prosim o kontrolu logu

[numero]

ComboFix 08-12-11.01 - Kuba 2008-12-11 20:58:18.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3011 [GMT 1:00]
Running from: c:\documents and settings\Kuba\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\str.sys . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"g:\\Codemasters\\DiRT\\DiRT.exe"=
"g:\\Empire Interactive\\FlatOut2\\flatout2.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"g:\\Call of Duty\\CoDMP.exe"=
"g:\\Call of Duty 2\\Call of Duty\\CoDMP.exe"=
"g:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"g:\\Valve\\hl.exe"=
"g:\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"g:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"g:\\EA Sports\\FIFA 08\\FIFA08.exe"=
"g:\\Program Files (x86)\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"e:\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"e:\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"e:\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"e:\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"f:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"g:\\cod\\Call of Duty NeW\\CoDMP.exe"=
"g:\\Call of Dutyuo\\CoDUOMP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"g:\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"g:\\Grid\\GRID.exe"=
"e:\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12276:TCP"= 12276:TCP:BitComet 12276 TCP
"12276:UDP"= 12276:UDP:BitComet 12276 UDP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 20:59:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.exe
c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
c:\progra~1\SPYWAR~1\SpywareTerminatorShield.Exe
c:\program files\Java\jre1.6.0_07\bin\jusched.exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
c:\program files\Free Desktop Clock\DesktopClock.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Completion time: 2008-12-11 21:01:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-11 20:01:01

Pre-Run: Volných bajtů: 84 312 301 568
Post-Run: Volných bajtů: 84,301,758,464

113 --- E O F --- 2008-12-11 18:34:33

jinak zkousel jsem ten soubor hledat i na te ceste ale nenasel jsem

[Reklama]

[numero]

ComboFix 08-12-11.01 - Kuba 2008-12-11 20:58:18.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3011 [GMT 1:00]
Running from: c:\documents and settings\Kuba\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\str.sys . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"g:\\Codemasters\\DiRT\\DiRT.exe"=
"g:\\Empire Interactive\\FlatOut2\\flatout2.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"g:\\Call of Duty\\CoDMP.exe"=
"g:\\Call of Duty 2\\Call of Duty\\CoDMP.exe"=
"g:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"g:\\Valve\\hl.exe"=
"g:\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"g:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"g:\\EA Sports\\FIFA 08\\FIFA08.exe"=
"g:\\Program Files (x86)\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"e:\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"e:\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"e:\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"e:\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"f:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"g:\\cod\\Call of Duty NeW\\CoDMP.exe"=
"g:\\Call of Dutyuo\\CoDUOMP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"g:\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"g:\\Grid\\GRID.exe"=
"e:\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12276:TCP"= 12276:TCP:BitComet 12276 TCP
"12276:UDP"= 12276:UDP:BitComet 12276 UDP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 20:59:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.exe
c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
c:\progra~1\SPYWAR~1\SpywareTerminatorShield.Exe
c:\program files\Java\jre1.6.0_07\bin\jusched.exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
c:\program files\Free Desktop Clock\DesktopClock.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Completion time: 2008-12-11 21:01:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-11 20:01:01

Pre-Run: Volných bajtů: 84 312 301 568
Post-Run: Volných bajtů: 84,301,758,464

113 --- E O F --- 2008-12-11 18:34:33

[jaro3]

To je špatný..
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Najdi a smaž:
'C:\ComboFix
C:\qoobox

Stáhni nový Combofix a dej na plochu.
Přejmenuj ComboFix.exe na abcd.exe , rozjeď ho a potom sem dej nový log. Můžeš raději rozjet v nouzovém režimu

[numero]

no kdyz zadam ten prikaz do spustit tak mi spyware teminator zacne zakazovat procesy a knihovny mam ho vypnout nebo neco neni dobre?

[jaro3]

Vypni rez . štít u ST....
Zase to není ono, ten Combofix odinstaluj.
Při ukládání CF už zvol jméno abcd.exe. Dej si ho na plochu zkus rozjet.

Stahni si Avanger
do něj podle navodu:
zadej prikaz z kodu:

Kód: Vybrat vše

Files to delete:
c:\windows\system32\drivers\str.sys

Drivers to delete:
str

po restartu novy log z avengeru , stejne tak si zopakuj Combofix,

[numero]

