 23:13:50 ----A---- C:\WINDOWS\system32\ipconfig.exe
2012-01-25 23:13:47 ----A---- C:\WINDOWS\system32\iexpress.exe
2012-01-25 23:13:47 ----A---- C:\WINDOWS\system32\ieudinit.exe
2012-01-25 23:13:46 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2012-01-25 23:13:46 ----A---- C:\WINDOWS\system32\icardagt.exe
2012-01-25 23:13:45 ----A---- C:\WINDOWS\system32\hostname.exe
2012-01-25 23:13:44 ----A---- C:\WINDOWS\system32\heciudlg.exe
2012-01-25 23:13:44 ----A---- C:\WINDOWS\system32\grpconv.exe
2012-01-25 23:13:43 ----A---- C:\WINDOWS\system32\ftp.exe
2012-01-25 23:13:42 ----A---- C:\WINDOWS\system32\fsutil.exe
2012-01-25 23:13:42 ----A---- C:\WINDOWS\system32\fsquirt.exe
2012-01-25 23:13:40 ----A---- C:\WINDOWS\system32\fltmc.exe
2012-01-25 23:13:39 ----A---- C:\WINDOWS\system32\finger.exe
2012-01-25 23:13:38 ----A---- C:\WINDOWS\system32\faxpatch.exe
2012-01-25 23:13:37 ----A---- C:\WINDOWS\system32\expand.exe
2012-01-25 23:13:36 ----A---- C:\WINDOWS\system32\eudcedit.exe
2012-01-25 23:13:35 ----A---- C:\WINDOWS\system32\esentutl.exe
2012-01-25 23:13:34 ----A---- C:\WINDOWS\system32\dxdiag.exe
2012-01-25 23:13:34 ----A---- C:\WINDOWS\system32\dwwin.exe
2012-01-25 23:13:34 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2012-01-25 23:13:33 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2012-01-25 23:13:30 ----A---- C:\WINDOWS\system32\drmupgds.exe
2012-01-25 23:13:28 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2012-01-25 23:13:27 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2012-01-25 23:13:27 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2012-01-25 23:12:19 ----A---- C:\WINDOWS\system32\diskpart.exe
2012-01-25 23:12:18 ----A---- C:\WINDOWS\system32\diantz.exe
2012-01-25 23:12:18 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2012-01-25 23:12:17 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2012-01-25 23:12:17 ----A---- C:\WINDOWS\system32\defrag.exe
2012-01-25 23:12:15 ----A---- C:\WINDOWS\system32\cscript.exe
2012-01-25 23:12:03 ----D---- C:\WINDOWS\system32\Com
2012-01-25 23:11:58 ----A---- C:\WINDOWS\system32\compact.exe
2012-01-25 23:11:57 ----A---- C:\WINDOWS\system32\cmstp.exe
2012-01-25 23:11:56 ----A---- C:\WINDOWS\system32\cmmon32.exe
2012-01-25 23:11:56 ----A---- C:\WINDOWS\system32\cmdl32.exe
2012-01-25 23:11:55 ----A---- C:\WINDOWS\system32\clipbrd.exe
2012-01-25 23:11:51 ----A---- C:\WINDOWS\system32\cidaemon.exe
2012-01-25 23:11:44 ----A---- C:\WINDOWS\system32\browserchoice.exe
2012-01-25 23:11:43 ----A---- C:\WINDOWS\system32\blastcln.exe
2012-01-25 23:11:40 ----A---- C:\WINDOWS\system32\at.exe
2012-01-25 23:11:40 ----A---- C:\WINDOWS\system32\arp.exe
2012-01-25 23:11:39 ----A---- C:\WINDOWS\system32\ahui.exe
2012-01-25 23:11:32 ----A---- C:\WINDOWS\sttray.exe
2012-01-25 23:11:22 ----A---- C:\WINDOWS\slrundll.exe
2012-01-25 23:09:51 ----N---- C:\WINDOWS\regedit.exe
2012-01-25 23:09:21 ----D---- C:\WINDOWS\network diagnostic
2012-01-25 23:09:19 ----D---- C:\WINDOWS\msagent
2012-01-25 23:09:19 ----D---- C:\WINDOWS\Microsoft.NET
2012-01-25 23:05:36 ----HDC---- C:\WINDOWS\ie8
2012-01-25 22:59:55 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2012-01-25 22:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2012-01-25 22:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2012-01-25 22:56:50 ----D---- C:\VstaScan
2012-01-25 22:56:44 ----D---- C:\Program Files\Windows NT
2012-01-25 22:56:42 ----D---- C:\Program Files\Windows Media Player
2012-01-25 22:56:36 ----D---- C:\Program Files\Windows Media Connect 2
2012-01-25 22:55:39 ----D---- C:\Program Files\SystemRequirementsLab
2012-01-25 22:55:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-01-25 22:55:11 ----D---- C:\Program Files\Outlook Express
2012-01-25 22:52:33 ----D---- C:\Program Files\NetMeeting
2012-01-25 22:51:39 ----D---- C:\Program Files\Microsoft Silverlight
2012-01-25 22:50:51 ----D---- C:\Program Files\Internet Explorer
2012-01-25 22:48:09 ----D---- C:\Program Files\ICQ6Toolbar
2012-01-25 22:17:20 ----D---- C:\Program Files\Movie Maker
2012-01-25 22:17:17 ----A---- C:\WINDOWS\system32\sndvol32.exe
2012-01-25 22:17:17 ----A---- C:\WINDOWS\system32\sndrec32.exe
2012-01-25 22:17:17 ----A---- C:\WINDOWS\system32\accwiz.exe
2012-01-25 22:17:16 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2012-01-25 22:17:16 ----A---- C:\WINDOWS\system32\mstsc.exe
2012-01-25 22:17:16 ----A---- C:\WINDOWS\system32\mspaint.exe
2012-01-25 22:17:16 ----A---- C:\WINDOWS\system32\charmap.exe
2012-01-25 22:17:16 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2012-01-25 22:17:16 ----A---- C:\WINDOWS\system32\calc.exe
2012-01-25 22:17:14 ----A---- C:\WINDOWS\system32\odbcad32.exe
2012-01-25 22:17:06 ----D---- C:\WINDOWS\Corel
2012-01-25 22:17:06 ----A---- C:\WINDOWS\system32\winmine.exe
2012-01-25 22:17:06 ----A---- C:\WINDOWS\system32\spider.exe
2012-01-25 22:17:06 ----A---- C:\WINDOWS\system32\sol.exe
2012-01-25 22:17:06 ----A---- C:\WINDOWS\system32\mshearts.exe
2012-01-25 22:17:06 ----A---- C:\WINDOWS\system32\freecell.exe
2012-01-25 19:00:02 ----A---- C:\WINDOWS\system32\alg.exe
2012-01-25 18:15:58 ----A---- C:\WINDOWS\system32\utilman.exe
2012-01-25 18:15:58 ----A---- C:\WINDOWS\system32\osk.exe
2012-01-25 18:15:58 ----A---- C:\WINDOWS\system32\mobsync.exe
2012-01-25 18:15:58 ----A---- C:\WINDOWS\system32\magnify.exe
2012-01-25 18:15:58 ----A---- C:\WINDOWS\system32\cmd.exe
2012-01-25 18:15:43 ----A---- C:\WINDOWS\system32\vssvc.exe
2012-01-25 18:15:43 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2012-01-25 18:15:43 ----A---- C:\WINDOWS\system32\sessmgr.exe
2012-01-25 18:15:43 ----A---- C:\WINDOWS\system32\scardsvr.exe
2012-01-25 18:15:43 ----A---- C:\WINDOWS\system32\rsvp.exe
2012-01-25 18:15:43 ----A---- C:\WINDOWS\system32\locator.exe
2012-01-25 18:15:41 ----A---- C:\WINDOWS\system32\netdde.exe
2012-01-25 18:15:39 ----A---- C:\WINDOWS\system32\msiexec.exe
2012-01-25 18:15:39 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2012-01-25 18:15:30 ----A---- C:\WINDOWS\system32\imapi.exe
2012-01-25 18:15:24 ----A---- C:\WINDOWS\system32\dmadmin.exe
2012-01-25 18:15:13 ----A---- C:\WINDOWS\system32\clipsrv.exe
2012-01-25 18:15:11 ----A---- C:\WINDOWS\system32\cisvc.exe
2012-01-25 14:07:59 ----D---- C:\Documents and Settings\Admin\Data aplikací\ICQ
2012-01-25 13:56:38 ----D---- C:\Documents and Settings\Admin\Data aplikací\vlc
2012-01-25 10:09:23 ----D---- C:\WINDOWS\Prefetch
2012-01-24 13:17:48 ----A---- C:\WINDOWS\NeroDigital.ini
2012-01-22 15:34:24 ----D---- C:\Documents and Settings\Admin\Data aplikací\Adobe
2012-01-18 20:42:15 ----SHD---- C:\WINDOWS\Installer
2012-01-12 03:08:01 ----RSD---- C:\WINDOWS\assembly
2012-01-12 03:06:36 ----A---- C:\WINDOWS\imsins.BAK
2012-01-12 03:04:59 ----D---- C:\Config.Msi
2012-01-12 03:03:47 ----D---- C:\WINDOWS\WinSxS
2012-01-12 03:01:52 ----HD---- C:\WINDOWS\$hf_mig$
2012-01-07 14:05:45 ----A---- C:\WINDOWS\win.ini
2011-12-28 18:33:49 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-03-01 34896]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-01-26 242240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 27216]
R3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2009-08-28 241168]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-07-09 44416]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-10-16 9623680]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-12 1550613]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2012-01-26 408576]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
R2 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2012-01-25 413696]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-10-16 156776]
R2 STacSV;Audio Service; c:\program files\idt\intelxpv_v103\wdm\STacSV.exe [2009-03-12 254036]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-25 7532544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-01-25 271872]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-25 278016]
S2 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2012-01-25 1019904]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-01-26 294912]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2012-01-26 221184]
S2 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2012-01-25 933888]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2012-01-25 172544]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2012-01-25 207872]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-25 278016]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2012-01-25 1061376]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2012-01-25 894976]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 26 led 2012 21:06

