Log - prosím o kontrolu Vyřešeno

[Teedok]

log si nechávám kontrolovat z tohoto důvodu: http://www.pc-help.cz/viewtopic.php?f=39&t=38507
díky


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:45, on 20.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Verdiem\Edison\edsvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\razac.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Documents and Settings\user\Plocha\Martin\Ostatní\cryptload\CryptLoad.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ABExpress] C:\Documents and Settings\All Users\Data aplikací\AB Studio\ABExpress.exe -i
O4 - HKLM\..\Run: [Edison] "C:\Program Files\Verdiem\Edison\Edison.exe" /autolaunched
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [razac] "C:\Program Files\razac.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - CryptLoad.exe (2).lnk = ?
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Data aplikací\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2616334468
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27240541-D5C4-476E-94D8-8F4AC35D8224}: NameServer = 85.255.116.68,85.255.112.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCD635AA-DAA2-4436-BE9F-29DD2E5F1A69}: NameServer = 85.255.116.68,85.255.112.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{F86AACD0-03D3-4679-870B-1B01945CA833}: NameServer = 85.255.116.68,85.255.112.100
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Edison Power Management Service (edsvc) - Verdiem - C:\Program Files\Verdiem\Edison\edsvc.exe
O23 - Service: Eset Remote Administrator Server (ERA_SERVER) - Eset - C:\Program Files\Eset\Eset Remote Administrator\Server\era.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Unknown owner - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe (file missing)
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 11702 bytes

[Reklama]

[jaro3]

Zase to máš zavirovaný, nedávno jsi tu byl..
Odinstaluj:
Dealio
WEATHE~1

Ještě tam máš zbytek po ESETU..
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Toto otestuj na Virustotal
C:\Program Files\razac.exe
Vlož sem pak odkaz výsledku.

[Teedok]

Omlovám se za nečinnost..

Dealio se mi podařilo odinstalovat i odstranit ale to druhé jsem ali nenašel

soubor z virustotalu: http://www.virustotal.com/cs/analisis/f53755ead24c7b27ecc82d335a4b45f6

Log MBAM:

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1749
Windows 5.1.2600 Service Pack 3

21.3.2009 17:50:25
mbam-log-2009-03-21 (17-50-20).txt

Typ skenu: Rychlý sken
Objektu skenováno: 76067
Uplynulý cas: 7 minute(s), 26 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 3
Infikované hodnoty registru: 0
Infikované položky dat registru: 13
Infikované složky: 0
Infikované soubory: 8

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\coolplay (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27240541-d5c4-476e-94d8-8f4ac35d8224}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bcd635aa-daa2-4436-be9f-29dd2e5f1a69}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f86aacd0-03d3-4679-870b-1b01945ca833}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27240541-d5c4-476e-94d8-8f4ac35d8224}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{bcd635aa-daa2-4436-be9f-29dd2e5f1a69}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f86aacd0-03d3-4679-870b-1b01945ca833}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{27240541-d5c4-476e-94d8-8f4ac35d8224}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{bcd635aa-daa2-4436-be9f-29dd2e5f1a69}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{f86aacd0-03d3-4679-870b-1b01945ca833}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\gaopdxtlrdwtaq.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\gaopdxbaautlue.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\gaopdxjuoenpmx.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\gaopdxqewtjlam.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\gaopdxyfktpxnx.sys (Trojan.Agent) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u AVG+štít u ST+Kerio.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Teedok]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Jen pro kontrolo myslel jsi HJT???

[jaro3]

Psal jsem toto:
Můžeš sem pak vložit log z MbAM.

ten Ti vyběhne po výmazu.
Ještě otázka , ten keylogger ( soubor na VT) ten si tam asi schválně neměl , že?

[Teedok]

Promiň myslel jsem že to že sem mám dát log z MbaM je napsáno výše a ty jsi se pouze spletl a v té další větě jsi napsal MbaM a ne HJT...omlouvám se

Poznatky: PC mi běhá o trochu rychleji a C již jde spustit bez problémů

Ještě bych se chtěl zeptat jakou sestavu antivirů a firewall by jsi mi doporučil???

Log z MbaM:

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1749
Windows 5.1.2600 Service Pack 3

21.3.2009 20:43:54
mbam-log-2009-03-21 (20-43-54).txt

Typ skenu: Úplný sken (C:\|)
Objektu skenováno: 246677
Uplynulý cas: 1 hour(s), 27 minute(s), 40 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 3
Infikované hodnoty registru: 0
Infikované položky dat registru: 13
Infikované složky: 0
Infikované soubory: 8

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coolplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27240541-d5c4-476e-94d8-8f4ac35d8224}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bcd635aa-daa2-4436-be9f-29dd2e5f1a69}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f86aacd0-03d3-4679-870b-1b01945ca833}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27240541-d5c4-476e-94d8-8f4ac35d8224}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{bcd635aa-daa2-4436-be9f-29dd2e5f1a69}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f86aacd0-03d3-4679-870b-1b01945ca833}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{27240541-d5c4-476e-94d8-8f4ac35d8224}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{bcd635aa-daa2-4436-be9f-29dd2e5f1a69}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{f86aacd0-03d3-4679-870b-1b01945ca833}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.68,85.255.112.100 -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\gaopdxtlrdwtaq.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxbaautlue.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxjuoenpmx.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxqewtjlam.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxyfktpxnx.sys (Trojan.Agent) -> Quarantined and deleted successfully.


log z ComboFixu:

ComboFix 09-03-19.02 - user 2009-03-22 7:14:41.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1023.610 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Plocha\Martin\ComboFix.exe
AV: AVG *On-access scanning disabled* (Outdated)
AV: Rising Antivirus *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\windows\system32\drivers\gaopdxyfktpxnx.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxtlrdwtaq.dll
c:\windows\system32\Plugins
c:\windows\system32\Plugins\ml\ml_pmp_device_NOKIA.ini

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Soubory vytvořené od 2009-02-22 do 2009-03-22 )))))))))))))))))))))))))))))))
.