ComboFix 08-12-12.02 - Kuba 2008-12-13 8:40:06.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3582.3136 [GMT 1:00]
Running from: c:\documents and settings\Kuba\Plocha\abcd.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\str.sys . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"g:\\Codemasters\\DiRT\\DiRT.exe"=
"g:\\Empire Interactive\\FlatOut2\\flatout2.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"g:\\Call of Duty\\CoDMP.exe"=
"g:\\Call of Duty 2\\Call of Duty\\CoDMP.exe"=
"g:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"g:\\Valve\\hl.exe"=
"g:\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"g:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"g:\\EA Sports\\FIFA 08\\FIFA08.exe"=
"g:\\Program Files (x86)\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"e:\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"e:\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"e:\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"e:\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"f:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"g:\\cod\\Call of Duty NeW\\CoDMP.exe"=
"g:\\Call of Dutyuo\\CoDUOMP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"g:\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"g:\\Grid\\GRID.exe"=
"e:\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12276:TCP"= 12276:TCP:BitComet 12276 TCP
"12276:UDP"= 12276:UDP:BitComet 12276 UDP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 08:42:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.exe
c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
c:\progra~1\SPYWAR~1\SpywareTerminatorShield.Exe
c:\program files\Java\jre1.6.0_07\bin\jusched.exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
c:\program files\Free Desktop Clock\DesktopClock.exe
.
**************************************************************************
.
Completion time: 2008-12-13 8:43:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-13 07:43:52
ComboFix2.txt 2008-12-11 20:01:04

Pre-Run: Volných bajtů: 84 903 727 104
Post-Run: Volných bajtů: 84,893,978,624

112 --- E O F --- 2008-12-11 18:34:33

[numero]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\drivers\str.sys" deleted successfully.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\str" not found!
Deletion of driver "str" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

a po restartu to hodilo chybu s uzivatelskym uctem novy restart uz byl ok

[jaro3]

jj, problém je , že CF nezobrazuje žádné soubory, zkusím požádat o radu, pak budeme moci pokračovat.

//Edit:
zkus toto:
Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah

[numero]

Logfile of random's system information tool 1.04 (written by random/random)
Run by Kuba at 2008-12-15 14:54:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 81 GB (62%) free of 131 GB
Total RAM: 3582 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55, on 15. 12. 2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ICQ6\ICQ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kuba\Local Settings\Temporary Internet Files\Content.IE5\JR0R6UXF\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Kuba.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 1680137451
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1680166748
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: VisNetic Firewall (DeerfieldFirewall) - 8Signs Ltd. - C:\Program Files\Deerfield.com\VisNetic Firewall\DFW.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - E:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Billion NetWatcher (netWatcher) - Unknown owner - C:\Program Files\ProfInfoTech\Billion NetWatcher\svcWatch.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9033 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll [2008-01-25 496952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2007-11-06 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2007-11-06 81920]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-03 16841216]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2005-12-14 176128]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2008-09-18 1783808]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-05-16 213936]
"EasyTuneV"=C:\Program Files\Gigabyte\ET5\ETcall.exe [2007-08-14 20480]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-10-28 413696]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2008-11-03 2540800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SkinClock"=C:\Program Files\Free Desktop Clock\DesktopClock.exe [2006-10-01 334848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winci16.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjp52.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjp74.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlr85.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winua63.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winci16.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjp52.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjp74.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winlr85.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winua63.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"G:\Codemasters\DiRT\DiRT.exe"="G:\Codemasters\DiRT\DiRT.exe:*:Enabled:DiRT Executable"
"G:\Empire Interactive\FlatOut2\flatout2.exe"="G:\Empire Interactive\FlatOut2\flatout2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"G:\Call of Duty\CoDMP.exe"="G:\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"G:\Call of Duty 2\Call of Duty\CoDMP.exe"="G:\Call of Duty 2\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"G:\Activision\Call of Duty 2\CoD2MP_s.exe"="G:\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"G:\Valve\hl.exe"="G:\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"G:\Codemasters\The Lord of the Rings Online\lotroclient.exe"="G:\Codemasters\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"G:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="G:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Teamspeak2_RC2\server_windows.exe"="C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"G:\EA Sports\FIFA 08\FIFA08.exe"="G:\EA Sports\FIFA 08\FIFA08.exe:*:Enabled:FIFA08"
"G:\Program Files (x86)\Call of Duty\CoDMP.exe"="G:\Program Files (x86)\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\Pinnacle\VideoSpin\Programs\RM.exe"="E:\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"E:\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"="E:\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"E:\Pinnacle\VideoSpin\Programs\umi.exe"="E:\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"E:\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="E:\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"F:\TmNationsForever\TmForever.exe"="F:\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"G:\cod\Call of Duty NeW\CoDMP.exe"="G:\cod\Call of Duty NeW\CoDMP.exe:*:Enabled:CoDMP"
"G:\Call of Dutyuo\CoDUOMP.exe"="G:\Call of Dutyuo\CoDUOMP.exe:*:Enabled:CoDUOMP"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"G:\Activision\Call of Duty - World at War\CoDWaW.exe"="G:\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"G:\Activision\Call of Duty - World at War\CoDWaWmp.exe"="G:\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"G:\Grid\GRID.exe"="G:\Grid\GRID.exe:*:Enabled:GRID Executable"
"E:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="E:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"E:\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="E:\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\Empire Interactive\FlatOut2\flatout2.exe"="G:\Empire Interactive\FlatOut2\flatout2.exe:*:Enabled:FlatOut2"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\Autorun.exe