Také zdravím!
Pokud dáte log RSIT po skenu ComboFix, můžete si být jist, že bude čistý. CF smaže všechny stopy. Dejte log z ComboFix, měl by být v c:\combofix.txt.

La Défense · #3 Příspěvek od **La Défense** » 26 led 2012 21:08

Já sem ho sem zkoušel dát, ale von je hrozně dlouhej. A neprolezlo mi to, tak jestli jsem neudělal nějakou chybu někde?

#4 Příspěvek od **Rudy** » 26 led 2012 21:12

Vynechte odstavec snapshot a zbytek vložte.

La Défense · #5 Příspěvek od **La Défense** » 26 led 2012 21:22

Ha díky, mě se to zdálo jakési divné

Tak jeslti jsem to správně pochopil, tak jsem tam nedal to co je všechno nakaženo.

ComboFix 12-01-26.01 - Admin 26.01.2012 19:57:32.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3053.2504 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

((((((((((((((((((((((((( Soubory vytvořené od 2011-12-26 do 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-26 11:11 . 2012-01-26 12:11 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-26 11:06 . 2012-01-26 15:35 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-01-26 10:48 . 2012-01-26 15:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Adobe
2012-01-25 18:10 . 2012-01-25 18:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-01-25 18:10 . 2012-01-25 18:10 -------- d-----w- c:\documents and settings\LocalService\Plocha
2011-12-28 17:33 . 2012-01-25 21:48 -------- d-----w- c:\program files\ICQ7.7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 00:22 . 2006-03-02 12:00 1181696 ----a-w- c:\windows\explorer.exe
2012-01-25 22:16 . 2007-04-23 14:42 1114112 ----a-w- c:\windows\UNRecode.exe
2012-01-25 22:16 . 2007-03-20 19:22 1114112 ----a-w- c:\windows\UNNeroBackItUp.exe
2012-01-25 22:16 . 2006-09-28 17:56 293888 ----a-w- c:\windows\system32\WudfHost.exe
2012-01-25 22:16 . 2006-03-02 12:00 179712 ----a-w- c:\windows\system32\wupdmgr.exe
2012-01-25 22:16 . 2010-12-08 06:21 314368 ----a-w- c:\windows\system32\wuauclt1.exe
2012-01-25 22:16 . 2010-12-08 06:21 194560 ----a-w- c:\windows\system32\wuauclt.exe
2012-01-25 22:16 . 2009-10-09 13:56 162304 ----a-w- c:\windows\system32\wsmprovhost.exe
2012-01-25 22:16 . 2009-10-09 13:56 372736 ----a-w- c:\windows\system32\wsmanhttpconfig.exe
2012-01-25 22:16 . 2006-03-02 12:00 303104 ----a-w- c:\windows\system32\wscript.exe
2012-01-25 22:16 . 2006-03-02 12:00 161280 ----a-w- c:\windows\system32\wscntfy.exe
2012-01-25 22:16 . 2006-10-18 19:00 164864 ----a-w- c:\windows\system32\wpdshextautoplay.exe
2012-01-25 22:16 . 2009-10-09 15:16 218624 ----a-w- c:\windows\system32\winrs.exe
2012-01-25 22:16 . 2009-10-09 13:56 169984 ----a-w- c:\windows\system32\winrshost.exe
2012-01-25 22:16 . 2006-03-02 12:00 159232 ----a-w- c:\windows\system32\winmsd.exe
2012-01-25 22:16 . 2010-12-08 06:20 182784 ----a-w- c:\windows\system32\winchat.exe
2012-01-25 22:16 . 2006-10-18 20:58 156160 ----a-w- c:\windows\system32\wdfmgr.exe
2012-01-25 22:16 . 2006-03-02 12:00 212480 ----a-w- c:\windows\system32\wextract.exe
2012-01-25 22:16 . 2010-12-08 06:19 375296 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2012-01-25 22:16 . 2010-12-08 06:19 161280 ----a-w- c:\windows\system32\wbem\winmgmt.exe
2012-01-25 22:16 . 2010-12-08 06:19 344064 ----a-w- c:\windows\system32\wbem\wmiadap.exe
2012-01-25 22:16 . 2010-12-08 06:19 164352 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2012-01-25 22:16 . 2010-12-08 06:19 265216 ----a-w- c:\windows\system32\wbem\wbemtest.exe
2012-01-25 22:16 . 2010-12-08 06:19 183808 ----a-w- c:\windows\system32\wbem\scrcons.exe
2012-01-25 22:16 . 2010-12-08 06:19 164352 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2012-01-25 22:16 . 2006-03-02 12:00 197632 ----a-w- c:\windows\system32\w32tm.exe
2012-01-25 22:16 . 2010-12-08 06:46 176128 ----a-w- c:\windows\system32\verclsid.exe
2012-01-25 22:16 . 2006-03-02 12:00 248320 ----a-w- c:\windows\system32\verifier.exe
2012-01-25 22:16 . 2006-03-02 12:00 181248 ----a-w- c:\windows\system32\vssadmin.exe
2012-01-25 22:15 . 2006-10-18 20:58 156160 ----a-w- c:\windows\system32\uwdf.exe
2012-01-25 22:15 . 2001-10-24 12:25 221184 ----a-w- c:\windows\system32\usrshuta.exe
2012-01-25 22:15 . 2001-10-24 12:25 229376 ----a-w- c:\windows\system32\usrmlnka.exe
2012-01-25 22:15 . 2001-08-18 06:37 212992 ----a-w- c:\windows\system32\usrprbda.exe
2012-01-25 22:15 . 2006-03-02 12:00 173568 ----a-w- c:\windows\system32\userinit.exe
2012-01-25 22:15 . 2006-03-02 12:00 164352 ----a-w- c:\windows\system32\upnpcont.exe
2012-01-25 22:15 . 2010-12-08 06:19 192000 ----a-w- c:\windows\system32\tscupgrd.exe
2012-01-25 22:15 . 2006-03-02 12:00 179712 ----a-w- c:\windows\system32\tracert6.exe
2012-01-25 22:15 . 2006-03-02 12:00 164352 ----a-w- c:\windows\system32\tftp.exe
2012-01-25 22:15 . 2006-03-02 12:00 225792 ----a-w- c:\windows\system32\telnet.exe
2012-01-25 22:15 . 2006-03-02 12:00 166912 ----a-w- c:\windows\system32\tcpsvcs.exe
2012-01-25 22:15 . 2006-03-02 12:00 284672 ----a-w- c:\windows\system32\taskmgr.exe
2012-01-25 22:15 . 2006-03-02 12:00 253952 ----a-w- c:\windows\system32\sysocmgr.exe
2012-01-25 22:15 . 2006-03-02 12:00 184320 ----a-w- c:\windows\system32\syskey.exe
2012-01-25 22:15 . 2006-03-02 12:00 198656 ----a-w- c:\windows\system32\syncapp.exe
2012-01-25 22:15 . 2010-12-08 07:01 405504 ----a-w- c:\windows\system32\stacsv.exe
2012-01-25 22:15 . 2010-12-08 07:35 744960 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-01-25 22:15 . 2006-03-02 12:00 173056 ----a-w- c:\windows\system32\sort.exe
2012-01-25 22:15 . 2010-12-08 06:46 225280 ----a-w- c:\windows\system32\slserv.exe
2012-01-25 22:15 . 2010-12-08 06:46 184320 ----a-w- c:\windows\system32\slrundll.exe
2012-01-25 22:15 . 2006-03-02 12:00 218112 ----a-w- c:\windows\system32\sigverif.exe
2012-01-25 22:15 . 2006-03-02 12:00 225280 ----a-w- c:\windows\system32\shrpubw.exe
2012-01-25 22:15 . 2010-12-08 06:46 180224 ----a-w- c:\windows\system32\setupn.exe
2012-01-25 22:15 . 2006-03-02 12:00 180224 ----a-w- c:\windows\system32\sethc.exe
2012-01-25 22:15 . 2006-03-02 12:00 225280 ----a-w- c:\windows\system32\sdbinst.exe
2012-01-25 22:15 . 2006-03-02 12:00 161792 ----a-w- c:\windows\system32\runonce.exe
2012-01-25 22:15 . 2006-03-02 12:00 224768 ----a-w- c:\windows\system32\rtcshare.exe
2012-01-25 22:15 . 2006-03-02 12:00 196608 ----a-w- c:\windows\system32\rsmui.exe
2012-01-25 22:15 . 2006-03-02 12:00 172032 ----a-w- c:\windows\system32\rsmsink.exe
2012-01-25 22:15 . 2006-03-02 12:00 173056 ----a-w- c:\windows\system32\routemon.exe
2012-01-25 22:15 . 2006-03-02 12:00 162816 ----a-w- c:\windows\system32\rsh.exe
2012-01-25 22:15 . 2006-03-02 12:00 161792 ----a-w- c:\windows\system32\rexec.exe
2012-01-25 22:14 . 2006-03-02 12:00 159744 ----a-w- c:\windows\system32\regsvr32.exe
2012-01-25 22:14 . 2010-12-08 06:19 181248 ----a-w- c:\windows\system32\regini.exe
2012-01-25 22:14 . 2010-12-08 06:19 214528 ----a-w- c:\windows\system32\rdshost.exe
2012-01-25 22:14 . 2010-12-08 06:19 161280 ----a-w- c:\windows\system32\rdsaddin.exe
2012-01-25 22:14 . 2010-12-08 06:19 210432 ----a-w- c:\windows\system32\rdpclip.exe
2012-01-25 22:14 . 2006-03-02 12:00 169984 ----a-w- c:\windows\system32\rcp.exe
2012-01-25 22:14 . 2006-03-02 12:00 204288 ----a-w- c:\windows\system32\rasphone.exe
2012-01-25 22:14 . 2006-03-02 12:00 159232 ----a-w- c:\windows\system32\rasautou.exe
