Prosím o preventivní kontrolu logu Vyřešeno

[akiller]

Hezký den, prosím o preventivní kontrolu logu HiJack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:54:45, on 14.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Seznam.cz\postak.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Diar\Diar.exe
C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Diar.exe] C:\Program Files\Diar\Diar.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6886.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{262E9174-1DB6-470F-A60D-66F7ED01E115}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{262E9174-1DB6-470F-A60D-66F7ED01E115}: NameServer = 156.154.70.25,156.154.71.25
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Active@ Disk Monitor - LSoft Technologies Inc - C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8171 bytes

[Reklama]

[Žbeky]

Odinstaluj
SUPERAntiSpyware

V HJT fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6886.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[akiller]

Antispyware odinstalován, fixnuto, ATF použit. Tady je log z Malwarebytes Anti Malware:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6051

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14.3.2011 16:03:05
mbam-log-2011-03-14 (16-03-05).txt

Typ kontroly: Rychlý test
Testované objekty: 155437
Uplynulý čas: 3 minut, 32 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[akiller]

Jelikož Žbeky dvě hodiny na toto vlákno nereagoval a nezdá se, že by byl online, mohu si dovolit požádat o radu jiného dostupného zkušeného moderátora?

[Žbeky]

Jsme tu na vás všechny 4 a opravdu tu nemůžeme sedět jak žába na prameni celý den...

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[akiller]

Omlouvám se, nemyslel jsem to nijak špatně, je mi jasné, že tu máte práce nad hlavu, ale když jsem tě neviděl online, nevěděl jsem, co se děje....

Tady je log z ComboFix:

ComboFix 11-03-13.02 - Petr Mach 14.03.2011 18:30:33.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1166 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr Mach\Plocha\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\PETRMA~1\LOCALS~1\Temp\SAS408.tmp
c:\docume~1\PETRMA~1\LOCALS~1\Temp\SAS409.tmp
c:\documents and settings\Petr Mach\Local Settings\temp\SAS408.tmp
c:\documents and settings\Petr Mach\Local Settings\temp\SAS409.tmp
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-14 do 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-14 12:53 . 2011-03-14 12:53 388096 ----a-r- c:\documents and settings\Petr Mach\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-14 06:29 . 2011-03-14 06:29 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CA133276-BA6A-46DE-A9FF-6C4E1E962AA0}\MpKsl43c9832b.sys
2011-03-13 18:55 . 2011-03-13 18:55 -------- d--h--w- c:\program files\InstallJammer Registry
2011-03-13 18:55 . 2011-03-13 18:55 -------- d-----w- c:\program files\Esmska
2011-03-13 18:45 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CA133276-BA6A-46DE-A9FF-6C4E1E962AA0}\mpengine.dll
2011-03-10 12:18 . 2011-03-10 12:18 -------- d---a-w- c:\windows\rundll16.exe
2011-03-10 12:18 . 2011-03-10 12:18 -------- d---a-w- c:\windows\logo1_.exe
2011-03-10 10:35 . 2011-03-10 10:35 -------- d-----w- C:\VritualRoot
2011-03-06 10:15 . 2011-03-07 19:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-03-06 10:15 . 2011-03-07 19:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-03-06 09:49 . 2011-03-06 09:49 -------- d-----w- c:\program files\Diar
2011-03-06 08:19 . 2011-03-06 08:19 -------- d-----w- c:\windows\IrfanView
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-03-06 08:14 . 2011-03-06 08:17 -------- d-----w- c:\program files\QuickTime
2011-03-06 07:43 . 2011-03-06 07:43 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Secunia PSI
2011-03-06 07:43 . 2011-03-06 07:43 -------- d-----w- c:\program files\Secunia
2011-03-06 07:22 . 2011-03-06 07:22 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\PicasaDownloader
2011-03-05 18:06 . 2011-03-05 18:14 -------- d-----w- c:\documents and settings\Petr Mach\Data aplikací\Efficient Diary
2011-03-05 17:43 . 2011-03-05 17:43 -------- d-----w- c:\program files\Planner
2011-02-27 16:18 . 2011-02-27 16:18 -------- d-----w- c:\program files\VideoLAN
2011-02-19 18:28 . 2011-02-19 18:28 -------- d-----w- c:\documents and settings\Petr Mach\Data aplikací\DDMSettings
2011-02-19 18:20 . 2011-02-19 18:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DivX
2011-02-17 10:52 . 2011-02-17 10:52 -------- d-----w- c:\program files\Sandboxie
2011-02-15 13:34 . 2011-02-15 13:34 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456
2011-02-15 13:26 . 2011-02-15 13:27 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-06 08:34 . 2010-04-20 19:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-06 08:34 . 2009-10-09 12:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-11 06:54 . 2011-01-27 08:29 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 12:55 . 2011-01-26 07:38 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-02-02 07:58 . 2009-10-09 11:29 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-02-01 13:32 . 2011-02-01 13:32 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-01-27 11:57 . 2009-10-09 11:29 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-20 22:32 . 2010-09-10 22:41 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-20 22:32 . 2010-09-10 22:40 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-20 22:32 . 2010-09-10 22:40 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-20 22:32 . 2010-09-10 22:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-20 22:32 . 2010-09-10 22:40 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-20 13:19 . 