Vyskakování webových oken*

[Damned]

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\programdata\Sukoku\sukoku113.exe

[Reklama]

[Laura]

a-squared 4.5.0.24 2009.08.26 -
AhnLab-V3 5.0.0.2 2009.08.26 -
AntiVir 7.9.1.7 2009.08.26 -
Antiy-AVL 2.0.3.7 2009.08.24 -
Authentium 5.1.2.4 2009.08.26 -
Avast 4.8.1335.0 2009.08.26 -
AVG 8.5.0.406 2009.08.26 -
BitDefender 7.2 2009.08.26 -
CAT-QuickHeal 10.00 2009.08.25 -
ClamAV 0.94.1 2009.08.26 -
Comodo 2100 2009.08.26 -
DrWeb 5.0.0.12182 2009.08.26 Adware.Seekser.1
eSafe 7.0.17.0 2009.08.26 -
eTrust-Vet 31.6.6702 2009.08.26 -
F-Prot 4.5.1.85 2009.08.25 -
F-Secure 8.0.14470.0 2009.08.26 -
Fortinet 3.120.0.0 2009.08.26 -
GData 19 2009.08.26 -
Ikarus T3.1.1.68.0 2009.08.26 -
Jiangmin 11.0.800 2009.08.26 -
K7AntiVirus 7.10.828 2009.08.26 -
Kaspersky 7.0.0.125 2009.08.26 -
McAfee 5721 2009.08.26 -
McAfee+Artemis 5721 2009.08.26 -
McAfee-GW-Edition 6.8.5 2009.08.26 Heuristic.BehavesLike.Win32.Backdoor.J
Microsoft 1.4903 2009.08.26 -
NOD32 4369 2009.08.26 -
Norman 2009.08.26 -
nProtect 2009.1.8.0 2009.08.26 -
Panda 10.0.2.2 2009.08.26 -
PCTools 4.4.2.0 2009.08.26 -
Prevx 3.0 2009.08.26 -
Rising 21.44.11.00 2009.08.25 AdWare.Win32.Zwangi.a
Sophos 4.44.0 2009.08.26 -
Sunbelt 3.2.1858.2 2009.08.26 -
Symantec 1.4.4.12 2009.08.26 -
TheHacker 6.3.4.3.388 2009.08.25 -
TrendMicro 8.950.0.1094 2009.08.26 -
VBA32 3.12.10.10 2009.08.26 -
ViRobot 2009.8.26.1903 2009.08.26 -
VirusBuster 4.6.5.0 2009.08.26 -
Rozšiřující informace
File size: 589824 bytes
MD5...: 9427795ef1ea6fb767af2ad154251682
SHA1..: 2897f63fe01b406a2cb445959033cb46fd2bc2b5
SHA256: b10cccb01658438fe686270c373443aa2c5345de60874f600280f1ce8439af82
ssdeep: 12288:Jba9gJPaTzmPoIEX11uvYp9844vUe/haa/GXqlK6DMoYFTUXJOD+1Jq:wC
PyIE/uvS9844ea/qaK6DMoYiXcDUJq

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3556
timedatestamp.....: 0x4a846cc8 (Thu Aug 13 19:43:04 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7b49 0x8000 6.47 7568e28a9deaf872b47139e46e35c031
.rdata 0x9000 0x20a3 0x3000 3.81 d73890effafb3c4016b79a42f2572ee5
.data 0xc000 0x127c 0x1000 1.92 acc2637f33689ba998abd4ee2f6ab233
.rsrc 0xe000 0x80060 0x81000 7.99 4bdf431791ff37f0bf49bc873317dc22
.reloc 0x8f000 0x15ac 0x2000 2.61 0971511bddc4820d330abd5343c0166f

( 2 imports )
> KERNEL32.dll: LoadLibraryA, FreeLibrary, GetProcAddress, RtlUnwind, RaiseException, ExitProcess, GetCurrentThreadId, GetCommandLineA, GetVersionExA, HeapAlloc, HeapFree, TlsAlloc, SetLastError, GetLastError, TlsFree, TlsSetValue, TlsGetValue, GetModuleHandleA, SetUnhandledExceptionFilter, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleFileNameA, TerminateProcess, GetCurrentProcess, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, UnhandledExceptionFilter, WriteFile, VirtualAlloc, HeapReAlloc, IsBadWritePtr, HeapSize, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetCPInfo, InitializeCriticalSection, InterlockedExchange, VirtualQuery, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, LCMapStringW, VirtualProtect, GetSystemInfo
> USER32.dll: SetWindowsHookExA