2012-01-25 22:14 . 2006-03-02 12:00 197632 ----a-w- c:\windows\system32\proquota.exe
2012-01-25 22:14 . 2010-03-30 23:10 436736 ----a-w- c:\windows\system32\PresentationHost.exe
2012-01-25 22:14 . 2006-03-02 12:00 196608 ----a-w- c:\windows\system32\powercfg.exe
2012-01-25 22:14 . 2005-10-28 23:26 232448 ----a-w- c:\windows\system32\pintool.exe
2012-01-25 22:14 . 2006-03-02 12:00 181248 ----a-w- c:\windows\system32\ping6.exe
2012-01-25 22:14 . 2006-03-02 12:00 217088 ----a-w- c:\windows\system32\odbcconf.exe
2012-01-25 22:14 . 2010-10-16 11:04 285696 ----a-w- c:\windows\system32\nvcolor.exe
2012-01-25 22:14 . 2006-03-02 12:00 568320 ----a-w- c:\windows\system32\ntvdm.exe
2012-01-25 22:14 . 2006-03-02 12:00 179200 ----a-w- c:\windows\system32\ntsd.exe
2012-01-25 22:14 . 2006-03-02 12:00 226816 ----a-w- c:\windows\system32\nslookup.exe
2012-01-25 22:14 . 2006-03-02 12:00 184832 ----a-w- c:\windows\system32\netstat.exe
2012-01-25 22:14 . 2006-03-02 12:00 479232 ----a-w- c:\windows\system32\netsetup.exe
2012-01-25 22:14 . 2006-03-02 12:00 272384 ----a-w- c:\windows\system32\net1.exe
2012-01-25 22:14 . 2006-03-02 12:00 189952 ----a-w- c:\windows\system32\net.exe
2012-01-25 22:14 . 2010-12-08 06:46 324096 ----a-w- c:\windows\system32\napstat.exe
2012-01-25 22:14 . 2006-03-02 12:00 202240 ----a-w- c:\windows\system32\narrator.exe
2012-01-25 22:14 . 2006-03-02 12:00 168960 ----a-w- c:\windows\system32\nbtstat.exe
2012-01-25 22:14 . 2006-03-02 12:00 193024 ----a-w- c:\windows\system32\mshta.exe
2012-01-25 22:14 . 2010-12-08 06:19 168960 ----a-w- c:\windows\system32\msg.exe
2012-01-25 22:14 . 2010-12-08 06:19 271360 ----a-w- c:\windows\system32\mplay32.exe
2012-01-25 22:14 . 2006-03-02 12:00 169472 ----a-w- c:\windows\system32\mpnotify.exe
2012-01-25 22:14 . 2010-12-08 06:46 181248 ----a-w- c:\windows\system32\mmcperf.exe
2012-01-25 22:14 . 2006-03-02 12:00 199680 ----a-w- c:\windows\system32\migpwd.exe
2012-01-25 22:13 . 2006-03-02 12:00 662528 ----a-w- c:\windows\system32\logonui.exe
2012-01-25 22:13 . 2006-03-02 12:00 248320 ----a-w- c:\windows\system32\logagent.exe
2012-01-25 22:13 . 2006-03-02 12:00 207872 ----a-w- c:\windows\system32\logman.exe
2012-01-25 22:13 . 2006-03-02 12:00 173568 ----a-w- c:\windows\system32\lnkstub.exe
2012-01-25 22:13 . 2006-03-02 12:00 201216 ----a-w- c:\windows\system32\ipv6.exe
2012-01-25 22:13 . 2006-03-02 12:00 192512 ----a-w- c:\windows\system32\ipsec6.exe
2012-01-25 22:13 . 2006-03-02 12:00 171520 ----a-w- c:\windows\system32\ipxroute.exe
2012-01-25 22:13 . 2006-03-02 12:00 203776 ----a-w- c:\windows\system32\ipconfig.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-01-25 . 2CA2164048E2AB948AAF1E6D19738543 . 194560 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2012-01-25 . E6655A4684618925B0FA540E412EA00B . 194560 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[-] 2012-01-25 . 11A4463136D5010DE23E61AE26D81763 . 258560 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2012-01-25 . 91F72C3845933029409FBA56DF120D04 . 194560 . . [7.4.7600.226] . . c:\windows\ERDNT\cache\wuauclt.exe
.
[-] 2012-01-25 . 50C038B736D613DB78A70678E4762AAB . 173568 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2012-01-25 . 26ABD4665D60291E0B60A3EFE153DAD5 . 173568 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2012-01-25 . A3D004D90C41F27E3D6C413BC78CEB46 . 173568 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
.
[-] 2012-01-26 . 973CF60FB04DF726778E0176AA3DC678 . 1181696 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2012-01-25 . B2DC1074CE733C3775D527E716C79CBC . 1181696 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2012-01-25 . 29F0F8487E7B6DF0674E96057BCA2CA9 . 1181696 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
.
[-] 2012-01-25 . 10306BBA1A4F31D94DCFE485B5670DCA . 295424 . . [5.1.2600.2180] . . c:\windows\_I\SP.XPSP2.CZ\!obnova\regedit.exe
[-] 2012-01-25 . A6341ECF9F1F18F9F18704FBA5C64F82 . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2012-01-25 . 4C3DB450568B3F3463885DB513DE1ACC . 295424 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2012-01-25 . B67B2B5FA91C55801DF634848C714AC6 . 295424 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regedit.exe
.
[-] 2012-01-25 . FE3323134D1E5EBB3168CE02CA00C703 . 161280 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2012-01-25 . 4CCE2B65CDE9FF6900B9E834DECA060C . 161280 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2012-01-25 . 3C0600A8038BA76727A5659857D360EF . 161280 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
.
[-] 2012-01-25 . 8DA5D16B2E6A78DF5661BBC6280CCD87 . 780288 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[-] 2012-01-25 . 85304807F2DE3F4F23B26F9A75CE5318 . 780288 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
.
[-] 2012-01-25 22:05 . 0F7DC50DB1A93AB785317E4523703D1B . 1053184 . . [1.9.2.24] . . c:\windows\ERDNT\cache\firefox.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"ICQ"="c:\program files\ICQ7.7\ICQ.exe" [2012-01-23 127040]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-26 3620352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Umax VistaAccess.lnk - c:\vstascan\VsAccess.exe [2010-12-10 266240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Pernisovci\\Martin\\Programy\\uTorrent.exe"=
"c:\\GAMES\\Bohemia Interactive\\arma2.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\games\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 15:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 3:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 3:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9.11.2010 22:20 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26.1.2012 12:11 242240]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 4:33 408576]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.12.2010 15:59 246584]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.8.2010 20:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.8.2010 20:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.8.2010 20:42 27216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.8.2011 0:33 7532544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 271872]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.12.2010 17:13 278016]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 11:58 11336]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8.12.2010 17:13 278016]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.3.2006 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 894976]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-01-25 21:46 593920 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 17:15]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 17:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\bziknjzj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=sm&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=sm&tb_ver=1.3.6&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: .: {ec9032c7-c20a-464f-7b0e-13a3a9e97385} - %profile%\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-26 20:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-01-26 20:14:15
ComboFix-quarantined-files.txt 2012-01-26 19:14
.
Před spuštěním: Volných bajtů: 424 947 539 968
Po spuštění: Volných bajtů: 425 220 476 928
.
- - End Of File - - 90F30D5CDEE4B40345A60C65CD20B168