2011-01-20 13:19 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-01-20 13:19 . 2011-01-20 13:19 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-01-07 14:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2006-03-02 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-27 09:29 . 2010-12-27 09:20 2377696 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-12-27 09:20 . 2010-12-27 09:20 18368 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-12-22 20:11 . 2010-12-22 20:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-22 12:34 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2006-03-02 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2010-11-01 17:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-11-01 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-03-01 451224]
"Diar.exe"="c:\program files\Diar\Diar.exe" [2006-11-01 1523200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]
"nwiz"="nwiz.exe" [2007-04-20 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-20 2548552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Petr Mach^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 15:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 15:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-10-17 22:42 404200 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\Microsoft Research\\Microsoft WorldWide Telescope\\WWTExplorer.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26.1.2011 0:50 64288]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3.2.2011 8:51 14776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.12.2009 19:27 697328]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 23:40 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 23:40 27576]
R1 MpKsl43c9832b;MpKsl43c9832b;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CA133276-BA6A-46DE-A9FF-6C4E1E962AA0}\MpKsl43c9832b.sys [14.3.2011 7:29 28752]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 11:07 61424]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2.5.2010 16:37 1127944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.12.2009 21:37 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.12.2010 10:05 1405384]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 16:21 30720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL43C9832B
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 13:06]
.
2011-03-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Doplňkový sken -------
.
mSearch Bar = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {262E9174-1DB6-470F-A60D-66F7ED01E115} = 156.154.70.25,156.154.71.25
FF - ProfilePath - c:\documents and settings\Petr Mach\Data aplikací\Mozilla\Firefox\Profiles\8u6sadbv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2186473&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-14 18:34
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
Celkový čas: 2011-03-14 18:36:50
ComboFix-quarantined-files.txt 2011-03-14 17:36
.
Před spuštěním: Volných bajtů: 57 473 425 408
Po spuštění: Volných bajtů: 58 067 820 544
.
- - End Of File - - FE3109C9547EDB255162A9452DC6A9A4

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Odinstaluj Ad-Watch Live!

Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

DirLook::
c:\windows\rundll16.exe
c:\windows\logo1_.exe
c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456
c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

File::
c:\windows\Tasks\Ad-Aware Update (Weekly).job

Firefox::
FF - ProfilePath - c:\documents and settings\Petr Mach\Data aplikací\Mozilla\Firefox\Profiles\8u6sadbv.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2186473&q=

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[akiller]

Po použití ComboFixu se počítač restartoval, ale žádný log se nevygeneroval. Spustil jsem tedy ComboFix, doufám, že to nevadí... Tady je log:

ComboFix 11-03-13.02 - Petr Mach 14.03.2011 19:49:44.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1398 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr Mach\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\Tasks\Ad-Aware Update (Weekly).job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-14 do 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-14 18:32 . 2011-03-14 18:32 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6AB55C2B-D0A2-4D57-BD63-F7E820E25C4F}\MpKsl0096749d.sys
2011-03-14 17:39 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6AB55C2B-D0A2-4D57-BD63-F7E820E25C4F}\mpengine.dll
2011-03-14 12:53 . 2011-03-14 12:53 388096 ----a-r- c:\documents and settings\Petr Mach\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-13 18:55 . 2011-03-13 18:55 -------- d--h--w- c:\program files\InstallJammer Registry
2011-03-13 18:55 . 2011-03-13 18:55 -------- d-----w- c:\program files\Esmska
2011-03-10 12:18 . 2011-03-10 12:18 -------- d---a-w- c:\windows\rundll16.exe
2011-03-10 12:18 . 2011-03-10 12:18 -------- d---a-w- c:\windows\logo1_.exe
2011-03-10 10:35 . 2011-03-10 10:35 -------- d-----w- C:\VritualRoot
2011-03-06 10:15 . 2011-03-07 19:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-03-06 10:15 . 2011-03-07 19:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-03-06 09:49 . 2011-03-06 09:49 -------- d-----w- c:\program files\Diar
2011-03-06 08:19 . 2011-03-06 08:19 -------- d-----w- c:\windows\IrfanView
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-03-06 08:14 . 2011-03-06 08:17 -------- d-----w- c:\program files\QuickTime
2011-03-06 07:43 . 2011-03-06 07:43 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Secunia PSI
2011-03-06 07:43 . 2011-03-06 07:43 -------- d-----w- c:\program files\Secunia
2011-03-06 07:22 . 2011-03-06 07:22 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\PicasaDownloader
2011-03-05 18:06 . 2011-03-05 18:14 -------- d-----w- c:\documents and settings\Petr Mach\Data aplikací\Efficient Diary
2011-03-05 17:43 . 2011-03-05 17:43 -------- d-----w- c:\program files\Planner
2011-02-27 16:18 . 2011-02-27 16:18 -------- d-----w- c:\program files\VideoLAN
2011-02-19 18:28 . 2011-02-19 18:28 -------- d-----w- c:\documents and settings\Petr Mach\Data aplikací\DDMSettings
2011-02-19 18:20 . 2011-02-19 18:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DivX
2011-02-17 10:52 . 2011-02-17 10:52 -------- d-----w- c:\program files\Sandboxie
2011-02-15 13:34 . 2011-02-15 13:34 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456
2011-02-15 13:26 . 2011-02-15 13:27 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-06 08:34 . 2010-04-20 19:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-06 08:34 . 2009-10-09 12:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-11 06:54 . 2011-01-27 08:29 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-10-09 11:29 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-02-01 13:32 . 2011-02-01 13:32 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-01-27 11:57 . 2009-10-09 11:29 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-20 22:32 . 2010-09-10 22:41 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-20 22:32 . 2010-09-10 22:40 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-20 22:32 . 2010-09-10 22:40 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-20 22:32 . 2010-09-10 22:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-20 22:32 . 2010-09-10 22:40 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-20 13:19 . 2011-01-20 13:19 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-01-20 13:19 . 2011-01-20 13:19 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-01-07 14:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2006-03-02 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-27 09:29 . 2010-12-27 09:20 2377696 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-12-27 09:20 . 2010-12-27 09:20 18368 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-12-22 20:11 . 2010-12-22 20:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-22 12:34 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2006-03-02 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2010-11-01 17:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-11-01 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-14_17.35.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-14 18:46 . 2011-03-14 18:46 16384 c:\windows\temp\Perflib_Perfdata_5fc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-03-01 451224]
"Diar.exe"="c:\program files\Diar\Diar.exe" [2006-11-01 1523200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]
"nwiz"="nwiz.exe" [2007-04-20 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-20 2548552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Petr Mach^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 15:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 15:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-10-17 22:42 404200 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\Microsoft Research\\Microsoft WorldWide Telescope\\WWTExplorer.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26.1.2011 0:50 64288]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3.2.2011 8:51 14776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.12.2009 19:27 697328]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 23:40 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 23:40 27576]
R1 MpKsl0096749d;MpKsl0096749d;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6AB55C2B-D0A2-4D57-BD63-F7E820E25C4F}\MpKsl0096749d.sys [14.3.2011 19:32 28752]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 11:07 61424]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2.5.2010 16:37 1127944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.12.2009 21:37 135664]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 16:21 30720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Doplňkový sken -------
.
mSearch Bar = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {262E9174-1DB6-470F-A60D-66F7ED01E115} = 156.154.70.25,156.154.71.25
FF - ProfilePath - c:\documents and settings\Petr Mach\Data aplikací\Mozilla\Firefox\Profiles\8u6sadbv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-14 19:54
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
Celkový čas: 2011-03-14 19:56:22
ComboFix-quarantined-files.txt 2011-03-14 18:56
ComboFix2.txt 2011-03-14 17:36
.
Před spuštěním: Volných bajtů: 59 078 873 088
Po spuštění: Volných bajtů: 59 050 508 288
.
- - End Of File - - 85652E28E7B34415BF767C80AE694A08