2009-03-21 20:46 . 2009-03-21 21:31 <DIR> d-------- c:\program files\DVDx
2009-03-21 17:23 . 2009-03-21 17:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-21 17:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-21 17:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-20 23:17 . 2009-03-20 23:17 <DIR> d-------- c:\program files\Trend Micro
2009-03-20 23:15 . 2009-03-20 23:15 <DIR> d-------- c:\documents and settings\user\Data aplikací\DVD2AVI Ripper
2009-03-20 23:03 . 2009-03-20 23:07 <DIR> d-------- C:\movie
2009-03-20 23:02 . 2009-03-20 23:02 <DIR> d-------- c:\documents and settings\user\Data aplikací\dvdcss
2009-03-20 22:59 . 2009-03-20 23:04 67 --a------ c:\windows\#1 DVD Ripper.INI
2009-03-20 22:49 . 2009-03-21 20:51 <DIR> d-------- c:\program files\Gabest
2009-03-20 14:55 . 2009-03-20 16:05 <DIR> d-------- c:\program files\SpeedFan
2009-03-20 14:55 . 2009-03-20 14:55 45 --a------ c:\windows\system32\initdebug.nfo
2009-03-19 16:06 . 2009-03-19 16:06 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-18 21:57 . 2009-03-18 22:02 <DIR> d-------- c:\program files\NewtonDictate
2009-03-17 22:14 . 2009-03-19 21:46 127 ---h----- c:\windows\system32\msnasec.dIl
2009-03-17 22:14 . 2009-03-19 21:46 22 --a------ c:\windows\MathMagic Personal 3.64.INI
2009-03-17 22:08 . 2009-03-17 22:08 <DIR> d-------- c:\program files\MathMagic
2009-03-16 15:25 . 2009-03-16 15:25 <DIR> d-------- c:\documents and settings\user\Data aplikací\VitySoft
2009-03-13 15:12 . 2009-03-13 15:12 <DIR> d-------- c:\program files\Audacity
2009-03-12 20:56 . 2009-03-12 20:56 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2009-03-12 20:53 . 2009-03-12 20:57 <DIR> d-------- c:\program files\ICQ6.5
2009-03-11 20:14 . 2009-03-11 20:22 <DIR> d-------- c:\program files\Solid Edge V20
2009-03-07 20:33 . 2009-03-07 20:33 <DIR> d-------- c:\documents and settings\user\Data aplikací\CadSoft
2009-03-04 18:04 . 2009-03-04 18:04 <DIR> d-------- c:\windows\system32\QuickTime
2009-03-04 18:04 . 2009-03-04 18:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\TechSmith
2009-03-04 18:04 . 2007-03-19 08:30 102,400 --a------ c:\windows\system32\tsccvid.dll
2009-03-04 18:03 . 2009-03-04 18:03 <DIR> d-------- c:\program files\TechSmith
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\windows\system32\js
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\windows\system32\images
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\windows\system32\html
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\windows\system32\css
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\program files\Business Objects
2009-03-03 07:10 . 2009-03-03 07:10 <DIR> d-------- c:\program files\Microsoft Device Emulator
2009-03-03 07:09 . 2009-03-03 07:10 <DIR> d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-03-03 07:01 . 2009-03-03 07:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PreEmptive Solutions
2009-03-03 06:59 . 2009-03-03 06:59 <DIR> d-------- c:\documents and settings\user\Data aplikací\Media Player Classic
2009-03-03 06:57 . 2009-03-03 06:57 <DIR> d-------- c:\windows\symbols
2009-03-03 06:55 . 2009-03-03 06:58 <DIR> d-------- c:\program files\HTML Help Workshop
2009-03-03 06:55 . 2009-03-08 22:08 <DIR> d-------- c:\program files\Common Files\Merge Modules
2009-03-03 06:55 . 2009-03-03 06:55 <DIR> d-------- c:\program files\CE Remote Tools
2009-03-03 06:52 . 2009-03-03 06:53 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2009-03-02 18:10 . 2009-03-21 20:32 <DIR> d-------- c:\program files\IrfanView
2009-03-01 21:04 . 2009-03-01 21:04 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-01 16:21 . 2009-03-14 08:06 <DIR> d-------- c:\program files\WinClamAVShield
2009-03-01 16:12 . 2009-03-10 16:30 <DIR> d-------- c:\program files\Spyware Terminator
2009-03-01 16:12 . 2009-03-01 16:12 <DIR> d-------- c:\program files\Crawler
2009-03-01 16:12 . 2009-03-21 19:48 <DIR> d-------- c:\documents and settings\user\Data aplikací\Spyware Terminator
2009-03-01 16:12 . 2009-03-14 08:06 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2009-03-01 16:12 . 2009-03-01 16:12 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-28 07:40 . 2009-03-09 18:08 138 --a------ c:\windows\LAYOUT30.INI
2009-02-28 07:39 . 2009-02-28 07:39 89 --a------ c:\windows\SPR3015.DAT
2009-02-28 07:38 . 2009-02-28 07:38 <DIR> d-------- C:\PROGRAMS
2009-02-23 22:38 . 2009-02-23 23:10 <DIR> d-------- c:\program files\MediaInfo
2009-02-23 22:31 . 2009-02-23 22:31 807 --a------ C:\HIMYM.gif
2009-02-23 20:30 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-02-23 20:30 . 2009-02-23 20:30 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-23 20:30 . 2009-02-23 20:30 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-02-23 14:14 . 2009-02-23 14:14 1,107,296 --a------ c:\windows\system32\WdfCoInstaller01007.dll
2009-02-23 14:14 . 2009-02-23 14:14 24,616 --a------ c:\windows\system32\drivers\ggsemc.sys
2009-02-23 14:14 . 2009-02-23 14:14 13,224 --a------ c:\windows\system32\drivers\ggflt.sys
2009-02-23 13:40 . 2009-02-23 13:40 <DIR> d-------- c:\program files\Avanquest update
2009-02-23 13:40 . 2009-02-23 13:40 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\BVRP Software
2009-02-23 13:40 . 2008-05-16 11:33 120,744 --a------ c:\windows\system32\drivers\s0016mdm.sys
2009-02-23 13:40 . 2008-05-16 11:33 115,752 --a------ c:\windows\system32\drivers\s0016unic.sys
2009-02-23 13:40 . 2008-05-16 11:33 114,216 --a------ c:\windows\system32\drivers\s0016mgmt.sys
2009-02-23 13:40 . 2008-05-16 11:33 110,632 --a------ c:\windows\system32\drivers\s0016obex.sys
2009-02-23 13:40 . 2008-05-16 11:33 89,256 --a------ c:\windows\system32\drivers\s0016bus.sys
2009-02-23 13:40 . 2008-05-16 11:33 25,512 --a------ c:\windows\system32\drivers\s0016nd5.sys
2009-02-23 13:40 . 2008-05-16 11:33 15,016 --a------ c:\windows\system32\drivers\s0016mdfl.sys
2009-02-23 13:40 . 2008-05-16 11:33 12,200 --a------ c:\windows\system32\drivers\s0016whnt.sys
2009-02-23 13:40 . 2008-05-16 11:33 12,200 --a------ c:\windows\system32\drivers\s0016wh.sys
2009-02-23 13:40 . 2008-05-16 11:33 12,200 --a------ c:\windows\system32\drivers\s0016cmnt.sys
2009-02-23 13:40 . 2008-05-16 11:33 12,200 --a------ c:\windows\system32\drivers\s0016cm.sys
2009-02-23 13:40 . 2008-05-16 11:33 10,792 --a------ c:\windows\system32\drivers\s0016cr.sys
2009-02-23 13:39 . 2009-02-23 22:03 <DIR> d-------- c:\program files\Sony Ericsson
2009-02-23 13:39 . 2009-02-23 13:39 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sony Ericsson
2009-02-22 21:59 . 2009-02-22 21:59 <DIR> d-------- c:\program files\Foxit Software
2009-02-22 15:45 . 2009-02-22 15:45 <DIR> d-------- c:\documents and settings\user\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-22 13:15 . 2009-02-22 13:15 <DIR> d-------- c:\documents and settings\user\Data aplikací\Nikon
2009-02-22 13:11 . 2009-02-22 13:11 <DIR> d-------- c:\program files\Common Files\Nikon
2009-02-22 13:11 . 2009-02-22 13:11 <DIR> d-------- c:\program files\Common Files\muvee Technologies
2009-02-22 13:11 . 2009-02-22 13:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nikon
2009-02-22 13:10 . 2009-02-22 13:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Ultima_T15
2009-02-22 13:10 . 2009-02-22 13:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Plug-Ins
2009-02-22 13:10 . 2009-02-22 13:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\EnterNHelp
2009-02-22 13:10 . 2009-02-22 13:15 20 ---h----- c:\documents and settings\All Users\Data aplikací\PKP_DLdu.DAT
2009-02-22 12:41 . 2008-04-14 05:21 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-02-22 12:41 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-22 12:41 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-22 12:41 . 2001-10-24 12:25 5,632 --a------ c:\windows\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 19:51 --------- d-----w c:\program files\AviSynth 2.5
2009-03-20 21:45 --------- d-----w c:\documents and settings\user\Data aplikací\Skype
2009-03-20 21:34 --------- d-----w c:\documents and settings\user\Data aplikací\skypePM
2009-03-20 18:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-20 16:46 --------- d-----w c:\documents and settings\user\Data aplikací\uTorrent
2009-03-19 15:06 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-17 14:21 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2009-03-13 17:12 --------- d-----w c:\documents and settings\user\Data aplikací\ICQ
2009-03-08 21:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-08 21:01 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-03-07 20:23 --------- d-----w c:\program files\Counter-Strike 1.6
2009-03-07 20:22 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 4
2009-03-07 11:15 --------- d-----w c:\documents and settings\user\Data aplikací\Autodesk
2009-03-03 06:13 --------- d-----w c:\program files\Microsoft SQL Server
2009-03-03 06:07 --------- d-----w c:\program files\Microsoft.NET
2009-03-03 05:57 --------- d-----w c:\program files\MSBuild
2009-03-02 16:33 --------- d-----w c:\documents and settings\user\Data aplikací\Zoner
2009-03-01 18:38 --------- d-----w c:\documents and settings\user\Data aplikací\XnView
2009-03-01 14:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-22 12:10 106,496 ----a-w c:\windows\system32\ATL71.DLL
2009-02-22 12:08 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-21 08:55 --------- d-----w c:\program files\Sweet Home 3D
2009-02-19 21:20 --------- d-----w c:\program files\Bonjour
2009-02-19 13:49 --------- d-----w c:\program files\Common Files\Adobe
2009-02-19 13:41 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-19 08:51 --------- d-----w c:\program files\Alawar
2009-02-19 08:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\FarmFrenzy2
2009-02-19 08:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\AlawarWrapper
2009-02-18 21:18 --------- d-----w c:\documents and settings\user\Data aplikací\com.adobe.ExMan
2009-02-18 15:36 --------- d-----w c:\documents and settings\All Users\Data aplikací\FLEXnet
2009-02-18 14:31 --------- d-----w c:\program files\Adobe Media Player
2009-02-18 14:28 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-18 13:25 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-16 09:31 318,904 ----a-w c:\program files\wmpfirefoxplugin.exe
2009-02-12 18:42 --------- d-----w c:\documents and settings\user\Data aplikací\gtk-2.0
2009-02-12 18:38 --------- d-----w c:\program files\Participatory Culture Foundation
2009-02-12 18:38 --------- d-----w c:\documents and settings\user\Data aplikací\Participatory Culture Foundation
2009-02-11 19:30 --------- d-----w c:\program files\Lamer
2009-02-11 19:09 --------- d-----w c:\documents and settings\user\Data aplikací\REAPER
2009-02-10 05:54 132 ----a-w c:\program files\razac.ini
2009-02-09 19:49 --------- d-----w c:\program files\FormatFactory
2009-02-09 15:50 --------- d-----w c:\program files\Sunbelt Software
2009-02-09 15:34 --------- d-----w c:\documents and settings\All Users\Data aplikací\2DBoy
2009-02-09 15:33 --------- d-----w c:\program files\Yahoo!
2009-02-09 15:32 --------- d-----w c:\program files\VirtualDJ
2009-02-09 15:30 --------- d-----w c:\program files\AWS
2009-02-09 15:27 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-09 15:27 --------- d-----w c:\documents and settings\user\Data aplikací\Any Video Converter
2009-02-08 17:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-02-07 23:34 --------- d-----w c:\documents and settings\user\Data aplikací\ACD Systems
2009-02-07 23:34 --------- d-----w c:\documents and settings\All Users\Data aplikací\ACD Systems
2009-02-06 23:01 --------- d-----w c:\program files\Governor of Poker
2009-02-06 22:27 --------- d-----w c:\documents and settings\user\Data aplikací\PlayFirst
2009-02-02 19:33 --------- d-----w c:\program files\Microsoft Synchronization Services
2009-02-02 19:33 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-02 19:28 --------- d-----w c:\program files\Microsoft SDKs
2009-02-01 09:59 --------- d-----w c:\documents and settings\All Users\Data aplikací\MailFrontier
2009-02-01 09:29 342,862 ----a-w c:\windows\system32\drivers\kwflower.log
2009-02-01 09:29 189,999 ----a-w c:\windows\system32\drivers\kwfupper.log
2009-02-01 09:29 --------- d-----w c:\program files\Kerio
2009-01-26 21:52 --------- d-----w c:\documents and settings\user\Data aplikací\Nero
2009-01-25 13:08 --------- d-----w c:\program files\Common Files\Skype
2009-01-24 18:15 --------- d-----w c:\program files\Common Files\Nero
2009-01-24 17:59 --------- d-----w c:\program files\Nero
2009-01-24 17:58 --------- d-----w c:\program files\Windows Sidebar
2009-01-23 23:17 --------- d-----w c:\program files\Common Files\Ahead
2009-01-17 23:01 737,280 ----a-w c:\windows\iun6002.exe
2008-12-28 16:59 4,377,500 ----a-w c:\windows\system32\libavcodec.dll
2008-12-28 15:51 239,247 ----a-w c:\windows\system32\ff_theora.dll
2008-12-28 15:50 145,609 ----a-w c:\windows\system32\libmpeg2_ff.dll
2008-12-28 15:49 560,802 ----a-w c:\windows\system32\libmplayer.dll
2008-06-10 14:02 920 ---ha-w c:\documents and settings\user\setup.bin
2008-06-10 14:02 36 ---ha-w c:\documents and settings\user\gameinf.bin
2007-09-28 11:09 172,032 ----a-w c:\program files\razacs.exe
2007-09-27 22:47 274,432 ----a-w c:\program files\razac.exe
2008-09-28 06:36 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092820080929\index.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"razac"="c:\program files\razac.exe" [2007-09-27 274432]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2004-11-08 1597440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720]
"ABExpress"="c:\documents and settings\All Users\Data aplikací\AB Studio\ABExpress.exe" [2007-06-12 143360]
"Edison"="c:\program files\Verdiem\Edison\Edison.exe" [2008-07-31 1795328]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-03-01 2233856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - CryptLoad.exe (2).lnk - c:\documents and settings\user\Plocha\Martin\Ostatnˇ\cryptload\CryptLoad.exe [2008-12-08 7722488]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.hfyu"= huffyuv.dll
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.iyuv"= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.i420"= i420vfw.dll
"vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"msacm.ac3filter"= ac3filter.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\A MARTIN\\Trackmania nation forever\\TmNationsForever\\TmForever.exe"=
"c:\\A MARTIN\\Utorrent\\uTorrent.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-10 97928]
R1 HookCont;HookCont;c:\windows\system32\drivers\HookCont.sys [2008-12-16 13808]
R1 HookNtos;HookNtos;c:\windows\system32\drivers\HookNtos.sys [2008-12-16 62576]
R1 HookReg;HookReg;c:\windows\system32\drivers\HOOKREG.sys [2008-12-16 38256]
R1 HookSys;HookSys;c:\windows\system32\drivers\HookSys.sys [2008-12-16 164848]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-09 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-03-01 142592]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]
R2 edsvc;Edison Power Management Service;c:\program files\Verdiem\Edison\edsvc.exe [2008-07-31 75008]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2008-08-12 2208]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2007-08-02 69120]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-09 65576]
S2 ERA_SERVER;Eset Remote Administrator Server;c:\program files\Eset\Eset Remote Administrator\Server\era.exe [2007-08-23 1205504]
S2 LF30FS;LF30FS;\??\c:\a martin\Lock\LF30XP.sys --> c:\a martin\Lock\LF30XP.sys [?]
S2 RsRavMon;Rising RealTime Monitor;"c:\program files\RISING\RAV\Ravmond.exe" --> c:\program files\RISING\RAV\Ravmond.exe [?]
S3 DrvFltIp;DrvFltIp;\??\c:\documents and settings\user\Local Settings\TEMP\DrvFltIp --> c:\documents and settings\user\Local Settings\TEMP\DrvFltIp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-02-23 13224]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2008-06-24 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-02-23 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-02-23 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-02-23 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-02-23 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-02-23 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-02-23 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-02-23 115752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cfb2236-87e3-11dd-9341-0019dbb21520}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cfb2238-87e3-11dd-9341-0019dbb21520}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79e2952c-8802-11dd-9343-0019dbb21520}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Obsah adresáře 'Naplánované úlohy'