#6 Příspěvek od **Rudy** » 26 led 2012 22:28

Nakaženo není nic, log je OK. Zkuste obnovu systému k datu, kdy korektně fungoval. Tj. před tu nákazu, kterou antivir odstranil.

La Défense · #7 Příspěvek od **La Défense** » 26 led 2012 22:35

No to mě napadlo taky, ale za tu dobu, co jsem to nepotřeboval a cvrkalo to si to už nepamatuju, jak se to dělá. Asi bude pro mě lepší, když to někomu svěřim?

#8 Příspěvek od **Rudy** » 27 led 2012 18:42

Start>všechny programy>příslušenství>systémové nástroje>obnovení systému.

La Défense · #9 Příspěvek od **La Défense** » 31 led 2012 01:54

Tak obnovení systému nepomohlo. Hlavně proto, že před tou "zablokovanou infekcí" není, žádný bod obnovy. Pak už tam mám každej den jeden, ale předtím nic.

Nicméně počítač se "stabilizoval ve svém zlobení", teďka už "padá" IE, nepamatuje si hesla, loginy, prohlídnuté odkazy, atd., a je nesnesitelně pomalý internet, otevírání obrázků například, ale i běžné stránky, které se mají otevřít v novém okně-vymrzá.

Po spuštění se objevují tyto dvě okna, která předtím nevyskakovaly.

: AVG.JPG (16.38 KiB) Zobrazeno 2501 x

Prosím moc KOHOKOLIV o nějakou radu, či tip. Já ke své práci potřebuji internet i počítač a tohle mě bohužel eliminuje.

La Défense · #10 Příspěvek od **La Défense** » 31 led 2012 01:54

A ještě toto... (Omlouvám se, forum hlásí, že můžu přidat jen jeden soubor.)

: Space.JPG (27.21 KiB) Zobrazeno 2501 x

#11 Příspěvek od **vyosek** » 31 led 2012 16:36

Zdravim a pekny den preji

Omlouvam se kolegovi za vstup, pisu na zadost usera via PM

Stahnete si instalacku Recovery Konzole odsud http://vyosek.ic.cz/pro_usery/rc.exe a ulozte ji primo na disk c:\ tak at neni v zadne slozce - je to nutne, pac na ni odkazuje skript

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RecoveryConsole::
c:\rc.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=-
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"=-

Folder::
c:\program files\ICQ6Toolbar

Driver::
ICQ Service
gupdate
gupdatem

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

DDS::
uStart Page = hxxp://start.icq.com/sm

Firefox::
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\bziknjzj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.6&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: .: {ec9032c7-c20a-464f-7b0e-13a3a9e97385} - %profile%\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