( 7 exports )
Command, Install, Main, Opt, Service, SetProc, Uninstall

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

tam ten soubor byl nenalezen toto je sukoku.dll

[Laura]

MD5: 25cd927992ec19bb6e0ffb6f54f1728e
Poprvé zaslán: 2009.08.18 12:48:11 UTC
Datum: 2009.08.26 08:12:35 UTC [<1D]
Výsledky: 2/41
Stálý odkaz: analisis/1a4c379e23d1be287077734a012ee113bb73c4e023a327930d23748777aa8729-1251274355

nebo toto

[Damned]

Start-spustit-napiš: notepad a dej OK. Do něho vlož tento celý (bledě zelený) text:

Kód: Vybrat vše

dir \sukoku113.exe /a h /s > File.txt

uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

[Laura]

Svazek v jednotce C je System.
S‚riov‚ źˇslo svazku je A002-1EB4.

Věpis adres ýe C:\ProgramData\Sukoku

13.08.2009 21:43 49˙152 sukoku113.exe
Soubor…: 1, Bajt…: 49˙152

Věpis adres ýe C:\Users\All Users\Sukoku

13.08.2009 21:43 49˙152 sukoku113.exe
Soubor…: 1, Bajt…: 49˙152

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\users\Pavel\AppData\Roaming\nvModes.dat
c:\users\Pavel\AppData\Roaming\wklnhst.dat
c:\programdata\ezsidmv.dat
c:\programdata\Sukoku\sukoku113.exe
C:\Users\All Users\Sukoku\sukoku113.exe

Folder::
c:\programdata\NOS
c:\program files\NOS

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"=-

RegNull::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.

Toto otestuj na Virustotal
c:\program files\Light Sensor Utility\Sensor.exe
Vlož sem pak odkaz výsledku.

[Laura]

a-squared 4.5.0.24 2009.08.26 -
AhnLab-V3 5.0.0.2 2009.08.26 -
AntiVir 7.9.1.7 2009.08.26 -
Antiy-AVL 2.0.3.7 2009.08.24 -
Authentium 5.1.2.4 2009.08.26 -
Avast 4.8.1335.0 2009.08.26 -
AVG 8.5.0.406 2009.08.26 -
BitDefender 7.2 2009.08.26 -
CAT-QuickHeal 10.00 2009.08.25 -
ClamAV 0.94.1 2009.08.26 -
Comodo 2100 2009.08.26 -
DrWeb 5.0.0.12182 2009.08.26 -
eSafe 7.0.17.0 2009.08.26 -
eTrust-Vet 31.6.6702 2009.08.26 -
F-Prot 4.5.1.85 2009.08.25 -
F-Secure 8.0.14470.0 2009.08.26 -
Fortinet 3.120.0.0 2009.08.26 -
GData 19 2009.08.26 -
Ikarus T3.1.1.68.0 2009.08.26 -
Jiangmin 11.0.800 2009.08.26 -
K7AntiVirus 7.10.828 2009.08.26 -
Kaspersky 7.0.0.125 2009.08.26 -
McAfee 5721 2009.08.26 -
McAfee+Artemis 5721 2009.08.26 -
McAfee-GW-Edition 6.8.5 2009.08.26 -
Microsoft 1.4903 2009.08.26 -
NOD32 4370 2009.08.26 -
Norman 2009.08.26 -
nProtect 2009.1.8.0 2009.08.26 -
Panda 10.0.2.2 2009.08.26 -
PCTools 4.4.2.0 2009.08.26 -
Prevx 3.0 2009.08.26 -
Rising 21.44.11.00 2009.08.25 -
Sophos 4.44.0 2009.08.26 -
Sunbelt 3.2.1858.2 2009.08.26 -
Symantec 1.4.4.12 2009.08.26 -
TheHacker 6.3.4.3.388 2009.08.25 -
TrendMicro 8.950.0.1094 2009.08.26 -
VBA32 3.12.10.10 2009.08.26 -
ViRobot 2009.8.26.1903 2009.08.26 -
VirusBuster 4.6.5.0 2009.08.26 -
Rozšiřující informace
File size: 253952 bytes
MD5...: 1ee4ae45b9f00a5b0868db019bd66b63
SHA1..: 93ded1ad21f83f1fa18fc7a5ad7ba311f087f5b1
SHA256: 864e003ddceeae160df4e034df562220b54dee564b1e7043c38ea74e9aeb110b
ssdeep: 3072:+nFW5sgVjfNnTfR7sVB2tyqBEJrrovTfHiyKsPJYe40o/9oMpcvmEtbmlHX
qI5d6:BKKDR7sytf2rrgOtSyeranRjJq