======List of files/folders created in the last 1 months======

2008-12-15 14:54:59 ----D---- C:\rsit
2008-12-13 08:48:10 ----D---- C:\Avenger
2008-12-13 08:48:10 ----A---- C:\avenger.txt
2008-12-13 08:43:55 ----A---- C:\ComboFix.txt
2008-12-13 08:39:42 ----A---- C:\WINDOWS\zip.exe
2008-12-13 08:39:42 ----A---- C:\WINDOWS\VFIND.exe
2008-12-13 08:39:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-13 08:39:42 ----A---- C:\WINDOWS\SWSC.exe
2008-12-13 08:39:42 ----A---- C:\WINDOWS\SWREG.exe
2008-12-13 08:39:42 ----A---- C:\WINDOWS\sed.exe
2008-12-13 08:39:42 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-13 08:39:42 ----A---- C:\WINDOWS\grep.exe
2008-12-13 08:39:42 ----A---- C:\WINDOWS\fdsv.exe
2008-12-13 08:39:40 ----D---- C:\Qoobox
2008-12-13 08:39:40 ----D---- C:\abcd
2008-12-13 08:37:42 ----A---- C:\WINDOWS\system32\CF15954.exe
2008-12-13 08:36:06 ----A---- C:\WINDOWS\system32\CF15640.exe
2008-12-12 21:16:05 ----A---- C:\WINDOWS\system32\CF13474.exe
2008-12-11 20:57:58 ----D---- C:\WINDOWS\ERDNT
2008-12-11 14:44:45 ----D---- C:\WINDOWS\ERUNT
2008-12-11 14:43:34 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-11 14:24:52 ----D---- C:\Program Files\Trend Micro
2008-12-11 14:05:27 ----D---- C:\Documents and Settings\Kuba\Data aplikací\Malwarebytes
2008-12-11 14:05:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2008-12-11 14:05:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-11 13:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 13:11:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 13:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 13:10:54 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 13:10:50 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-11 13:10:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 13:07:36 ----SHD---- C:\Config.Msi
2008-12-04 21:26:06 ----D---- C:\WINDOWS\system32\oodag
2008-12-04 20:13:35 ----D---- C:\Program Files\OO Software
2008-12-04 20:11:15 ----A---- C:\WINDOWS\oodcnt.INI
2008-12-04 15:36:50 ----D---- C:\Program Files\Rockstar Games
2008-12-04 15:33:45 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2008-12-02 15:30:45 ----D---- C:\Program Files\Common Files\Futuremark Shared
2008-12-01 14:35:54 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-22 17:36:45 ----RHD---- C:\Documents and Settings\Kuba\Data aplikací\SecuROM
2008-11-22 17:36:25 ----D---- C:\Documents and Settings\Kuba\Data aplikací\Leadertech
2008-11-16 19:19:47 ----RA---- C:\WINDOWS\system32\tmp1E.tmp
2008-11-16 19:19:47 ----RA---- C:\WINDOWS\system32\tmp1D.tmp