La Défense · #12 Příspěvek od **La Défense** » 31 led 2012 18:14

ComboFix 12-01-30.02 - Admin 31.01.2012 17:44:14.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3054.2511 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Local Settings\Data aplikací\dfl21z32.dll
c:\documents and settings\Admin\Local Settings\Data aplikací\wsr21zt32.dll
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
c:\windows\system32\userinit.exe . . . je infikován!!
.
Nakažená kopie c:\windows\system32\spoolsv.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{D9C09DB1-C605-483B-B7A5-051782BA21FF}\RP8\A0012477.exe
.
c:\windows\explorer.exe . . . je infikován!!
.
c:\windows\system32\clipsrv.exe . . . je infikován!!
.
c:\windows\regedit.exe . . . je infikován!!
.
c:\windows\slrundll.exe . . . je infikován!!
.
c:\windows\inf\unregmp2.exe . . . je infikován!!
.
c:\windows\msagent\agentsvr.exe . . . je infikován!!
.
c:\windows\pchealth\helpctr\binaries\helpctr.exe . . . je infikován!!
.
c:\windows\pchealth\helpctr\binaries\HelpHost.exe . . . je infikován!!
.
c:\windows\pchealth\helpctr\binaries\helpsvc.exe . . . je infikován!!
.
c:\windows\pchealth\helpctr\binaries\hscupd.exe . . . je infikován!!
.
c:\windows\pchealth\helpctr\binaries\msconfig.exe . . . je infikován!!
.
c:\windows\pchealth\helpctr\binaries\notiflag.exe . . . je infikován!!
.
c:\windows\pchealth\UploadLB\Binaries\uploadm.exe . . . je infikován!!
.
c:\windows\system32\accwiz.exe . . . je infikován!!
.
c:\windows\system32\ahui.exe . . . je infikován!!
.
c:\windows\system32\alg.exe . . . je infikován!!
.
c:\windows\system32\arp.exe . . . je infikován!!
.
c:\windows\system32\at.exe . . . je infikován!!
.
c:\windows\system32\blastcln.exe . . . je infikován!!
.
c:\windows\system32\calc.exe . . . je infikován!!
.
c:\windows\system32\charmap.exe . . . je infikován!!
.
c:\windows\system32\cidaemon.exe . . . je infikován!!
.
c:\windows\system32\cisvc.exe . . . je infikován!!
.
c:\windows\system32\cleanmgr.exe . . . je infikován!!
.
c:\windows\system32\clipbrd.exe . . . je infikován!!
.
c:\windows\system32\cmd.exe . . . je infikován!!
.
c:\windows\system32\cmdl32.exe . . . je infikován!!
.
c:\windows\system32\cmmon32.exe . . . je infikován!!
.
c:\windows\system32\cmstp.exe . . . je infikován!!
.
c:\windows\system32\compact.exe . . . je infikován!!
.
c:\windows\system32\cscript.exe . . . je infikován!!
.
c:\windows\system32\defrag.exe . . . je infikován!!
.
c:\windows\system32\dfrgfat.exe . . . je infikován!!
.
c:\windows\system32\dfrgntfs.exe . . . je infikován!!
.
c:\windows\system32\diantz.exe . . . je infikován!!
.
c:\windows\system32\diskpart.exe . . . je infikován!!
.
c:\windows\system32\dmadmin.exe . . . je infikován!!
.
c:\windows\system32\dplaysvr.exe . . . je infikován!!
.
c:\windows\system32\dpnsvr.exe . . . je infikován!!
.
c:\windows\system32\dpvsetup.exe . . . je infikován!!
.
c:\windows\system32\drwtsn32.exe . . . je infikován!!
.
c:\windows\system32\dvdupgrd.exe . . . je infikován!!
.
c:\windows\system32\dwwin.exe . . . je infikován!!
.
c:\windows\system32\dxdiag.exe . . . je infikován!!
.
c:\windows\system32\esentutl.exe . . . je infikován!!
.
c:\windows\system32\eudcedit.exe . . . je infikován!!
.
c:\windows\system32\expand.exe . . . je infikován!!
.
c:\windows\system32\finger.exe . . . je infikován!!
.
c:\windows\system32\fltmc.exe . . . je infikován!!
.
c:\windows\system32\freecell.exe . . . je infikován!!
.
c:\windows\system32\fsquirt.exe . . . je infikován!!
.
c:\windows\system32\fsutil.exe . . . je infikován!!
.
c:\windows\system32\ftp.exe . . . je infikován!!
.
c:\windows\system32\grpconv.exe . . . je infikován!!
.
c:\windows\system32\hostname.exe . . . je infikován!!
.
c:\windows\system32\ie4uinit.exe . . . je infikován!!
.
c:\windows\system32\iexpress.exe . . . je infikován!!
.
c:\windows\system32\imapi.exe . . . je infikován!!
.
c:\windows\system32\ipconfig.exe . . . je infikován!!
.
c:\windows\system32\ipsec6.exe . . . je infikován!!
.
c:\windows\system32\ipv6.exe . . . je infikován!!
.
c:\windows\system32\ipxroute.exe . . . je infikován!!
.
c:\windows\system32\lnkstub.exe . . . je infikován!!
.
c:\windows\system32\locator.exe . . . je infikován!!
.
c:\windows\system32\logagent.exe . . . je infikován!!
.
c:\windows\system32\logman.exe . . . je infikován!!
.
c:\windows\system32\logonui.exe . . . je infikován!!
.
c:\windows\system32\magnify.exe . . . je infikován!!
.
c:\windows\system32\mmcperf.exe . . . je infikován!!
.
c:\windows\system32\mnmsrvc.exe . . . je infikován!!
.
c:\windows\system32\mobsync.exe . . . je infikován!!
.
c:\windows\system32\mplay32.exe . . . je infikován!!
.
c:\windows\system32\mpnotify.exe . . . je infikován!!
.
c:\windows\system32\msg.exe . . . je infikován!!
.
c:\windows\system32\mshearts.exe . . . je infikován!!
.
c:\windows\system32\mshta.exe . . . je infikován!!
.
c:\windows\system32\msiexec.exe . . . je infikován!!
.
c:\windows\system32\mspaint.exe . . . je infikován!!
.
c:\windows\system32\mstsc.exe . . . je infikován!!
.
c:\windows\system32\napstat.exe . . . je infikován!!
.
c:\windows\system32\narrator.exe . . . je infikován!!
.
c:\windows\system32\nbtstat.exe . . . je infikován!!
.
c:\windows\system32\net.exe . . . je infikován!!
.
c:\windows\system32\net1.exe . . . je infikován!!
.
c:\windows\system32\netdde.exe . . . je infikován!!
.
c:\windows\system32\netsetup.exe . . . je infikován!!
.
c:\windows\system32\netstat.exe . . . je infikován!!
.
c:\windows\system32\nslookup.exe . . . je infikován!!
.
c:\windows\system32\ntsd.exe . . . je infikován!!
.
c:\windows\system32\ntvdm.exe . . . je infikován!!
.
c:\windows\system32\odbcad32.exe . . . je infikován!!
.
c:\windows\system32\odbcconf.exe . . . je infikován!!
.
c:\windows\system32\osk.exe . . . je infikován!!
.
Nakažená kopie c:\windows\system32\packager.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$NtUninstallKB2584146$\packager.exe
.
c:\windows\system32\ping6.exe . . . je infikován!!
.
c:\windows\system32\powercfg.exe . . . je infikován!!
.
c:\windows\system32\proquota.exe . . . je infikován!!
.
c:\windows\system32\rasautou.exe . . . je infikován!!
.
c:\windows\system32\rasphone.exe . . . je infikován!!
.
c:\windows\system32\rcp.exe . . . je infikován!!
.
c:\windows\system32\rdpclip.exe . . . je infikován!!
.
c:\windows\system32\rdsaddin.exe . . . je infikován!!
.
c:\windows\system32\rdshost.exe . . . je infikován!!
.
c:\windows\system32\regini.exe . . . je infikován!!
.
c:\windows\system32\regsvr32.exe . . . je infikován!!
.
c:\windows\system32\rexec.exe . . . je infikován!!
.
c:\windows\system32\routemon.exe . . . je infikován!!
.
c:\windows\system32\rsh.exe . . . je infikován!!
.
c:\windows\system32\rsmsink.exe . . . je infikován!!
.
c:\windows\system32\rsmui.exe . . . je infikován!!
.
c:\windows\system32\rsvp.exe . . . je infikován!!
.
c:\windows\system32\rtcshare.exe . . . je infikován!!
.
c:\windows\system32\runonce.exe . . . je infikován!!
.
c:\windows\system32\scardsvr.exe . . . je infikován!!
.
c:\windows\system32\sdbinst.exe . . . je infikován!!
.
c:\windows\system32\sessmgr.exe . . . je infikován!!
.
c:\windows\system32\sethc.exe . . . je infikován!!
.
c:\windows\system32\setupn.exe . . . je infikován!!
.
c:\windows\system32\shrpubw.exe . . . je infikován!!
.
c:\windows\system32\sigverif.exe . . . je infikován!!
.
c:\windows\system32\slserv.exe . . . je infikován!!
.
c:\windows\system32\smlogsvc.exe . . . je infikován!!
.
c:\windows\system32\sndrec32.exe . . . je infikován!!
.
c:\windows\system32\sndvol32.exe . . . je infikován!!
.
c:\windows\system32\sol.exe . . . je infikován!!
.
c:\windows\system32\sort.exe . . . je infikován!!
.
c:\windows\system32\spider.exe . . . je infikován!!
.
c:\windows\system32\syncapp.exe . . . je infikován!!
.
c:\windows\system32\syskey.exe . . . je infikován!!
.
c:\windows\system32\sysocmgr.exe . . . je infikován!!
.
c:\windows\system32\taskmgr.exe . . . je infikován!!
.
c:\windows\system32\tcpsvcs.exe . . . je infikován!!
.
c:\windows\system32\telnet.exe . . . je infikován!!
.
c:\windows\system32\tftp.exe . . . je infikován!!
.
c:\windows\system32\tracert6.exe . . . je infikován!!
.
c:\windows\system32\upnpcont.exe . . . je infikován!!
.
c:\windows\system32\usrmlnka.exe . . . je infikován!!