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x17139
timedatestamp.....: 0x4681c3c4 (Wed Jun 27 01:56:20 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x27896 0x28000 6.62 6c98951f0ce91a57766bbdeda7649ecd
.rdata 0x29000 0xa442 0xb000 4.74 201941ae3cf355316ea8ebe522ef2468
.data 0x34000 0x5d3c 0x3000 2.99 3d3df4a634eecaeb97a1053f43e793db
.rsrc 0x3a000 0x61c8 0x7000 3.32 7188148765afce9cf75658c82a4f5ee2

( 10 imports )
> WINIO.dll: GetPortVal, ShutdownWinIo, InitializeWinIo, RemoveWinIoDriver, InstallWinIoDriver, SetPortVal
> WTSAPI32.dll: WTSRegisterSessionNotification, WTSUnRegisterSessionNotification
> KERNEL32.dll: GetCurrentProcess, CreateFileA, SetErrorMode, ExitProcess, RtlUnwind, HeapAlloc, HeapFree, HeapReAlloc, VirtualAlloc, GetCommandLineA, GetProcessHeap, GetStartupInfoA, RaiseException, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetACP, GetStdHandle, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, VirtualFree, HeapDestroy, HeapCreate, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, WritePrivateProfileStringA, GetOEMCP, GetCPInfo, GlobalFlags, GetThreadLocale, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, lstrcmpA, FreeResource, GetCurrentThreadId, GlobalFindAtomA, GlobalDeleteAtom, lstrcmpW, GetVersionExA, GetCurrentProcessId, LoadLibraryA, GlobalGetAtomNameA, GlobalAddAtomA, FreeLibrary, InterlockedDecrement, GetModuleFileNameW, GetModuleHandleA, GetProcAddress, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, MulDiv, SetLastError, lstrlenA, CompareStringA, GetVersion, MultiByteToWideChar, InterlockedExchange, CreateMutexA, GetLastError, GetPrivateProfileStringA, GetModuleFileNameA, SetCurrentDirectoryA, WideCharToMultiByte, FindResourceA, LoadResource, LockResource, SizeofResource, Sleep, OpenEventA, WaitForSingleObject, CloseHandle
> USER32.dll: GetDC, ReleaseDC, GetWindowDC, BeginPaint, EndPaint, ValidateRect, TranslateMessage, GetMessageA, ShowOwnedPopups, GetSysColorBrush, LoadCursorA, UnregisterClassA, InflateRect, GetMenuItemInfoA, IsDialogMessageA, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, ModifyMenuA, EnableMenuItem, CheckMenuItem, SendDlgItemMessageA, GetClassLongA, SetPropA, GetPropA, RemovePropA, GetWindowTextA, GetForegroundWindow, DispatchMessageA, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MapWindowPoints, GetClientRect, CreateWindowExA, ClientToScreen, RegisterClassA, AdjustWindowRectEx, ScreenToClient, DeferWindowPos, DefWindowProcA, CallWindowProcA, SystemParametersInfoA, GetWindowPlacement, GetSystemMetrics, UnpackDDElParam, ReuseDDElParam, GetClassNameA, GetSysColor, WinHelpA, SetWindowPos, SetFocus, GetWindowThreadProcessId, GetFocus, EqualRect, SetWindowLongA, GetKeyState, GetDlgCtrlID, GetMenu, SetCursor, PeekMessageA, GetCapture, ReleaseCapture, LoadAcceleratorsA, SetActiveWindow, IsWindowVisible, InvalidateRect, IsIconic, InsertMenuItemA, CreatePopupMenu, GetClassInfoA, IntersectRect, OffsetRect, SetRectEmpty, CopyRect, GetLastActivePopup, BringWindowToTop, SetMenu, GetDesktopWindow, GetWindow, ShowWindow, GetWindowLongA, IsWindow, TranslateAcceleratorA, GetMenuState, GetMenuItemID, GetMenuItemCount, EnumDisplaySettingsExA, GetDlgItem, SetWindowTextA, GetParent, GetWindowRect, PtInRect, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, FillRect, PostQuitMessage, CreateDialogIndirectParamA, GetNextDlgTabItem, EndDialog, GetClassInfoExA, MoveWindow, FindWindowA, EnableWindow, UpdateWindow, GetCursorPos, LoadMenuA, SendMessageA, PostMessageA, GetSubMenu, SetForegroundWindow, TrackPopupMenu, DestroyMenu, RegisterWindowMessageA, GetActiveWindow, SetWindowsHookExA, LoadIconA, DestroyIcon, SetTimer, MessageBoxA, KillTimer, CallNextHookEx, UnhookWindowsHookEx, IsWindowEnabled
> GDI32.dll: RectVisible, TextOutA, ExtTextOutA, Escape, SelectObject, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, DeleteDC, CreatePatternBrush, GetStockObject, PtVisible, CreateSolidBrush, CreateFontIndirectA, GetTextExtentPoint32A, DeleteObject, GetPixel, BitBlt, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateCompatibleDC, CreateCompatibleBitmap, GetDeviceCaps, SetMapMode, SetBkMode, RestoreDC, SaveDC, CreateBitmap
> WINSPOOL.DRV: OpenPrinterA, ClosePrinter, DocumentPropertiesA
> ADVAPI32.dll: RegQueryValueA, RegEnumKeyA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegOpenKeyA, RegQueryValueExA, RegCreateKeyA, RegSetValueExA, RegCloseKey, RegCreateKeyExA
> SHELL32.dll: DragFinish, DragQueryFileA, Shell_NotifyIconA
> SHLWAPI.dll: PathFindFileNameA, PathFindExtensionA
> OLEAUT32.dll: -, -, -