2009-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-03-20 c:\windows\Tasks\Norton Security Scan for user.job
- c:\program files\Norton Security Scan\Nss.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeBridge - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.tw\www.msi
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\1adhcgqz.default\
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 07:20:00
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\user\Local Settings\TEMP\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DrvFltIp]
"ImagePath"="\??\c:\documents and settings\user\Local Settings\TEMP\DrvFltIp"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-606747145-616249376-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-606747145-616249376-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cc,a4,9b,8c,85,17,7c,21,92,ed,31,f4,60,d8,31,d4,98,4c,99,79,65,d0,a8,
4b,02,b7,d5,fa,79,dd,3b,a4,48,07,0f,7c,e4,db,89,34,60,df,31,5c,95,68,cd,64,\
"??"=hex:73,2c,19,bb,89,2f,7c,8c,63,f5,6f,22,92,d8,b3,cc

[HKEY_USERS\S-1-5-21-606747145-616249376-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b0,91,0f,49,e0,ce,c1,8b,12,4e,e5,f5,6a,cb,e9,3e,db,38,f5,f3,59,
38,5b,b7,88,31,c4,c1,3a,ed,22,49,c1,b0,8d,15,a8,c0,a9,c6,a7,7c,55,35,0c,a1,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2009-03-22 7:23:15
ComboFix-quarantined-files.txt 2009-03-22 06:23:11

Před spuštěním: 9,079,091,200
Po spuštění: 9,364,316,160

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
362 --- E O F --- 2009-01-15 22:00:13

[jaro3]

Máš dva antiviry:
AV: AVG
AV: Rising Antivirus
Jeden odinstaluj.
*****************************************************************************************************************************************
Ještě zbytek po ESETU:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

@echo off
sc stop era
sc delete era
exit

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: FixServices.bat
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Poklepej na soubor FixServices.bat . Okno se otevře a zavře, to je normální.
Restart PC.
*******************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\program files\razac.ini
c:\windows\iun6002.exe
c:\program files\razacs.exe
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\program files\Apple Software Update\SoftwareUpdate.exe
c:\windows\Tasks\Norton Security Scan for user.job
c:\program files\Norton Security Scan\Nss.exe
c:\program files\Eset\Eset Remote Administrator\Server\era.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\msnasec.dIl
Vlož sem pak odkaz výsledku.

[Teedok]

AVG je nečinné ale nejde mi odstranit....

log z ComboFix:

ComboFix 09-03-19.02 - user 2009-03-22 13:21:06.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1023.493 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated)
AV: Rising Antivirus *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *enabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\program files\Apple Software Update\SoftwareUpdate.exe
c:\program files\Eset\Eset Remote Administrator\Server\era.exe
c:\program files\Norton Security Scan\Nss.exe
c:\program files\razac.ini
c:\program files\razacs.exe
c:\windows\iun6002.exe
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\Norton Security Scan for user.job
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Apple Software Update\SoftwareUpdate.exe
c:\program files\Eset\Eset Remote Administrator\Server\era.exe
c:\program files\razac.ini
c:\program files\razacs.exe
c:\windows\iun6002.exe
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\Norton Security Scan for user.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-22 do 2009-03-22 )))))))))))))))))))))))))))))))
.