.
c:\windows\system32\usrprbda.exe . . . je infikován!!
.
c:\windows\system32\usrshuta.exe . . . je infikován!!
.
c:\windows\system32\utilman.exe . . . je infikován!!
.
c:\windows\system32\verifier.exe . . . je infikován!!
.
c:\windows\system32\vssadmin.exe . . . je infikován!!
.
c:\windows\system32\vssvc.exe . . . je infikován!!
.
c:\windows\system32\w32tm.exe . . . je infikován!!
.
c:\windows\system32\wextract.exe . . . je infikován!!
.
c:\windows\system32\wiaacmgr.exe . . . je infikován!!
.
c:\windows\system32\winchat.exe . . . je infikován!!
.
c:\windows\system32\winmine.exe . . . je infikován!!
.
c:\windows\system32\winmsd.exe . . . je infikován!!
.
c:\windows\system32\wscntfy.exe . . . je infikován!!
.
c:\windows\system32\wscript.exe . . . je infikován!!
.
c:\windows\system32\wuauclt.exe . . . je infikován!!
.
c:\windows\system32\wuauclt1.exe . . . je infikován!!
.
c:\windows\system32\wupdmgr.exe . . . je infikován!!
.
c:\windows\system32\Com\comrepl.exe . . . je infikován!!
.
c:\windows\system32\npp\nppagent.exe . . . je infikován!!
.
c:\windows\system32\oobe\oobebaln.exe . . . je infikován!!
.
c:\windows\system32\Restore\rstrui.exe . . . je infikován!!
.
c:\windows\system32\Restore\srdiag.exe . . . je infikován!!
.
c:\windows\system32\usmt\migload.exe . . . je infikován!!
.
c:\windows\system32\usmt\migwiz.exe . . . je infikován!!
.
c:\windows\system32\usmt\migwiza.exe . . . je infikován!!
.
c:\windows\system32\wbem\mofcomp.exe . . . je infikován!!
.
c:\windows\system32\wbem\scrcons.exe . . . je infikován!!
.
c:\windows\system32\wbem\unsecapp.exe . . . je infikován!!
.
c:\windows\system32\wbem\wbemtest.exe . . . je infikován!!
.
c:\windows\system32\wbem\winmgmt.exe . . . je infikován!!
.
c:\windows\system32\wbem\wmiadap.exe . . . je infikován!!
.
c:\windows\system32\wbem\wmiapsrv.exe . . . je infikován!!
.
c:\windows\system32\wbem\wmiprvse.exe . . . je infikován!!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_ICQ_SERVICE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-28 do 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 15:56 . 2012-01-31 15:56 4631272 ----a-w- C:\rc.exe
2012-01-30 22:24 . 2012-01-30 22:24 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-26 19:37 . 2012-01-26 19:37 -------- d-----w- C:\rsit
2012-01-26 11:11 . 2012-01-26 12:11 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-26 11:06 . 2012-01-26 15:35 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-01-26 10:48 . 2012-01-26 15:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Adobe
2012-01-25 18:10 . 2012-01-25 18:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-01-25 18:10 . 2012-01-25 18:10 -------- d-----w- c:\documents and settings\LocalService\Plocha
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 17:04 . 2012-01-31 17:04 568 ----a-w- c:\documents and settings\Admin\Local Settings\Data aplikací\wsr21zt32.dll
2012-01-31 16:43 . 2010-10-16 11:04 297472 ----a-w- c:\windows\system32\nvsvc32.exe
2012-01-26 00:22 . 2006-03-02 12:00 1181696 ----a-w- c:\windows\explorer.exe
2012-01-25 22:16 . 2007-04-23 14:42 1114112 ----a-w- c:\windows\UNRecode.exe
2012-01-25 22:16 . 2007-03-20 19:22 1114112 ----a-w- c:\windows\UNNeroBackItUp.exe
2012-01-25 22:16 . 2006-09-28 17:56 293888 ----a-w- c:\windows\system32\WudfHost.exe
2012-01-25 22:16 . 2006-03-02 12:00 179712 ----a-w- c:\windows\system32\wupdmgr.exe
2012-01-25 22:16 . 2010-12-08 06:21 314368 ----a-w- c:\windows\system32\wuauclt1.exe
2012-01-25 22:16 . 2010-12-08 06:21 194560 ----a-w- c:\windows\system32\wuauclt.exe
2012-01-25 22:16 . 2009-10-09 13:56 162304 ----a-w- c:\windows\system32\wsmprovhost.exe
2012-01-25 22:16 . 2009-10-09 13:56 372736 ----a-w- c:\windows\system32\wsmanhttpconfig.exe
2012-01-25 22:16 . 2006-03-02 12:00 303104 ----a-w- c:\windows\system32\wscript.exe
2012-01-25 22:16 . 2006-03-02 12:00 161280 ----a-w- c:\windows\system32\wscntfy.exe
2012-01-25 22:16 . 2006-10-18 19:00 164864 ----a-w- c:\windows\system32\wpdshextautoplay.exe
2012-01-25 22:16 . 2009-10-09 15:16 218624 ----a-w- c:\windows\system32\winrs.exe
2012-01-25 22:16 . 2009-10-09 13:56 169984 ----a-w- c:\windows\system32\winrshost.exe
2012-01-25 22:16 . 2006-03-02 12:00 159232 ----a-w- c:\windows\system32\winmsd.exe
2012-01-25 22:16 . 2010-12-08 06:20 182784 ----a-w- c:\windows\system32\winchat.exe
2012-01-25 22:16 . 2006-10-18 20:58 156160 ----a-w- c:\windows\system32\wdfmgr.exe
2012-01-25 22:16 . 2006-03-02 12:00 212480 ----a-w- c:\windows\system32\wextract.exe
2012-01-25 22:16 . 2010-12-08 06:19 375296 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2012-01-25 22:16 . 2010-12-08 06:19 161280 ----a-w- c:\windows\system32\wbem\winmgmt.exe
2012-01-25 22:16 . 2010-12-08 06:19 344064 ----a-w- c:\windows\system32\wbem\wmiadap.exe
2012-01-25 22:16 . 2010-12-08 06:19 164352 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2012-01-25 22:16 . 2010-12-08 06:19 265216 ----a-w- c:\windows\system32\wbem\wbemtest.exe
2012-01-25 22:16 . 2010-12-08 06:19 183808 ----a-w- c:\windows\system32\wbem\scrcons.exe
2012-01-25 22:16 . 2010-12-08 06:19 164352 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2012-01-25 22:16 . 2006-03-02 12:00 197632 ----a-w- c:\windows\system32\w32tm.exe
2012-01-25 22:16 . 2010-12-08 06:46 176128 ----a-w- c:\windows\system32\verclsid.exe
2012-01-25 22:16 . 2006-03-02 12:00 248320 ----a-w- c:\windows\system32\verifier.exe
2012-01-25 22:16 . 2006-03-02 12:00 181248 ----a-w- c:\windows\system32\vssadmin.exe
2012-01-25 22:15 . 2006-10-18 20:58 156160 ----a-w- c:\windows\system32\uwdf.exe
2012-01-25 22:15 . 2001-10-24 12:25 221184 ----a-w- c:\windows\system32\usrshuta.exe
2012-01-25 22:15 . 2001-10-24 12:25 229376 ----a-w- c:\windows\system32\usrmlnka.exe
2012-01-25 22:15 . 2001-08-18 06:37 212992 ----a-w- c:\windows\system32\usrprbda.exe
2012-01-25 22:15 . 2006-03-02 12:00 173568 ----a-w- c:\windows\system32\userinit.exe
2012-01-25 22:15 . 2006-03-02 12:00 164352 ----a-w- c:\windows\system32\upnpcont.exe
2012-01-25 22:15 . 2010-12-08 06:19 192000 ----a-w- c:\windows\system32\tscupgrd.exe
2012-01-25 22:15 . 2006-03-02 12:00 179712 ----a-w- c:\windows\system32\tracert6.exe
2012-01-25 22:15 . 2006-03-02 12:00 164352 ----a-w- c:\windows\system32\tftp.exe
2012-01-25 22:15 . 2006-03-02 12:00 225792 ----a-w- c:\windows\system32\telnet.exe
2012-01-25 22:15 . 2006-03-02 12:00 166912 ----a-w- c:\windows\system32\tcpsvcs.exe
2012-01-25 22:15 . 2006-03-02 12:00 284672 ----a-w- c:\windows\system32\taskmgr.exe
2012-01-25 22:15 . 2006-03-02 12:00 253952 ----a-w- c:\windows\system32\sysocmgr.exe
2012-01-25 22:15 . 2006-03-02 12:00 184320 ----a-w- c:\windows\system32\syskey.exe
2012-01-25 22:15 . 2006-03-02 12:00 198656 ----a-w- c:\windows\system32\syncapp.exe
2012-01-25 22:15 . 2010-12-08 07:01 405504 ----a-w- c:\windows\system32\stacsv.exe
2012-01-25 22:15 . 2010-12-08 07:35 744960 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-01-25 22:15 . 2006-03-02 12:00 173056 ----a-w- c:\windows\system32\sort.exe
2012-01-25 22:15 . 2010-12-08 06:46 225280 ----a-w- c:\windows\system32\slserv.exe
2012-01-25 22:15 . 2010-12-08 06:46 184320 ----a-w- c:\windows\system32\slrundll.exe
2012-01-25 22:15 . 2006-03-02 12:00 218112 ----a-w- c:\windows\system32\sigverif.exe
2012-01-25 22:15 . 2006-03-02 12:00 225280 ----a-w- c:\windows\system32\shrpubw.exe
2012-01-25 22:15 . 2010-12-08 06:46 180224 ----a-w- c:\windows\system32\setupn.exe
2012-01-25 22:15 . 2006-03-02 12:00 180224 ----a-w- c:\windows\system32\sethc.exe
2012-01-25 22:15 . 2006-03-02 12:00 225280 ----a-w- c:\windows\system32\sdbinst.exe
2012-01-25 22:15 . 2006-03-02 12:00 161792 ----a-w- c:\windows\system32\runonce.exe
2012-01-25 22:15 . 2006-03-02 12:00 224768 ----a-w- c:\windows\system32\rtcshare.exe
2012-01-25 22:15 . 2006-03-02 12:00 196608 ----a-w- c:\windows\system32\rsmui.exe
2012-01-25 22:15 . 2006-03-02 12:00 172032 ----a-w- c:\windows\system32\rsmsink.exe
2012-01-25 22:15 . 2006-03-02 12:00 173056 ----a-w- c:\windows\system32\routemon.exe
2012-01-25 22:15 . 2006-03-02 12:00 162816 ----a-w- c:\windows\system32\rsh.exe
2012-01-25 22:15 . 2006-03-02 12:00 161792 ----a-w- c:\windows\system32\rexec.exe
2012-01-25 22:14 . 2006-03-02 12:00 159744 ----a-w- c:\windows\system32\regsvr32.exe