[Žbeky]

To co jsem potřeboval tam není.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

DirLook::
c:\windows\rundll16.exe
c:\windows\logo1_.exe
c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456
c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[akiller]

Tak teď by to mělo být v pořádku =)

ComboFix 11-03-13.02 - Petr Mach 14.03.2011 20:13:42.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1408 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr Mach\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr Mach\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-14 do 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-14 18:58 . 2011-03-14 18:58 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{77B9B837-DEB7-4B30-9F0A-F06B0B9AA36E}\MpKsld24bdf81.sys
2011-03-14 18:58 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{77B9B837-DEB7-4B30-9F0A-F06B0B9AA36E}\mpengine.dll
2011-03-14 12:53 . 2011-03-14 12:53 388096 ----a-r- c:\documents and settings\Petr Mach\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-13 18:55 . 2011-03-13 18:55 -------- d--h--w- c:\program files\InstallJammer Registry
2011-03-13 18:55 . 2011-03-13 18:55 -------- d-----w- c:\program files\Esmska
2011-03-10 12:18 . 2011-03-10 12:18 -------- d---a-w- c:\windows\rundll16.exe
2011-03-10 12:18 . 2011-03-10 12:18 -------- d---a-w- c:\windows\logo1_.exe
2011-03-10 10:35 . 2011-03-10 10:35 -------- d-----w- C:\VritualRoot
2011-03-06 10:15 . 2011-03-07 19:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-03-06 10:15 . 2011-03-07 19:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-03-06 09:49 . 2011-03-06 09:49 -------- d-----w- c:\program files\Diar
2011-03-06 08:19 . 2011-03-06 08:19 -------- d-----w- c:\windows\IrfanView
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-03-06 08:14 . 2011-03-06 08:17 -------- d-----w- c:\program files\QuickTime
2011-03-06 07:43 . 2011-03-06 07:43 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Secunia PSI
2011-03-06 07:43 . 2011-03-06 07:43 -------- d-----w- c:\program files\Secunia
2011-03-06 07:22 . 2011-03-06 07:22 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\PicasaDownloader
2011-03-05 18:06 . 2011-03-05 18:14 -------- d-----w- c:\documents and settings\Petr Mach\Data aplikací\Efficient Diary
2011-03-05 17:43 . 2011-03-05 17:43 -------- d-----w- c:\program files\Planner
2011-02-27 16:18 . 2011-02-27 16:18 -------- d-----w- c:\program files\VideoLAN
2011-02-19 18:28 . 2011-02-19 18:28 -------- d-----w- c:\documents and settings\Petr Mach\Data aplikací\DDMSettings
2011-02-19 18:20 . 2011-02-19 18:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DivX
2011-02-17 10:52 . 2011-02-17 10:52 -------- d-----w- c:\program files\Sandboxie
2011-02-15 13:34 . 2011-02-15 13:34 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456
2011-02-15 13:26 . 2011-02-15 13:27 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-06 08:34 . 2010-04-20 19:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-06 08:34 . 2009-10-09 12:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-11 06:54 . 2011-01-27 08:29 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-10-09 11:29 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-02-01 13:32 . 2011-02-01 13:32 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-01-27 11:57 . 2009-10-09 11:29 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-20 22:32 . 2010-09-10 22:41 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-20 22:32 . 2010-09-10 22:40 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-20 22:32 . 2010-09-10 22:40 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-20 22:32 . 2010-09-10 22:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-20 22:32 . 2010-09-10 22:40 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-20 13:19 . 2011-01-20 13:19 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-01-20 13:19 . 2011-01-20 13:19 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-01-07 14:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2006-03-02 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-27 09:29 . 2010-12-27 09:20 2377696 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-12-27 09:20 . 2010-12-27 09:20 18368 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-12-22 20:11 . 2010-12-22 20:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-22 12:34 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2006-03-02 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2010-11-01 17:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-11-01 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072 ----
.
2007-12-19 12:46 . 2007-12-19 12:46 2688392 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\Setup.exe
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\tr_TR.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\uk_UA.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\vi_VN.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\zh_CN.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\zh_TW.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\pt_BR.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\ro_RO.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\ru_RU.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\sh_YU.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\sk_SK.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\sl_SI.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\sq_AL.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\sv_SE.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\th_TH.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\hi_IN.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\hr_HR.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\hu_HU.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\is_IS.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\it_IT.