2009-03-21 20:46 . 2009-03-21 21:31 <DIR> d-------- c:\program files\DVDx
2009-03-21 17:23 . 2009-03-21 17:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-21 17:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-21 17:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-20 23:17 . 2009-03-20 23:17 <DIR> d-------- c:\program files\Trend Micro
2009-03-20 23:15 . 2009-03-20 23:15 <DIR> d-------- c:\documents and settings\user\Data aplikací\DVD2AVI Ripper
2009-03-20 23:03 . 2009-03-20 23:07 <DIR> d-------- C:\movie
2009-03-20 23:02 . 2009-03-20 23:02 <DIR> d-------- c:\documentsa and settings\user\Data aplikací\dvdcss
2009-03-20 22:59 . 2009-03-20 23:04 67 --a------ c:\windows\#1 DVD Ripper.INI
2009-03-20 22:49 . 2009-03-21 20:51 <DIR> d-------- c:\program files\Gabest
2009-03-20 14:55 . 2009-03-20 16:05 <DIR> d-------- c:\program files\SpeedFan
2009-03-20 14:55 . 2009-03-20 14:55 45 --a------ c:\windows\system32\initdebug.nfo
2009-03-19 16:06 . 2009-03-19 16:06 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-18 21:57 . 2009-03-18 22:02 <DIR> d-------- c:\program files\NewtonDictate
2009-03-17 22:14 . 2009-03-19 21:46 127 ---h----- c:\windows\system32\msnasec.dIl
2009-03-17 22:14 . 2009-03-19 21:46 22 --a------ c:\windows\MathMagic Personal 3.64.INI
2009-03-17 22:08 . 2009-03-17 22:08 <DIR> d-------- c:\program files\MathMagic
2009-03-16 15:25 . 2009-03-16 15:25 <DIR> d-------- c:\documents and settings\user\Data aplikací\VitySoft
2009-03-13 15:12 . 2009-03-13 15:12 <DIR> d-------- c:\program files\Audacity
2009-03-12 20:56 . 2009-03-12 20:56 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2009-03-12 20:53 . 2009-03-12 20:57 <DIR> d-------- c:\program files\ICQ6.5
2009-03-11 20:14 . 2009-03-11 20:22 <DIR> d-------- c:\program files\Solid Edge V20
2009-03-07 20:33 . 2009-03-07 20:33 <DIR> d-------- c:\documents and settings\user\Data aplikací\CadSoft
2009-03-04 18:04 . 2009-03-04 18:04 <DIR> d-------- c:\windows\system32\QuickTime
2009-03-04 18:04 . 2009-03-04 18:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\TechSmith
2009-03-04 18:04 . 2007-03-19 08:30 102,400 --a------ c:\windows\system32\tsccvid.dll
2009-03-04 18:03 . 2009-03-04 18:03 <DIR> d-------- c:\program files\TechSmith
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\windows\system32\js
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\windows\system32\images
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\windows\system32\html
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\windows\system32\css
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\program files\Business Objects
2009-03-03 07:10 . 2009-03-03 07:10 <DIR> d-------- c:\program files\Microsoft Device Emulator
2009-03-03 07:09 . 2009-03-03 07:10 <DIR> d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-03-03 07:01 . 2009-03-03 07:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PreEmptive Solutions
2009-03-03 06:59 . 2009-03-03 06:59 <DIR> d-------- c:\documents and settings\user\Data aplikací\Media Player Classic
2009-03-03 06:57 . 2009-03-03 06:57 <DIR> d-------- c:\windows\symbols
2009-03-03 06:55 . 2009-03-03 06:58 <DIR> d-------- c:\program files\HTML Help Workshop
2009-03-03 06:55 . 2009-03-08 22:08 <DIR> d-------- c:\program files\Common Files\Merge Modules
2009-03-03 06:55 . 2009-03-03 06:55 <DIR> d-------- c:\program files\CE Remote Tools
2009-03-03 06:52 . 2009-03-03 06:53 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2009-03-02 18:10 . 2009-03-21 20:32 <DIR> d-------- c:\program files\IrfanView
2009-03-01 21:04 . 2009-03-01 21:04 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-01 16:21 . 2009-03-14 08:06 <DIR> d-------- c:\program files\WinClamAVShield
2009-03-01 16:12 . 2009-03-10 16:30 <DIR> d-------- c:\program files\Spyware Terminator
2009-03-01 16:12 . 2009-03-01 16:12 <DIR> d-------- c:\program files\Crawler
2009-03-01 16:12 . 2009-03-22 07:35 <DIR> d-------- c:\documents and settings\user\Data aplikací\Spyware Terminator
2009-03-01 16:12 . 2009-03-14 08:06 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2009-03-01 16:12 . 2009-03-01 16:12 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-28 07:40 . 2009-03-09 18:08 138 --a------ c:\windows\LAYOUT30.INI
2009-02-28 07:39 . 2009-02-28 07:39 89 --a------ c:\windows\SPR3015.DAT
2009-02-28 07:38 . 2009-02-28 07:38 <DIR> d-------- C:\PROGRAMS
2009-02-23 22:38 . 2009-02-23 23:10 <DIR> d-------- c:\program files\MediaInfo
2009-02-23 22:31 . 2009-02-23 22:31 807 --a------ C:\HIMYM.gif
2009-02-23 20:30 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-02-23 20:30 . 2009-02-23 20:30 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-23 20:30 . 2009-02-23 20:30 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-02-23 14:14 . 2009-02-23 14:14 1,107,296 --a------ c:\windows\system32\WdfCoInstaller01007.dll
2009-02-23 14:14 . 2009-02-23 14:14 24,616 --a------ c:\windows\system32\drivers\ggsemc.sys
2009-02-23 14:14 . 2009-02-23 14:14 13,224 --a------ c:\windows\system32\drivers\ggflt.sys
2009-02-23 13:40 . 2009-02-23 13:40 <DIR> d-------- c:\program files\Avanquest update
2009-02-23 13:40 . 2009-02-23 13:40 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\BVRP Software
2009-02-23 13:40 . 2008-05-16 11:33 120,744 --a------ c:\windows\system32\drivers\s0016mdm.sys
2009-02-23 13:40 . 2008-05-16 11:33 115,752 --a------ c:\windows\system32\drivers\s0016unic.sys
2009-02-23 13:40 . 2008-05-16 11:33 114,216 --a------ c:\windows\system32\drivers\s0016mgmt.sys
2009-02-23 13:40 . 2008-05-16 11:33 110,632 --a------ c:\windows\system32\drivers\s0016obex.sys
2009-02-23 13:40 . 2008-05-16 11:33 89,256 --a------ c:\windows\system32\drivers\s0016bus.sys
2009-02-23 13:40 . 2008-05-16 11:33 25,512 --a------ c:\windows\system32\drivers\s0016nd5.sys
2009-02-23 13:40 . 2008-05-16 11:33 15,016 --a------ c:\windows\system32\drivers\s0016mdfl.sys
2009-02-23 13:40 . 2008-05-16 11:33 12,200 --a------ c:\windows\system32\drivers\s0016whnt.sys
2009-02-23 13:40 . 2008-05-16 11:33 12,200 --a------ c:\windows\system32\drivers\s0016wh.sys
2009-02-23 13:40 . 2008-05-16 11:33 12,200 --a------ c:\windows\system32\drivers\s0016cmnt.sys
2009-02-23 13:40 . 2008-05-16 11:33 12,200 --a------ c:\windows\system32\drivers\s0016cm.sys
2009-02-23 13:40 . 2008-05-16 11:33 10,792 --a------ c:\windows\system32\drivers\s0016cr.sys
2009-02-23 13:39 . 2009-02-23 22:03 <DIR> d-------- c:\program files\Sony Ericsson
2009-02-23 13:39 . 2009-02-23 13:39 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sony Ericsson
2009-02-22 21:59 . 2009-02-22 21:59 <DIR> d-------- c:\program files\Foxit Software
2009-02-22 15:45 . 2009-02-22 15:45 <DIR> d-------- c:\documents and settings\user\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-22 13:15 . 2009-02-22 13:15 <DIR> d-------- c:\documents and settings\user\Data aplikací\Nikon
2009-02-22 13:11 . 2009-02-22 13:11 <DIR> d-------- c:\program files\Common Files\Nikon
2009-02-22 13:11 . 2009-02-22 13:11 <DIR> d-------- c:\program files\Common Files\muvee Technologies
2009-02-22 13:11 . 2009-02-22 13:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nikon
2009-02-22 13:10 . 2009-02-22 13:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Ultima_T15
2009-02-22 13:10 . 2009-02-22 13:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Plug-Ins
2009-02-22 13:10 . 2009-02-22 13:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\EnterNHelp
2009-02-22 13:10 . 2009-02-22 13:15 20 ---h----- c:\documents and settings\All Users\Data aplikací\PKP_DLdu.DAT
2009-02-22 12:41 . 2008-04-14 05:21 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-02-22 12:41 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-22 12:41 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-22 12:41 . 2001-10-24 12:25 5,632 --a------ c:\windows\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 12:21 --------- d-----w c:\program files\Apple Software Update
2009-03-21 19:51 --------- d-----w c:\program files\AviSynth 2.5
2009-03-20 21:45 --------- d-----w c:\documents and settings\user\Data aplikací\Skype
2009-03-20 21:34 --------- d-----w c:\documents and settings\user\Data aplikací\skypePM
2009-03-20 18:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-20 16:46 --------- d-----w c:\documents and settings\user\Data aplikací\uTorrent
2009-03-19 15:06 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-17 14:21 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2009-03-13 17:12 --------- d-----w c:\documents and settings\user\Data aplikací\ICQ
2009-03-08 21:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-08 21:01 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-03-07 20:23 --------- d-----w c:\program files\Counter-Strike 1.6
2009-03-07 20:22 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 4
2009-03-07 11:15 --------- d-----w c:\documents and settings\user\Data aplikací\Autodesk