2012-01-25 22:14 . 2010-12-08 06:19 181248 ----a-w- c:\windows\system32\regini.exe
2012-01-25 22:14 . 2010-12-08 06:19 214528 ----a-w- c:\windows\system32\rdshost.exe
2012-01-25 22:14 . 2010-12-08 06:19 161280 ----a-w- c:\windows\system32\rdsaddin.exe
2012-01-25 22:14 . 2010-12-08 06:19 210432 ----a-w- c:\windows\system32\rdpclip.exe
2012-01-25 22:14 . 2006-03-02 12:00 169984 ----a-w- c:\windows\system32\rcp.exe
2012-01-25 22:14 . 2006-03-02 12:00 204288 ----a-w- c:\windows\system32\rasphone.exe
2012-01-25 22:14 . 2006-03-02 12:00 159232 ----a-w- c:\windows\system32\rasautou.exe
2012-01-25 22:14 . 2006-03-02 12:00 197632 ----a-w- c:\windows\system32\proquota.exe
2012-01-25 22:14 . 2010-03-30 23:10 436736 ----a-w- c:\windows\system32\PresentationHost.exe
2012-01-25 22:14 . 2006-03-02 12:00 196608 ----a-w- c:\windows\system32\powercfg.exe
2012-01-25 22:14 . 2005-10-28 23:26 232448 ----a-w- c:\windows\system32\pintool.exe
2012-01-25 22:14 . 2006-03-02 12:00 181248 ----a-w- c:\windows\system32\ping6.exe
2012-01-25 22:14 . 2006-03-02 12:00 217088 ----a-w- c:\windows\system32\odbcconf.exe
2012-01-25 22:14 . 2010-10-16 11:04 285696 ----a-w- c:\windows\system32\nvcolor.exe
2012-01-25 22:14 . 2006-03-02 12:00 568320 ----a-w- c:\windows\system32\ntvdm.exe
2012-01-25 22:14 . 2006-03-02 12:00 179200 ----a-w- c:\windows\system32\ntsd.exe
2012-01-25 22:14 . 2006-03-02 12:00 226816 ----a-w- c:\windows\system32\nslookup.exe
2012-01-25 22:14 . 2006-03-02 12:00 184832 ----a-w- c:\windows\system32\netstat.exe
2012-01-25 22:14 . 2006-03-02 12:00 479232 ----a-w- c:\windows\system32\netsetup.exe
2012-01-25 22:14 . 2006-03-02 12:00 272384 ----a-w- c:\windows\system32\net1.exe
2012-01-25 22:14 . 2006-03-02 12:00 189952 ----a-w- c:\windows\system32\net.exe
2012-01-25 22:14 . 2010-12-08 06:46 324096 ----a-w- c:\windows\system32\napstat.exe
2012-01-25 22:14 . 2006-03-02 12:00 202240 ----a-w- c:\windows\system32\narrator.exe
2012-01-25 22:14 . 2006-03-02 12:00 168960 ----a-w- c:\windows\system32\nbtstat.exe
2012-01-25 22:14 . 2006-03-02 12:00 193024 ----a-w- c:\windows\system32\mshta.exe
2012-01-25 22:14 . 2010-12-08 06:19 168960 ----a-w- c:\windows\system32\msg.exe
2012-01-25 22:14 . 2010-12-08 06:19 271360 ----a-w- c:\windows\system32\mplay32.exe
2012-01-25 22:14 . 2006-03-02 12:00 169472 ----a-w- c:\windows\system32\mpnotify.exe
2012-01-25 22:14 . 2010-12-08 06:46 181248 ----a-w- c:\windows\system32\mmcperf.exe
2012-01-25 22:14 . 2006-03-02 12:00 199680 ----a-w- c:\windows\system32\migpwd.exe
2012-01-25 22:13 . 2006-03-02 12:00 662528 ----a-w- c:\windows\system32\logonui.exe
2012-01-25 22:13 . 2006-03-02 12:00 248320 ----a-w- c:\windows\system32\logagent.exe
2012-01-25 22:13 . 2006-03-02 12:00 207872 ----a-w- c:\windows\system32\logman.exe
2012-01-25 22:13 . 2006-03-02 12:00 173568 ----a-w- c:\windows\system32\lnkstub.exe
2012-01-25 22:13 . 2006-03-02 12:00 201216 ----a-w- c:\windows\system32\ipv6.exe
2012-01-25 22:13 . 2006-03-02 12:00 192512 ----a-w- c:\windows\system32\ipsec6.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-01-25 . 2CA2164048E2AB948AAF1E6D19738543 . 194560 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2012-01-25 . E6655A4684618925B0FA540E412EA00B . 194560 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[-] 2012-01-25 . 11A4463136D5010DE23E61AE26D81763 . 258560 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2012-01-25 . 91F72C3845933029409FBA56DF120D04 . 194560 . . [7.4.7600.226] . . c:\windows\ERDNT\cache\wuauclt.exe
.
[-] 2012-01-25 . 50C038B736D613DB78A70678E4762AAB . 173568 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2012-01-25 . 26ABD4665D60291E0B60A3EFE153DAD5 . 173568 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2012-01-25 . A3D004D90C41F27E3D6C413BC78CEB46 . 173568 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe
.
[-] 2012-01-26 . 973CF60FB04DF726778E0176AA3DC678 . 1181696 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2012-01-25 . B2DC1074CE733C3775D527E716C79CBC . 1181696 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2012-01-25 . 29F0F8487E7B6DF0674E96057BCA2CA9 . 1181696 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
.
[-] 2012-01-25 . 10306BBA1A4F31D94DCFE485B5670DCA . 295424 . . [5.1.2600.2180] . . c:\windows\_I\SP.XPSP2.CZ\!obnova\regedit.exe
[-] 2012-01-25 . A6341ECF9F1F18F9F18704FBA5C64F82 . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2012-01-25 . 4C3DB450568B3F3463885DB513DE1ACC . 295424 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2012-01-25 . B67B2B5FA91C55801DF634848C714AC6 . 295424 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regedit.exe
.
[-] 2012-01-25 . FE3323134D1E5EBB3168CE02CA00C703 . 161280 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2012-01-25 . 4CCE2B65CDE9FF6900B9E834DECA060C . 161280 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2012-01-25 . 3C0600A8038BA76727A5659857D360EF . 161280 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe
.
[-] 2012-01-25 . 8DA5D16B2E6A78DF5661BBC6280CCD87 . 780288 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[-] 2012-01-25 . 85304807F2DE3F4F23B26F9A75CE5318 . 780288 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
.
[-] 2012-01-25 22:05 . 0F7DC50DB1A93AB785317E4523703D1B . 1053184 . . [1.9.2.24] . . c:\windows\ERDNT\cache\firefox.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_19.12.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-31 17:04 . 2012-01-31 17:04 16384 c:\windows\temp\Perflib_Perfdata_f50.dat
+ 2012-01-31 17:03 . 2012-01-31 17:03 16384 c:\windows\temp\Perflib_Perfdata_c74.dat
- 2006-03-02 12:00 . 2009-08-25 09:19 354816 c:\windows\system32\winhttp.dll
+ 2006-03-02 12:00 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
+ 2006-03-02 12:00 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
+ 2012-01-30 22:08 . 2012-01-30 22:24 641952 c:\windows\system32\Restore\rstrlog.dat
+ 2008-12-16 12:32 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
- 2008-12-16 12:32 . 2009-08-25 09:19 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2009-06-25 08:27 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2012-01-30 22:08 . 2012-01-30 22:08 319488 c:\windows\system32\config\systemprofile\ntuser.dat
- 2012-01-12 02:00 . 2012-01-25 21:58 897024 c:\windows\$hf_mig$\KB2584146\update\update.exe
- 2012-01-12 02:00 . 2012-01-25 21:58 371712 c:\windows\$hf_mig$\KB2584146\spuninst.exe
- 2011-11-20 06:11 . 2012-01-25 21:58 207872 c:\windows\$hf_mig$\KB2584146\SP3QFE\packager.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Umax VistaAccess.lnk - c:\vstascan\VsAccess.exe [2010-12-10 266240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Pernisovci\\Martin\\Programy\\uTorrent.exe"=
"c:\\GAMES\\Bohemia Interactive\\arma2.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\games\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 15:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 3:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 3:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9.11.2010 22:20 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26.1.2012 12:11 242240]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.8.2010 20:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.8.2010 20:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.8.2010 20:42 27216]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 11:58 11336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-01-25 21:46 593920 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\bziknjzj.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: .: {ec9032c7-c20a-464f-7b0e-13a3a9e97385} - %profile%\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-31 18:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3948)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\msiexec.exe
c:\program files\Nero\Nero 7\Nero BackItUp\NBService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\sessmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2012-01-31 18:10:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-31 17:10
ComboFix2.txt 2012-01-26 19:14
.
Před spuštěním: Volných bajtů: 417 795 895 296
Po spuštění: Volných bajtů: 417 974 542 336
.
- - End Of File - - F481DB2E9F45D2D2B3FCA18F09FF98DA