( 0 exports )

RDS...: NSRL Reference Data Set
-
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
pdfid.: -

[jaro3]

Je třeba provést ten script Combofixu (viz výše).

[Laura]

jo ale když to tam přetáhnu tak se mi otevře okno spustit. kliknu a začne se to načítat

[Damned]

jo ale když to tam přetáhnu tak se mi otevře okno spustit. kliknu a začne se to načítat

a dál co?

[Laura]

nechala jsem to načís a zase to smazalo ňaký soubory a tohle vyšlo

ComboFix 09-08-26.05 - Pavel 26.08.2009 21:46.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.1022.495 [GMT 2:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pavel\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\ezsidmv.dat"
"c:\programdata\Sukoku\sukoku113.exe"
"c:\users\All Users\Sukoku\sukoku113.exe"
"c:\users\Pavel\AppData\Roaming\nvModes.dat"
"c:\users\Pavel\AppData\Roaming\wklnhst.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\NOS
c:\programdata\ezsidmv.dat
c:\programdata\NOS
c:\programdata\NOS\Adobe_Downloads\arh.exe
c:\programdata\Sukoku\sukoku113.exe
c:\users\Pavel\AppData\Roaming\nvModes.dat
c:\users\Pavel\AppData\Roaming\wklnhst.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-26 do 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-26 19:56 . 2009-08-26 20:00 -------- d-----w- c:\users\Pavel\AppData\Local\temp
2009-08-26 19:56 . 2009-08-26 19:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-26 19:56 . 2009-08-26 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-26 14:24 . 2009-08-26 14:24 -------- d-----w- c:\windows\LastGood.Tmp
2009-08-26 12:54 . 2009-08-26 12:54 -------- d-----w- c:\users\Pavel\AppData\Roaming\PeerNetworking
2009-08-25 16:49 . 2009-08-25 16:49 -------- d-----w- c:\users\Pavel\AppData\Roaming\Malwarebytes
2009-08-25 16:49 . 2009-08-25 16:49 -------- d-----w- c:\programdata\Malwarebytes
2009-08-25 16:08 . 2009-08-25 16:08 -------- d-----w- c:\program files\Trend Micro
2009-08-22 08:29 . 2009-08-22 08:29 -------- d-----w- c:\program files\Alwil Software
2009-08-21 12:44 . 2009-08-21 12:53 -------- d-----w- c:\program files\PowerArchiver
2009-08-19 17:26 . 2009-08-26 19:55 -------- d-----w- c:\programdata\Sukoku
2009-08-19 17:26 . 2009-08-21 08:21 -------- d-----w- c:\program files\Sukoku
2009-08-15 11:42 . 2009-07-17 14:52 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-15 11:42 . 2009-06-10 12:16 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-15 11:42 . 2009-06-04 12:43 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-08-15 11:42 . 2009-06-04 12:36 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-08-15 11:42 . 2009-06-04 12:47 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-08-15 11:42 . 2009-06-10 12:10 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-08-15 11:42 . 2009-06-10 12:07 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-08-15 11:42 . 2009-06-10 12:04 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-08-15 11:42 . 2009-06-10 12:04 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-08-15 11:42 . 2009-06-10 12:10 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-08-15 11:42 . 2009-06-10 12:09 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-08-15 11:41 . 2009-07-14 13:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-15 11:41 . 2009-07-14 13:00 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-15 11:41 . 2009-07-14 13:01 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-15 11:41 . 2009-07-14 11:11 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-06 18:24 . 2009-08-06 18:24 -------- d-----w- c:\program files\iPod
2009-08-06 18:24 . 2009-08-06 18:24 -------- d-----w- c:\program files\iTunes
2009-08-06 18:22 . 2009-08-06 18:22 -------- d-----w- c:\program files\QuickTime
2009-08-06 18:16 . 2009-08-06 18:16 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-29 15:13 . 2009-08-19 17:26 -------- d-----w- c:\users\Pavel\Tracing