2009-03-03 06:13 --------- d-----w c:\program files\Microsoft SQL Server
2009-03-03 06:07 --------- d-----w c:\program files\Microsoft.NET
2009-03-03 05:57 --------- d-----w c:\program files\MSBuild
2009-03-02 16:33 --------- d-----w c:\documents and settings\user\Data aplikací\Zoner
2009-03-01 18:38 --------- d-----w c:\documents and settings\user\Data aplikací\XnView
2009-03-01 14:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-22 12:10 106,496 ----a-w c:\windows\system32\ATL71.DLL
2009-02-22 12:08 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-21 08:55 --------- d-----w c:\program files\Sweet Home 3D
2009-02-19 21:20 --------- d-----w c:\program files\Bonjour
2009-02-19 13:49 --------- d-----w c:\program files\Common Files\Adobe
2009-02-19 13:41 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-19 08:51 --------- d-----w c:\program files\Alawar
2009-02-19 08:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\FarmFrenzy2
2009-02-19 08:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\AlawarWrapper
2009-02-18 21:18 --------- d-----w c:\documents and settings\user\Data aplikací\com.adobe.ExMan
2009-02-18 15:36 --------- d-----w c:\documents and settings\All Users\Data aplikací\FLEXnet
2009-02-18 14:31 --------- d-----w c:\program files\Adobe Media Player
2009-02-18 14:28 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-18 13:25 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-16 09:31 318,904 ----a-w c:\program files\wmpfirefoxplugin.exe
2009-02-12 18:42 --------- d-----w c:\documents and settings\user\Data aplikací\gtk-2.0
2009-02-12 18:38 --------- d-----w c:\program files\Participatory Culture Foundation
2009-02-12 18:38 --------- d-----w c:\documents and settings\user\Data aplikací\Participatory Culture Foundation
2009-02-11 19:30 --------- d-----w c:\program files\Lamer
2009-02-11 19:09 --------- d-----w c:\documents and settings\user\Data aplikací\REAPER
2009-02-09 19:49 --------- d-----w c:\program files\FormatFactory
2009-02-09 15:50 --------- d-----w c:\program files\Sunbelt Software
2009-02-09 15:34 --------- d-----w c:\documents and settings\All Users\Data aplikací\2DBoy
2009-02-09 15:33 --------- d-----w c:\program files\Yahoo!
2009-02-09 15:32 --------- d-----w c:\program files\VirtualDJ
2009-02-09 15:30 --------- d-----w c:\program files\AWS
2009-02-09 15:27 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-09 15:27 --------- d-----w c:\documents and settings\user\Data aplikací\Any Video Converter
2009-02-08 17:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-02-07 23:34 --------- d-----w c:\documents and settings\user\Data aplikací\ACD Systems
2009-02-07 23:34 --------- d-----w c:\documents and settings\All Users\Data aplikací\ACD Systems
2009-02-06 23:01 --------- d-----w c:\program files\Governor of Poker
2009-02-06 22:27 --------- d-----w c:\documents and settings\user\Data aplikací\PlayFirst
2009-02-02 19:33 --------- d-----w c:\program files\Microsoft Synchronization Services
2009-02-02 19:33 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-02 19:28 --------- d-----w c:\program files\Microsoft SDKs
2009-02-01 09:59 --------- d-----w c:\documents and settings\All Users\Data aplikací\MailFrontier
2009-02-01 09:29 342,862 ----a-w c:\windows\system32\drivers\kwflower.log
2009-02-01 09:29 189,999 ----a-w c:\windows\system32\drivers\kwfupper.log
2009-02-01 09:29 --------- d-----w c:\program files\Kerio
2009-01-26 21:52 --------- d-----w c:\documents and settings\user\Data aplikací\Nero
2009-01-25 13:08 --------- d-----w c:\program files\Common Files\Skype
2009-01-24 18:15 --------- d-----w c:\program files\Common Files\Nero
2009-01-24 17:59 --------- d-----w c:\program files\Nero
2009-01-24 17:58 --------- d-----w c:\program files\Windows Sidebar
2009-01-23 23:17 --------- d-----w c:\program files\Common Files\Ahead
2008-12-28 16:59 4,377,500 ----a-w c:\windows\system32\libavcodec.dll
2008-12-28 15:51 239,247 ----a-w c:\windows\system32\ff_theora.dll
2008-12-28 15:50 145,609 ----a-w c:\windows\system32\libmpeg2_ff.dll
2008-12-28 15:49 560,802 ----a-w c:\windows\system32\libmplayer.dll
2008-06-10 14:02 920 ---ha-w c:\documents and settings\user\setup.bin
2008-06-10 14:02 36 ---ha-w c:\documents and settings\user\gameinf.bin
2007-09-27 22:47 274,432 ----a-w c:\program files\razac.exe
2008-09-28 06:36 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092820080929\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-22_ 7.21.08.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-22 12:13:36 16,384 ----atw c:\windows\temp\Perflib_Perfdata_3fc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"razac"="c:\program files\razac.exe" [2007-09-27 274432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720]
"ABExpress"="c:\documents and settings\All Users\Data aplikací\AB Studio\ABExpress.exe" [2007-06-12 143360]
"Edison"="c:\program files\Verdiem\Edison\Edison.exe" [2008-07-31 1795328]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-03-01 2233856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - CryptLoad.exe (2).lnk - c:\documents and settings\user\Plocha\Martin\Ostatnˇ\cryptload\CryptLoad.exe [2008-12-08 7722488]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.hfyu"= huffyuv.dll
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.iyuv"= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.i420"= i420vfw.dll
"vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"msacm.ac3filter"= ac3filter.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\A MARTIN\\Trackmania nation forever\\TmNationsForever\\TmForever.exe"=
"c:\\A MARTIN\\Utorrent\\uTorrent.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-10 97928]
R1 HookCont;HookCont;c:\windows\system32\drivers\HookCont.sys [2008-12-16 13808]
R1 HookNtos;HookNtos;c:\windows\system32\drivers\HookNtos.sys [2008-12-16 62576]
R1 HookReg;HookReg;c:\windows\system32\drivers\HOOKREG.sys [2008-12-16 38256]
R1 HookSys;HookSys;c:\windows\system32\drivers\HookSys.sys [2008-12-16 164848]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-09 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-03-01 142592]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]
R2 edsvc;Edison Power Management Service;c:\program files\Verdiem\Edison\edsvc.exe [2008-07-31 75008]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2008-08-12 2208]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2007-08-02 69120]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-09 65576]
S2 ERA_SERVER;Eset Remote Administrator Server;"c:\program files\Eset\Eset Remote Administrator\Server\era.exe" --> c:\program files\Eset\Eset Remote Administrator\Server\era.exe [?]
S2 LF30FS;LF30FS;\??\c:\a martin\Lock\LF30XP.sys --> c:\a martin\Lock\LF30XP.sys [?]
S2 RsRavMon;Rising RealTime Monitor;"c:\program files\RISING\RAV\Ravmond.exe" --> c:\program files\RISING\RAV\Ravmond.exe [?]
S3 DrvFltIp;DrvFltIp;\??\c:\documents and settings\user\Local Settings\TEMP\DrvFltIp --> c:\documents and settings\user\Local Settings\TEMP\DrvFltIp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-02-23 13224]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2008-06-24 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-02-23 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-02-23 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-02-23 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-02-23 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-02-23 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-02-23 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-02-23 115752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cfb2236-87e3-11dd-9341-0019dbb21520}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cfb2238-87e3-11dd-9341-0019dbb21520}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79e2952c-8802-11dd-9343-0019dbb21520}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.tw\www.msi
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\1adhcgqz.default\
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\progra~1\MOZILL~2\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\MOZILL~2\plugins\npnul32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 13:26:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\user\Local Settings\TEMP\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DrvFltIp]
"ImagePath"="\??\c:\documents and settings\user\Local Settings\TEMP\DrvFltIp"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-606747145-616249376-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-606747145-616249376-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cc,a4,9b,8c,85,17,7c,21,92,ed,31,f4,60,d8,31,d4,98,4c,99,79,65,d0,a8,
4b,02,b7,d5,fa,79,dd,3b,a4,48,07,0f,7c,e4,db,89,34,60,df,31,5c,95,68,cd,64,\
"??"=hex:73,2c,19,bb,89,2f,7c,8c,63,f5,6f,22,92,d8,b3,cc