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\ja_JP.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\ko_KR.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\lt_LT.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\lv_LV.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\mk_MK.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\nb_NO.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\nl_NL.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\pl_PL.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\el_GR.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\en_GB.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\en_XC.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\en_XM.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\es_ES.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\es_QM.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\et_EE.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\fi_FI.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\fr_FR.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\fr_XM.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\he_IL.mst
2007-12-19 12:46 . 2007-12-19 12:46 2437632 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\AdobeExtendScriptToolkit2.0.2All.msi
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\ar_AE.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\be_BY.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\bg_BG.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\ca_ES.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\cs_CZ.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\da_DK.mst
2007-12-19 12:46 . 2007-12-19 12:46 4608 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\de_DE.mst
2007-12-19 12:46 . 2007-12-19 12:46 4096 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\en_US.mst
2007-12-19 12:46 . 2007-12-19 12:46 6407837 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\AdobeExtendScriptToolkit2.0.2All1.cab
2007-12-19 12:45 . 2007-12-19 12:45 1900544 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\WinBootstrapper.msi
2007-12-19 12:45 . 2007-12-19 12:45 7196 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\AdobeExtendScriptToolkit2.0.2All.boot.xml
2007-12-19 12:45 . 2007-12-19 12:45 1898247 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\AdobeExtendScriptToolkit2.0.2All\AdobeExtendScriptToolkit2.0.2All.proxy.xml
2007-12-19 12:45 . 2011-02-15 13:27 2819 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\Deployment.xml
2007-12-19 12:45 . 2007-12-19 12:45 320 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\payloads\Setup.xml
2007-12-19 06:54 . 2007-12-19 06:54 514375 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\WinBootstrapper1.cab
2007-12-19 06:54 . 2007-12-19 06:54 7292 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\main.html
2007-12-19 06:54 . 2007-12-19 06:54 25990 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\main.xml
2007-12-19 06:54 . 2007-12-19 06:54 583 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\common\alert\alert.css
2007-12-19 06:54 . 2007-12-19 06:54 2412 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\common\alert\alert.html
2007-12-19 06:54 . 2007-12-19 06:54 508 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\common\alert\alert_ie.css
2007-12-19 06:54 . 2007-12-19 06:54 623 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\common\alert\alert_rtl.css
2007-12-19 06:54 . 2007-12-19 06:54 548 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\common\alert\alert_rtl_ie.css
2007-12-19 06:54 . 2007-12-19 06:54 32241 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\common\scripts\ContainerProxy.js
2007-12-19 06:54 . 2007-12-19 06:54 10366 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\common\scripts\localization.js
2007-12-19 06:54 . 2007-12-19 06:54 46303 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\common\scripts\silentWorkflow.js
2007-12-19 06:54 . 2007-12-19 06:54 109621 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\common\scripts\utils.js
2007-12-19 06:54 . 2007-12-19 06:54 1572 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\media\css\styles.css
2007-12-19 06:54 . 2007-12-19 06:54 270 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\media\img\progbarLeft_on.png
2007-12-19 06:54 . 2007-12-19 06:54 273 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\media\img\progbarRight.png
2007-12-19 06:54 . 2007-12-19 06:54 162 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\media\img\progbar_on.png
2007-12-19 06:54 . 2007-12-19 06:54 1692 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\resources\media\img\progbox.png
2007-12-19 06:54 . 2007-12-19 06:54 4584688 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\redist\WindowsXP-KB898715-x64-enu.exe
2007-12-19 06:54 . 2007-12-19 06:54 4584688 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\redist\WindowsServer2003-KB898715-x64-enu.exe
2007-12-19 06:54 . 2007-12-19 06:54 1536752 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\redist\WindowsServer2003-KB898715-x86-enu.exe
2007-12-19 06:54 . 2007-12-19 06:54 5960944 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\redist\WindowsServer2003-KB898715-ia64-enu.exe
2007-12-19 06:53 . 2007-12-19 06:53 2585872 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072\redist\WindowsInstaller-KB893803-v2-x86.exe
.
---- Directory of c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456 ----
.
2007-05-29 10:05 . 2011-02-15 13:34 2193 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\Deployment.xml
2007-05-29 10:05 . 2007-05-29 10:05 312 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\payloads\Setup.xml
2007-05-29 10:05 . 2007-05-29 10:05 1815552 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\payloads\AdobeColorCommonSet1.0.1All\AdobeColorCommonSet1.0.1All.msi