======List of files/folders modified in the last 1 months======

2008-12-15 14:54:13 ----D---- C:\WINDOWS\Temp
2008-12-14 19:14:06 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 19:14:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-13 08:48:10 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 08:48:10 ----D---- C:\WINDOWS\system32
2008-12-13 08:43:56 ----D---- C:\WINDOWS
2008-12-13 08:42:55 ----A---- C:\WINDOWS\system.ini
2008-12-13 08:40:21 ----D---- C:\WINDOWS\AppPatch
2008-12-13 08:40:21 ----D---- C:\Program Files\Common Files
2008-12-13 08:39:41 ----SHD---- C:\System Volume Information
2008-12-13 08:39:41 ----D---- C:\WINDOWS\system32\Restore
2008-12-13 08:39:30 ----A---- C:\WINDOWS\wincmd.ini
2008-12-11 21:36:11 ----D---- C:\Documents and Settings\Kuba\Data aplikací\Spyware Terminator
2008-12-11 21:01:05 ----D---- C:\WINDOWS\Prefetch
2008-12-11 19:55:54 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-12-11 19:53:53 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-12-11 15:13:36 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-11 15:13:32 ----RSD---- C:\WINDOWS\assembly
2008-12-11 14:45:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-11 14:24:52 ----RD---- C:\Program Files
2008-12-11 14:18:51 ----D---- C:\Documents and Settings\Kuba\Data aplikací\Skype
2008-12-11 14:18:09 ----D---- C:\Documents and Settings\Kuba\Data aplikací\skypePM
2008-12-11 13:57:24 ----D---- C:\Program Files\Spyware Terminator
2008-12-11 13:52:50 ----A---- C:\WINDOWS\wcx_ftp.ini
2008-12-11 13:25:28 ----D---- C:\Downloads
2008-12-11 13:17:12 ----D---- C:\Program Files\Internet Explorer
2008-12-11 13:11:34 ----D---- C:\WINDOWS\Debug
2008-12-11 13:11:29 ----HD---- C:\WINDOWS\inf
2008-12-11 13:11:19 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-11 13:11:08 ----D---- C:\WINDOWS\ie7updates
2008-12-11 13:11:07 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-11 13:10:45 ----SHD---- C:\WINDOWS\Installer
2008-12-11 13:10:01 ----D---- C:\WINDOWS\system32\en-us
2008-12-11 13:09:59 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-11 13:08:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-11 13:08:23 ----D---- C:\WINDOWS\WinSxS
2008-12-11 13:06:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-07 11:18:39 ----D---- C:\Program Files\Teamspeak2_RC2
2008-12-04 15:39:44 ----D---- C:\WINDOWS\system32\DirectX
2008-12-04 15:36:49 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-04 15:33:46 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2008-12-02 15:30:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-01 14:35:55 ----D---- C:\WINDOWS\Help
2008-11-26 18:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-20 19:49:06 ----D---- C:\Program Files\Adobe
2008-11-20 19:48:01 ----D---- C:\Documents and Settings\Kuba\Data aplikací\Adobe
2008-11-16 19:43:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Codemasters
2008-11-16 19:19:47 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2008-11-16 19:19:47 ----A---- C:\WINDOWS\system32\OpenAL32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AMBRAPP;AMBRAPP; C:\WINDOWS\system32\drivers\AMBRAPP.sys [2007-10-26 87168]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2005-12-08 7168]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2005-12-08 13312]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-11-13 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-05 4611072]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-11-06 7429088]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 ahy4sexk;ahy4sexk; C:\WINDOWS\system32\drivers\ahy4sexk.sys []
S3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys []
S3 billnet;Billion NetWatcher Service; C:\WINDOWS\system32\DRIVERS\billnet.sys [2006-08-08 13312]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Kuba\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MarkFun_NT;MarkFun_NT; \??\C:\Program Files\Gigabyte\ET5\markfun.w32 []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2007-11-06 155716]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-11-03 1332480]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-11 66872]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-09-18 570880]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S2 netWatcher;Billion NetWatcher; C:\Program Files\ProfInfoTech\Billion NetWatcher\svcWatch.exe []
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc); C:\WINDOWS\system32\pr2ah4nc.exe [2007-05-18 407152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DeerfieldFirewall;VisNetic Firewall; C:\Program Files\Deerfield.com\VisNetic Firewall\DFW.exe [2007-10-26 1429504]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-01 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NBService;NBService; E:\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-30 306432]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

[jaro3]

Použij znovu Avenger
script:

Kód: Vybrat vše

Files to delete:
C:\WINDOWS\sed.exe
C:\WINDOWS\NIRCMD.exe
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\tmp1E.tmp
C:\WINDOWS\system32\tmp1D.tmp

Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winci16.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjp52.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjp74.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlr85.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winua63.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winci16.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjp52.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjp74.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winlr85.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winua63.sys


po restartu novy log z avengeru, stejne tak si zopakuj Combofix.

Toto otestuj na Virustotal
C:\WINDOWS\SWREG.exe
C:\WINDOWS\system32\CF15954.exe
C:\WINDOWS\system32\CF15640.exe
C:\WINDOWS\system32\CF13474.exe
C:\WINDOWS\system32\drivers\ahy4sexk.sys
Vlož sem pak výsledky.

[numero]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\sed.exe" deleted successfully.
File "C:\WINDOWS\NIRCMD.exe" deleted successfully.
File "C:\WINDOWS\imsins.BAK" deleted successfully.
File "C:\WINDOWS\system32\tmp1E.tmp" deleted successfully.
File "C:\WINDOWS\system32\tmp1D.tmp" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winci16.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjp52.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjp74.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlr85.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winua63.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winci16.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjp52.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjp74.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winlr85.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winua63.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[jaro3]

Nyní dej na VirusTotal toto:
C:\WINDOWS\$NtServicePackUninstall$\user32.dll
C:\WINDOWS\ServicePackFiles\i386\user32.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\dllcache\user32.dll
C:\WINDOWS\system32\drivers\ahy4sexk.sys
Vlož sem pak výsledky, ostatní , co jsem psal výše , nemusíš.