[HKEY_USERS\S-1-5-21-606747145-616249376-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b0,91,0f,49,e0,ce,c1,8b,12,4e,e5,f5,6a,cb,e9,3e,db,38,f5,f3,59,
38,5b,b7,88,31,c4,c1,3a,ed,22,49,c1,b0,8d,15,a8,c0,a9,c6,a7,7c,55,35,0c,a1,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\avgrsstx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2009-03-22 13:29:34
ComboFix-quarantined-files.txt 2009-03-22 12:29:29
ComboFix2.txt 2009-03-22 06:23:19

Před spuštěním: 6 862 213 120
Po spuštění: 6,846,361,600

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
366 --- E O F --- 2009-01-15 22:00:13


log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:19, on 22.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verdiem\Edison\edsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\razac.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Documents and Settings\user\Plocha\Martin\Ostatní\cryptload\CryptLoad.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ABExpress] C:\Documents and Settings\All Users\Data aplikací\AB Studio\ABExpress.exe -i
O4 - HKLM\..\Run: [Edison] "C:\Program Files\Verdiem\Edison\Edison.exe" /autolaunched
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [razac] "C:\Program Files\razac.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - CryptLoad.exe (2).lnk = ?
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2616334468
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Edison Power Management Service (edsvc) - Verdiem - C:\Program Files\Verdiem\Edison\edsvc.exe
O23 - Service: Eset Remote Administrator Server (ERA_SERVER) - Unknown owner - C:\Program Files\Eset\Eset Remote Administrator\Server\era.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Unknown owner - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe (file missing)
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 10181 bytes

[jaro3]

Tak ten AVG smažeme taky...a ještě zbytek po Ashampoo firewall.

START-spustit-napiš= cmd.exe -dej OK- v dosovém okně vlož myší toto:
sc stop ASFWHide
sc delete ASFWHide
sc stop era
sc delete era
exit
ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.Otevře se Dosovské okno a zavře. Restartuj comp.
*****************************************************************************************************************************************
Takže ještě jeden script v CF, postup stejný jako výše.:

Kód: Vybrat vše

File::
c:\program files\razac.exe
c:\windows\system32\drivers\avgldx86.sys
c:\progra~1\AVG\AVG8\avgwdsvc.exe

Folder::
c:\progra~1\AVG

Driver::
avgldx86

Registry::
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"razac"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASFWHide]


Zase log z CF a HJT.

[Teedok]

Log z ComboFix:

ComboFix 09-03-19.02 - user 2009-03-22 17:42:10.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1023.533 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated)
AV: Rising Antivirus *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *enabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\razac.exe
c:\windows\system32\drivers\avgldx86.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\progra~1\AVG
c:\progra~1\AVG\AVG8\avgapix.dll
c:\progra~1\AVG\AVG8\avgcfgx.dll
c:\progra~1\AVG\AVG8\avglngx.dll
c:\progra~1\AVG\AVG8\avglogx.dll
c:\progra~1\AVG\AVG8\avgse.dll
c:\progra~1\AVG\AVG8\avgsched.dll
c:\progra~1\AVG\AVG8\avgtbapi.dll
c:\progra~1\AVG\AVG8\avgwd.dll
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\progra~1\AVG\AVG8\avgwdwsc.dll
c:\progra~1\AVG\AVG8\avgxpl.dll
c:\progra~1\AVG\AVG8\Firefox\Components\avgssff.dll
c:\progra~1\AVG\AVG8\Firefox\Components\ISearchShield.xpt
c:\progra~1\AVG\AVG8\Firefox\chrome.manifest
c:\progra~1\AVG\AVG8\Firefox\Chrome\searchshield.jar
c:\progra~1\AVG\AVG8\ToolbarFF\Components\dtfox-autocomplete.js
c:\progra~1\AVG\AVG8\ToolbarFF\Components\dtfox-service.js
c:\progra~1\AVG\AVG8\ToolbarFF\Components\vmAVGConnector.dll
c:\progra~1\AVG\AVG8\ToolbarFF\Components\vmIAVGConnector.xpt
c:\progra~1\AVG\AVG8\ToolbarFF\Components\vmIAVGDatabaseVersion.xpt
c:\progra~1\AVG\AVG8\ToolbarFF\Components\vmIAVGProgramVersion.xpt
c:\progra~1\AVG\AVG8\ToolbarFF\Components\vmIAVGSearchRatingsConfig.xpt
c:\progra~1\AVG\AVG8\ToolbarFF\Components\vmIAVGSurfResult.xpt
c:\progra~1\AVG\AVG8\ToolbarFF\chrome.manifest
c:\progra~1\AVG\AVG8\ToolbarFF\Chrome\avg.jar
c:\progra~1\AVG\AVG8\ToolbarFF\Chrome\Cache\overlay.dtd
c:\progra~1\AVG\AVG8\ToolbarFF\Chrome\Cache\overlay.xml
c:\progra~1\AVG\AVG8\ToolbarFF\Chrome\Cache\overlay_noavg.xml
c:\progra~1\AVG\AVG8\ToolbarFF\Chrome\Cache\quicksearch.xml
c:\progra~1\AVG\AVG8\ToolbarFF\Chrome\Cache\update.xml
c:\progra~1\AVG\AVG8\ToolbarFF\Chrome\Cache\yahoo.xml
c:\progra~1\AVG\AVG8\ToolbarFF\install.rdf
c:\program files\razac.exe
c:\windows\system32\drivers\avgldx86.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVGLDX86
-------\Service_AvgLdx86


((((((((((((((((((((((((( Soubory vytvořené od 2009-02-22 do 2009-03-22 )))))))))))))))))))))))))))))))
.