#13 Příspěvek od **vyosek** » 31 led 2012 18:18

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

c:\windows\system32\userinit.exe
c:\windows\regedit.exe
c:\windows\system32\ahui.exe
c:\windows\system32\taskmgr.exe
Kliknete na Choose file
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Scan It
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

La Défense · #14 Příspěvek od **La Défense** » 31 led 2012 18:52

c:\windows\system32\userinit.exe
https://www.virustotal.com/file/bb76fa1 ... 328031650/

c:\windows\regedit.exe
https://www.virustotal.com/file/1a59db1 ... 328031868/

c:\windows\system32\ahui.exe
https://www.virustotal.com/file/dfd63aa ... 328032015/

c:\windows\system32\taskmgr.exe
https://www.virustotal.com/file/3336b2a ... 328032168/

#15 Příspěvek od **vyosek** » 31 led 2012 19:17

Hodne systemovych souboru je napadeno, tohle nevim jestli prezije leceni

VIRY.CZ

Nefunkční Windows SpaceCard, padající IE, VLC,...

Nefunkční Windows SpaceCard, padající IE, VLC,...

Re: Nefunkční Windows SpaceCard, padající IE, VLC,...

Re: Nefunkční Windows SpaceCard, padající IE, VLC,...

Re: Nefunkční Windows SpaceCard, padající IE, VLC,...

Re: Nefunkční Windows SpaceCard, padající IE, VLC,...

Re: Nefunkční Windows SpaceCard, padající IE, VLC,...

Re: Nefunkční Windows SpaceCard, padající IE, VLC,...

Re: Nefunkční Windows SpaceCard, padající IE, VLC,...

Re: Nefunkční Windows SpaceCard, padající IE, VLC,...

Re: Nefunkční Windows SpaceCard, padající IE, VLC,...

Re: Nefunkční Windows SpaceCard, padající IE, VLC,...

Re: Nefunkční Windows SpaceCard, padající IE, VLC,...

Re: Nefunkční Windows SpaceCard, padající IE, VLC,...

Re: Nefunkční Windows SpaceCard, padající IE, VLC,...

Re: Nefunkční Windows SpaceCard, padající IE, VLC,...