2007-05-29 10:05 . 2007-05-29 10:05 5548570 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\payloads\AdobeColorCommonSet1.0.1All\AdobeColorCommonSet1.0.1All1.cab
2007-05-29 10:05 . 2007-05-29 10:05 1900544 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\WinBootstrapper.msi
2007-05-29 10:05 . 2007-05-29 10:05 5882 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\payloads\AdobeColorCommonSet1.0.1All\AdobeColorCommonSet1.0.1All.boot.xml
2007-05-29 10:05 . 2007-05-29 10:05 8230 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\payloads\AdobeColorCommonSet1.0.1All\AdobeColorCommonSet1.0.1All.proxy.xml
2007-05-29 10:01 . 2007-05-29 10:01 511676 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\WinBootstrapper1.cab
2007-05-29 10:01 . 2007-05-29 10:01 7292 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\resources\main.html
2007-05-29 10:01 . 2007-05-29 10:01 25993 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\resources\main.xml
2007-05-29 10:01 . 2007-05-29 10:01 583 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\resources\common\alert\alert.css
2007-05-29 10:01 . 2007-05-29 10:01 2418 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\resources\common\alert\alert.html
2007-05-29 10:01 . 2007-05-29 10:01 508 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\resources\common\alert\alert_ie.css
2007-05-29 10:01 . 2007-05-29 10:01 32241 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\resources\common\scripts\ContainerProxy.js
2007-05-29 10:01 . 2007-05-29 10:01 9181 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\resources\common\scripts\localization.js
2007-05-29 10:01 . 2007-05-29 10:01 46303 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\resources\common\scripts\silentWorkflow.js
2007-05-29 10:01 . 2007-05-29 10:01 110156 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\resources\common\scripts\utils.js
2007-05-29 10:01 . 2007-05-29 10:01 1572 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\resources\media\css\styles.css
2007-05-29 10:01 . 2007-05-29 10:01 270 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\resources\media\img\progbarLeft_on.png
2007-05-29 10:01 . 2007-05-29 10:01 273 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\resources\media\img\progbarRight.png
2007-05-29 10:01 . 2007-05-29 10:01 162 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\resources\media\img\progbar_on.png
2007-05-29 10:01 . 2007-05-29 10:01 1692 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\resources\media\img\progbox.png
2007-05-29 10:01 . 2007-05-29 10:01 2641920 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\Setup.exe
2007-05-29 10:00 . 2007-05-29 10:00 4584688 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\redist\WindowsXP-KB898715-x64-enu.exe
2007-05-29 10:00 . 2007-05-29 10:00 1536752 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\redist\WindowsServer2003-KB898715-x86-enu.exe
2007-05-29 10:00 . 2007-05-29 10:00 4584688 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\redist\WindowsServer2003-KB898715-x64-enu.exe
2007-05-29 10:00 . 2007-05-29 10:00 5960944 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\redist\WindowsServer2003-KB898715-ia64-enu.exe
2007-05-29 10:00 . 2007-05-29 10:00 2585872 ----a-w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456\redist\WindowsInstaller-KB893803-v2-x86.exe
.
---- Directory of c:\windows\logo1_.exe ----
.
.
---- Directory of c:\windows\rundll16.exe ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-14_17.35.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-14 19:18 . 2011-03-14 19:18 16384 c:\windows\temp\Perflib_Perfdata_2c8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-03-01 451224]
"Diar.exe"="c:\program files\Diar\Diar.exe" [2006-11-01 1523200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]
"nwiz"="nwiz.exe" [2007-04-20 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-20 2548552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Petr Mach^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 15:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 15:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-10-17 22:42 404200 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\Microsoft Research\\Microsoft WorldWide Telescope\\WWTExplorer.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26.1.2011 0:50 64288]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3.2.2011 8:51 14776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.12.2009 19:27 697328]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 23:40 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 23:40 27576]
R1 MpKsld24bdf81;MpKsld24bdf81;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{77B9B837-DEB7-4B30-9F0A-F06B0B9AA36E}\MpKsld24bdf81.sys [14.3.2011 19:58 28752]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 11:07 61424]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2.5.2010 16:37 1127944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.12.2009 21:37 135664]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 16:21 30720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Doplňkový sken -------
.
mSearch Bar = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {262E9174-1DB6-470F-A60D-66F7ED01E115} = 156.154.70.25,156.154.71.25
FF - ProfilePath - c:\documents and settings\Petr Mach\Data aplikací\Mozilla\Firefox\Profiles\8u6sadbv.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (Eng)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-14 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\MPR.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-03-14 20:23:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-14 19:23
ComboFix2.txt 2011-03-14 18:56
ComboFix3.txt 2011-03-14 17:36
.
Před spuštěním: Volných bajtů: 58 982 645 760
Po spuštění: Volných bajtů: 58 962 911 232
.
- - End Of File - - 4B08CBE7E9C6B21685B92C90626D758B