2009-03-21 20:46 . 2009-03-21 21:31 <DIR> d-------- c:\program files\DVDx
2009-03-21 17:23 . 2009-03-21 17:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-21 17:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-21 17:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-20 23:17 . 2009-03-20 23:17 <DIR> d-------- c:\program files\Trend Micro
2009-03-20 23:15 . 2009-03-20 23:15 <DIR> d-------- c:\documents and settings\user\Data aplikací\DVD2AVI Ripper
2009-03-20 23:03 . 2009-03-20 23:07 <DIR> d-------- C:\movie
2009-03-20 23:02 . 2009-03-20 23:02 <DIR> d-------- c:\documents and settings\user\Data aplikací\dvdcss
2009-03-20 22:59 . 2009-03-20 23:04 67 --a------ c:\windows\#1 DVD Ripper.INI
2009-03-20 22:49 . 2009-03-21 20:51 <DIR> d-------- c:\program files\Gabest
2009-03-20 14:55 . 2009-03-20 16:05 <DIR> d-------- c:\program files\SpeedFan
2009-03-20 14:55 . 2009-03-20 14:55 45 --a------ c:\windows\system32\initdebug.nfo
2009-03-19 16:06 . 2009-03-19 16:06 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-18 21:57 . 2009-03-18 22:02 <DIR> d-------- c:\program files\NewtonDictate
2009-03-17 22:14 . 2009-03-19 21:46 127 ---h----- c:\windows\system32\msnasec.dIl
2009-03-17 22:14 . 2009-03-19 21:46 22 --a------ c:\windows\MathMagic Personal 3.64.INI
2009-03-17 22:08 . 2009-03-17 22:08 <DIR> d-------- c:\program files\MathMagic
2009-03-16 15:25 . 2009-03-16 15:25 <DIR> d-------- c:\documents and settings\user\Data aplikací\VitySoft
2009-03-13 15:12 . 2009-03-13 15:12 <DIR> d-------- c:\program files\Audacity
2009-03-12 20:56 . 2009-03-12 20:56 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2009-03-12 20:53 . 2009-03-12 20:57 <DIR> d-------- c:\program files\ICQ6.5
2009-03-11 20:14 . 2009-03-11 20:22 <DIR> d-------- c:\program files\Solid Edge V20
2009-03-07 20:33 . 2009-03-07 20:33 <DIR> d-------- c:\documents and settings\user\Data aplikací\CadSoft
2009-03-04 18:04 . 2009-03-04 18:04 <DIR> d-------- c:\windows\system32\QuickTime
2009-03-04 18:04 . 2009-03-04 18:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\TechSmith
2009-03-04 18:04 . 2007-03-19 08:30 102,400 --a------ c:\windows\system32\tsccvid.dll
2009-03-04 18:03 . 2009-03-04 18:03 <DIR> d-------- c:\program files\TechSmith
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\windows\system32\js
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\windows\system32\images
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\windows\system32\html
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\windows\system32\css
2009-03-03 07:16 . 2009-03-03 07:16 <DIR> d-------- c:\program files\Business Objects
2009-03-03 07:10 . 2009-03-03 07:10 <DIR> d-------- c:\program files\Microsoft Device Emulator
2009-03-03 07:09 . 2009-03-03 07:10 <DIR> d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-03-03 07:01 . 2009-03-03 07:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PreEmptive Solutions
2009-03-03 06:59 . 2009-03-03 06:59 <DIR> d-------- c:\documents and settings\user\Data aplikací\Media Player Classic
2009-03-03 06:57 . 2009-03-03 06:57 <DIR> d-------- c:\windows\symbols
2009-03-03 06:55 . 2009-03-03 06:58 <DIR> d-------- c:\program files\HTML Help Workshop
2009-03-03 06:55 . 2009-03-08 22:08 <DIR> d-------- c:\program files\Common Files\Merge Modules
2009-03-03 06:55 . 2009-03-03 06:55 <DIR> d-------- c:\program files\CE Remote Tools
2009-03-03 06:52 . 2009-03-03 06:53 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2009-03-02 18:10 . 2009-03-21 20:32 <DIR> d-------- c:\program files\IrfanView
2009-03-01 21:04 . 2009-03-01 21:04 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-01 16:21 . 2009-03-14 08:06 <DIR> d-------- c:\program files\WinClamAVShield
2009-03-01 16:12 . 2009-03-10 16:30 <DIR> d-------- c:\program files\Spyware Terminator
2009-03-01 16:12 . 2009-03-01 16:12 <DIR> d-------- c:\program files\Crawler
2009-03-01 16:12 . 2009-03-22 17:39 <DIR> d-------- c:\documents and settings\user\Data aplikací\Spyware Terminator
2009-03-01 16:12 . 2009-03-14 08:06 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2009-03-01 16:12 . 2009-03-01 16:12 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-28 07:40 . 2009-03-09 18:08 138 --a------ c:\windows\LAYOUT30.INI
2009-02-28 07:39 . 2009-02-28 07:39 89 --a------ c:\windows\SPR3015.DAT
2009-02-28 07:38 . 2009-02-28 07:38 <DIR> d-------- C:\PROGRAMS
2009-02-23 22:38 . 2009-02-23 23:10 <DIR> d-------- c:\program files\MediaInfo
2009-02-23 22:31 . 2009-02-23 22:31 807 --a------ C:\HIMYM.gif
2009-02-23 20:30 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-02-23 20:30 . 2009-02-23 20:30 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-23 20:30 . 2009-02-23 20:30 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-02-23 14:14 . 2009-02-23 14:14 1,107,296 --a------ c:\windows\system32\WdfCoInstaller01007.dll
2009-02-23 14:14 . 2009-02-23 14:14 24,616 --a------ c:\windows\system32\drivers\ggsemc.sys
2009-02-23 14:14 . 2009-02-23 14:14 13,224 --a------ c:\windows\system32\drivers\ggflt.sys
2009-02-23 13:40 . 2009-02-23 13:40 <DIR> d-------- c:\program files\Avanquest update
2009-02-23 13:40 . 2009-02-23 13:40 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\BVRP Software
2009-02-23 13:40 . 2008-05-16 11:33 120,744 --a------ c:\windows\system32\drivers\s0016mdm.sys
2009-02-23 13:40 . 2008-05-16 11:33 115,752 --a------ c:\windows\system32\drivers\s0016unic.sys
2009-02-23 13:40 . 2008-05-16 11:33 114,216 --a------ c:\windows\system32\drivers\s0016mgmt.sys
2009-02-23 13:40 . 2008-05-16 11:33 110,632 --a------ c:\windows\system32\drivers\s0016obex.sys
2009-02-23 13:40 . 2008-05-16 11:33 89,256 --a------ c:\windows\system32\drivers\s0016bus.sys
2009-02-23 13:40 . 2008-05-16 11:33 25,512 --a------ c:\windows\system32\drivers\s0016nd5.sys
2009-02-23 13:40 . 2008-05-16 11:33 15,016 --a------ c:\windows\system32\drivers\s0016mdfl.sys
2009-02-23 13:40 . 2008-05-16 11:33 12,200 --a------ c:\windows\system32\drivers\s0016whnt.sys
2009-02-23 13:40 . 2008-05-16 11:33 12,200 --a------ c:\windows\system32\drivers\s0016wh.sys
2009-02-23 13:40 . 2008-05-16 11:33 12,200 --a------ c:\windows\system32\drivers\s0016cmnt.sys
2009-02-23 13:40 . 2008-05-16 11:33 12,200 --a------ c:\windows\system32\drivers\s0016cm.sys
2009-02-23 13:40 . 2008-05-16 11:33 10,792 --a------ c:\windows\system32\drivers\s0016cr.sys
2009-02-23 13:39 . 2009-02-23 22:03 <DIR> d-------- c:\program files\Sony Ericsson
2009-02-23 13:39 . 2009-02-23 13:39 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Sony Ericsson
2009-02-22 21:59 . 2009-02-22 21:59 <DIR> d-------- c:\program files\Foxit Software
2009-02-22 15:45 . 2009-02-22 15:45 <DIR> d-------- c:\documents and settings\user\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-22 13:15 . 2009-02-22 13:15 <DIR> d-------- c:\documents and settings\user\Data aplikací\Nikon
2009-02-22 13:11 . 2009-02-22 13:11 <DIR> d-------- c:\program files\Common Files\Nikon
2009-02-22 13:11 . 2009-02-22 13:11 <DIR> d-------- c:\program files\Common Files\muvee Technologies
2009-02-22 13:11 . 2009-02-22 13:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nikon
2009-02-22 13:10 . 2009-02-22 13:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Ultima_T15
2009-02-22 13:10 . 2009-02-22 13:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Plug-Ins
2009-02-22 13:10 . 2009-02-22 13:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\EnterNHelp
2009-02-22 13:10 . 2009-02-22 13:15 20 ---h----- c:\documents and settings\All Users\Data aplikací\PKP_DLdu.DAT
2009-02-22 12:41 . 2008-04-14 05:21 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-02-22 12:41 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-22 12:41 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-22 12:41 . 2001-10-24 12:25 5,632 --a------ c:\windows\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 16:19 --------- d-----w c:\documents and settings\user\Data aplikací\Skype
2009-03-22 15:07 --------- d-----w c:\documents and settings\user\Data aplikací\skypePM
2009-03-22 12:21 --------- d-----w c:\program files\Apple Software Update
2009-03-21 19:51 --------- d-----w c:\program files\AviSynth 2.5
2009-03-20 18:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-20 16:46 --------- d-----w c:\documents and settings\user\Data aplikací\uTorrent
2009-03-19 15:06 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-17 14:21 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2009-03-13 17:12 --------- d-----w c:\documents and settings\user\Data aplikací\ICQ
2009-03-08 21:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-08 21:01 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-03-07 20:23 --------- d-----w c:\program files\Counter-Strike 1.6
2009-03-07 20:22 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 4
2009-03-07 11:15 --------- d-----w c:\documents and settings\user\Data aplikací\Autodesk
2009-03-03 06:13 --------- d-----w c:\program files\Microsoft SQL Server
2009-03-03 06:07 --------- d-----w c:\program files\Microsoft.NET
2009-03-03 05:57 --------- d-----w c:\program files\MSBuild
2009-03-02 16:33 --------- d-----w c:\documents and settings\user\Data aplikací\Zoner
2009-03-01 18:38 --------- d-----w c:\documents and settings\user\Data aplikací\XnView
2009-03-01 14:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-22 12:10 106,496 ----a-w c:\windows\system32\ATL71.DLL
2009-02-22 12:08 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-21 08:55 --------- d-----w c:\program files\Sweet Home 3D
2009-02-19 21:20 --------- d-----w c:\program files\Bonjour
2009-02-19 13:49 --------- d-----w c:\program files\Common Files\Adobe
2009-02-19 13:41 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-19 08:51 --------- d-----w c:\program files\Alawar
2009-02-19 08:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\FarmFrenzy2
2009-02-19 08:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\AlawarWrapper
2009-02-18 21:18 --------- d-----w c:\documents and settings\user\Data aplikací\com.adobe.ExMan
2009-02-18 15:36 --------- d-----w c:\documents and settings\All Users\Data aplikací\FLEXnet
2009-02-18 14:31 --------- d-----w c:\program files\Adobe Media Player
2009-02-18 14:28 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-18 13:25 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-16 09:31 318,904 ----a-w c:\program files\wmpfirefoxplugin.exe
2009-02-12 18:42 --------- d-----w c:\documents and settings\user\Data aplikací\gtk-2.0
2009-02-12 18:38 --------- d-----w c:\program files\Participatory Culture Foundation
2009-02-12 18:38 --------- d-----w c:\documents and settings\user\Data aplikací\Participatory Culture Foundation
2009-02-11 19:30 --------- d-----w c:\program files\Lamer
2009-02-11 19:09 --------- d-----w c:\documents and settings\user\Data aplikací\REAPER
2009-02-09 19:49 --------- d-----w c:\program files\FormatFactory
2009-02-09 15:50 --------- d-----w c:\program files\Sunbelt Software
2009-02-09 15:34 --------- d-----w c:\documents and settings\All Users\Data aplikací\2DBoy
2009-02-09 15:33 --------- d-----w c:\program files\Yahoo!
2009-02-09 15:32 --------- d-----w c:\program files\VirtualDJ
2009-02-09 15:30 --------- d-----w c:\program files\AWS
2009-02-09 15:27 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-09 15:27 --------- d-----w c:\documents and settings\user\Data aplikací\Any Video Converter
2009-02-08 17:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-02-07 23:34 --------- d-----w c:\documents and settings\user\Data aplikací\ACD Systems
2009-02-07 23:34 --------- d-----w c:\documents and settings\All Users\Data aplikací\ACD Systems
2009-02-06 23:01 --------- d-----w c:\program files\Governor of Poker
2009-02-06 22:27 --------- d-----w c:\documents and settings\user\Data aplikací\PlayFirst
2009-02-02 19:33 --------- d-----w c:\program files\Microsoft Synchronization Services
2009-02-02 19:33 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-02 19:28 --------- d-----w c:\program files\Microsoft SDKs
2009-02-01 09:59 --------- d-----w c:\documents and settings\All Users\Data aplikací\MailFrontier
2009-02-01 09:29 342,862 ----a-w c:\windows\system32\drivers\kwflower.log
2009-02-01 09:29 189,999 ----a-w c:\windows\system32\drivers\kwfupper.log
2009-02-01 09:29 --------- d-----w c:\program files\Kerio
2009-01-26 21:52 --------- d-----w c:\documents and settings\user\Data aplikací\Nero
2009-01-25 13:08 --------- d-----w c:\program files\Common Files\Skype
2009-01-24 18:15 --------- d-----w c:\program files\Common Files\Nero
2009-01-24 17:59 --------- d-----w c:\program files\Nero
2009-01-24 17:58 --------- d-----w c:\program files\Windows Sidebar
2009-01-23 23:17 --------- d-----w c:\program files\Common Files\Ahead
2008-12-28 16:59 4,377,500 ----a-w c:\windows\system32\libavcodec.dll
2008-12-28 15:51 239,247 ----a-w c:\windows\system32\ff_theora.dll
2008-12-28 15:50 145,609 ----a-w c:\windows\system32\libmpeg2_ff.dll
2008-12-28 15:49 560,802 ----a-w c:\windows\system32\libmplayer.dll
2008-06-10 14:02 920 ---ha-w c:\documents and settings\user\setup.bin
2008-06-10 14:02 36 ---ha-w c:\documents and settings\user\gameinf.bin
2008-09-28 06:36 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092820080929\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-22_ 7.21.08.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-03-22 16:34:37 16,384 ----atw c:\windows\temp\Perflib_Perfdata_61c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"razac"="c:\program files\razac.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720]
"ABExpress"="c:\documents and settings\All Users\Data aplikací\AB Studio\ABExpress.exe" [2007-06-12 143360]
"Edison"="c:\program files\Verdiem\Edison\Edison.exe" [2008-07-31 1795328]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-03-01 2233856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - CryptLoad.exe (2).lnk - c:\documents and settings\user\Plocha\Martin\Ostatnˇ\cryptload\CryptLoad.exe [2008-12-08 7722488]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.hfyu"= huffyuv.dll
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.iyuv"= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.i420"= i420vfw.dll
"vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"msacm.ac3filter"= ac3filter.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\A MARTIN\\Trackmania nation forever\\TmNationsForever\\TmForever.exe"=
"c:\\A MARTIN\\Utorrent\\uTorrent.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 HookCont;HookCont;c:\windows\system32\drivers\HookCont.sys [2008-12-16 13808]
R1 HookNtos;HookNtos;c:\windows\system32\drivers\HookNtos.sys [2008-12-16 62576]
R1 HookReg;HookReg;c:\windows\system32\drivers\HOOKREG.sys [2008-12-16 38256]
R1 HookSys;HookSys;c:\windows\system32\drivers\HookSys.sys [2008-12-16 164848]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-09 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-03-01 142592]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R2 edsvc;Edison Power Management Service;c:\program files\Verdiem\Edison\edsvc.exe [2008-07-31 75008]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2008-08-12 2208]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2007-08-02 69120]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-09 65576]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 ERA_SERVER;Eset Remote Administrator Server;"c:\program files\Eset\Eset Remote Administrator\Server\era.exe" --> c:\program files\Eset\Eset Remote Administrator\Server\era.exe [?]
S2 LF30FS;LF30FS;\??\c:\a martin\Lock\LF30XP.sys --> c:\a martin\Lock\LF30XP.sys [?]
S2 RsRavMon;Rising RealTime Monitor;"c:\program files\RISING\RAV\Ravmond.exe" --> c:\program files\RISING\RAV\Ravmond.exe [?]
S3 DrvFltIp;DrvFltIp;\??\c:\documents and settings\user\Local Settings\TEMP\DrvFltIp --> c:\documents and settings\user\Local Settings\TEMP\DrvFltIp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-02-23 13224]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2008-06-24 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-02-23 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-02-23 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-02-23 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-02-23 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-02-23 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-02-23 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-02-23 115752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cfb2236-87e3-11dd-9341-0019dbb21520}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cfb2238-87e3-11dd-9341-0019dbb21520}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79e2952c-8802-11dd-9343-0019dbb21520}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.tw\www.msi
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\1adhcgqz.default\
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 17:46:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DrvFltIp]
"ImagePath"="\??\c:\documents and settings\user\Local Settings\TEMP\DrvFltIp"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-606747145-616249376-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-606747145-616249376-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cc,a4,9b,8c,85,17,7c,21,92,ed,31,f4,60,d8,31,d4,98,4c,99,79,65,d0,a8,
4b,02,b7,d5,fa,79,dd,3b,a4,48,07,0f,7c,e4,db,89,34,60,df,31,5c,95,68,cd,64,\
"??"=hex:73,2c,19,bb,89,2f,7c,8c,63,f5,6f,22,92,d8,b3,cc

[HKEY_USERS\S-1-5-21-606747145-616249376-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b0,91,0f,49,e0,ce,c1,8b,12,4e,e5,f5,6a,cb,e9,3e,db,38,f5,f3,59,
38,5b,b7,88,31,c4,c1,3a,ed,22,49,c1,b0,8d,15,a8,c0,a9,c6,a7,7c,55,35,0c,a1,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1044)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2009-03-22 17:50:23
ComboFix-quarantined-files.txt 2009-03-22 16:50:19
ComboFix2.txt 2009-03-22 12:29:38
ComboFix3.txt 2009-03-22 06:23:19

Před spuštěním: 5,191,163,904
Po spuštění: 5,153,198,080

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
388 --- E O F --- 2009-01-15 22:00:13


a log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:10, on 22.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verdiem\Edison\edsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Documents and Settings\user\Plocha\Martin\Ostatní\cryptload\CryptLoad.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ABExpress] C:\Documents and Settings\All Users\Data aplikací\AB Studio\ABExpress.exe -i
O4 - HKLM\..\Run: [Edison] "C:\Program Files\Verdiem\Edison\Edison.exe" /autolaunched
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [razac] "C:\Program Files\razac.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - CryptLoad.exe (2).lnk = ?
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2616334468
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Edison Power Management Service (edsvc) - Verdiem - C:\Program Files\Verdiem\Edison\edsvc.exe
O23 - Service: Eset Remote Administrator Server (ERA_SERVER) - Unknown owner - C:\Program Files\Eset\Eset Remote Administrator\Server\era.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Unknown owner - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe (file missing)
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 10217 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [razac] "C:\Program Files\razac.exe"
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Eset Remote Administrator Server (ERA_SERVER) - Unknown owner - C:\Program Files\Eset\Eset Remote Administrator\Server\era.exe (file missing)


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž a zapni si AVG.


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Ten soubor c:\windows\system32\msnasec.dIl jsi netestoval, jak jsem psal výše?
Jinak je to vše.