[Žbeky]

Tak ještě jeden skript

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\windows\rundll16.exe
c:\windows\logo1_.exe


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[akiller]

Tady to je:

ComboFix 11-03-13.02 - Petr Mach 14.03.2011 21:14:42.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1387 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr Mach\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr Mach\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\logo1_.exe
c:\windows\rundll16.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-14 do 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-14 19:23 . 2011-03-14 19:23 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{1B346918-D1C9-48C8-B526-CB591C13D456}\MpKsl1b21c7c2.sys
2011-03-14 19:23 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{1B346918-D1C9-48C8-B526-CB591C13D456}\mpengine.dll
2011-03-14 12:53 . 2011-03-14 12:53 388096 ----a-r- c:\documents and settings\Petr Mach\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-13 18:55 . 2011-03-13 18:55 -------- d--h--w- c:\program files\InstallJammer Registry
2011-03-13 18:55 . 2011-03-13 18:55 -------- d-----w- c:\program files\Esmska
2011-03-10 10:35 . 2011-03-10 10:35 -------- d-----w- C:\VritualRoot
2011-03-06 10:15 . 2011-03-07 19:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-03-06 10:15 . 2011-03-07 19:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-03-06 09:49 . 2011-03-06 09:49 -------- d-----w- c:\program files\Diar
2011-03-06 08:19 . 2011-03-06 08:19 -------- d-----w- c:\windows\IrfanView
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-06 08:15 . 2011-03-06 08:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-03-06 08:14 . 2011-03-06 08:17 -------- d-----w- c:\program files\QuickTime
2011-03-06 07:43 . 2011-03-06 07:43 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Secunia PSI
2011-03-06 07:43 . 2011-03-06 07:43 -------- d-----w- c:\program files\Secunia
2011-03-06 07:22 . 2011-03-06 07:22 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\PicasaDownloader
2011-03-05 18:06 . 2011-03-05 18:14 -------- d-----w- c:\documents and settings\Petr Mach\Data aplikací\Efficient Diary
2011-03-05 17:43 . 2011-03-05 17:43 -------- d-----w- c:\program files\Planner
2011-02-27 16:18 . 2011-02-27 16:18 -------- d-----w- c:\program files\VideoLAN
2011-02-19 18:28 . 2011-02-19 18:28 -------- d-----w- c:\documents and settings\Petr Mach\Data aplikací\DDMSettings
2011-02-19 18:20 . 2011-02-19 18:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DivX
2011-02-17 10:52 . 2011-02-17 10:52 -------- d-----w- c:\program files\Sandboxie
2011-02-15 13:34 . 2011-02-15 13:34 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3456
2011-02-15 13:26 . 2011-02-15 13:27 -------- d-----w- c:\documents and settings\Petr Mach\Local Settings\Data aplikací\Installer3072
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-06 08:34 . 2010-04-20 19:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-06 08:34 . 2009-10-09 12:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-11 06:54 . 2011-01-27 08:29 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-10-09 11:29 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-02-01 13:32 . 2011-02-01 13:32 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-01-27 11:57 . 2009-10-09 11:29 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-20 22:32 . 2010-09-10 22:41 285480 ----a-w- c:\windows\system32\guard32.dll
2011-01-20 22:32 . 2010-09-10 22:40 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-20 22:32 . 2010-09-10 22:40 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-20 22:32 . 2010-09-10 22:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-20 22:32 . 2010-09-10 22:40 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-20 13:19 . 2011-01-20 13:19 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-01-20 13:19 . 2011-01-20 13:19 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-01-07 14:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2006-03-02 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-27 09:29 . 2010-12-27 09:20 2377696 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-12-27 09:20 . 2010-12-27 09:20 18368 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-12-22 20:11 . 2010-12-22 20:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-22 12:34 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2006-03-02 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2010-11-01 17:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-11-01 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-14_17.35.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-14 19:18 . 2011-03-14 19:18 16384 c:\windows\temp\Perflib_Perfdata_2c8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-03-01 451224]
"Diar.exe"="c:\program files\Diar\Diar.exe" [2006-11-01 1523200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568]
"nwiz"="nwiz.exe" [2007-04-20 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-20 2548552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Petr Mach^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 15:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 15:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-10-17 22:42 404200 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\Microsoft Research\\Microsoft WorldWide Telescope\\WWTExplorer.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26.1.2011 0:50 64288]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3.2.2011 8:51 14776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.12.2009 19:27 697328]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 23:40 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 23:40 27576]
R1 MpKsl1b21c7c2;MpKsl1b21c7c2;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{1B346918-D1C9-48C8-B526-CB591C13D456}\MpKsl1b21c7c2.sys [14.3.2011 20:23 28752]
R1 MpKsld24bdf81;MpKsld24bdf81;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{77B9B837-DEB7-4B30-9F0A-F06B0B9AA36E}\MpKsld24bdf81.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{77B9B837-DEB7-4B30-9F0A-F06B0B9AA36E}\MpKsld24bdf81.sys [?]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 11:07 61424]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2.5.2010 16:37 1127944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.12.2009 21:37 135664]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 16:21 30720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL1B21C7C2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Doplňkový sken -------
.
mSearch Bar = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {262E9174-1DB6-470F-A60D-66F7ED01E115} = 156.154.70.25,156.154.71.25
FF - ProfilePath - c:\documents and settings\Petr Mach\Data aplikací\Mozilla\Firefox\Profiles\8u6sadbv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-14 21:18
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2872)
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-03-14 21:20:42
ComboFix-quarantined-files.txt 2011-03-14 20:20
ComboFix2.txt 2011-03-14 19:23
ComboFix3.txt 2011-03-14 18:56
ComboFix4.txt 2011-03-14 17:36
.
Před spuštěním: Volných bajtů: 58 953 760 768
Po spuštění: Volných bajtů: 58 926 571 520
.
- - End Of File - - 4398C7D40830DB6DE0E041980179F54E