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 20:01 . 2009-08-26 20:01 27335 ----a-w- c:\users\Pavel\AppData\Roaming\nvModes.dat
2009-08-26 14:25 . 2007-01-08 21:09 81404 ----a-w- c:\windows\system32\perfc005.dat
2009-08-26 14:25 . 2007-01-08 21:09 473598 ----a-w- c:\windows\system32\perfh005.dat
2009-08-15 14:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-06 18:24 . 2009-03-21 13:52 -------- d-----w- c:\program files\Common Files\Apple
2009-08-06 18:24 . 2009-03-21 13:56 -------- d-----w- c:\programdata\Apple Computer
2009-08-06 18:03 . 2007-09-27 18:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-06 18:01 . 2007-09-27 18:39 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-29 19:33 . 2009-07-03 10:33 -------- d-----w- c:\users\Pavel\AppData\Roaming\Skype
2009-07-29 19:20 . 2009-07-03 10:55 -------- d-----w- c:\users\Pavel\AppData\Roaming\skypePM
2009-07-24 14:18 . 2009-07-23 07:59 -------- d-----w- c:\program files\CamSpace
2009-07-21 21:52 . 2009-07-29 10:54 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 10:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 10:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 10:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 20:45 . 2008-11-18 12:58 -------- d-----w- c:\program files\ICQ6Toolbar
2009-07-15 16:46 . 2009-07-15 16:39 -------- d-----w- c:\program files\ICQ6.5
2009-07-15 16:42 . 2008-11-18 12:58 -------- d-----w- c:\programdata\ICQ
2009-07-15 16:41 . 2009-07-07 10:27 -------- d-----w- c:\program files\ICQ6
2009-07-13 12:19 . 2009-07-08 13:57 -------- d-----w- c:\users\Pavel\AppData\Roaming\aHisoft
2009-07-13 10:57 . 2009-07-08 11:29 -------- d-----w- c:\program files\Common Files\Real
2009-07-13 10:55 . 2008-12-06 12:56 -------- d-----w- c:\program files\Google
2009-07-13 09:29 . 2009-07-13 09:29 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-08 18:15 . 2009-07-08 14:36 -------- d-----w- c:\programdata\Norton
2009-07-08 18:15 . 2009-07-08 14:36 -------- d-----w- c:\programdata\Symantec
2009-07-08 18:03 . 2009-07-08 18:03 -------- d-----w- c:\program files\CENZURA
2009-07-08 17:26 . 2009-07-08 17:26 -------- d-----w- c:\program files\FDRLab
2009-07-08 17:19 . 2009-07-08 17:03 -------- d-----w- c:\program files\YouTube Video Downloader
2009-07-08 16:00 . 2009-07-08 16:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-08 14:36 . 2009-07-08 14:36 -------- d-----w- c:\programdata\NortonInstaller
2009-07-08 13:14 . 2009-07-08 13:14 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-07-08 13:14 . 2009-07-08 13:14 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-08 13:14 . 2009-07-08 13:14 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-07-08 13:14 . 2009-07-08 13:14 158192 ------w- c:\windows\system32\pxwma.dll
2009-07-08 11:31 . 2009-07-08 11:31 -------- d-----w- c:\program files\Real
2009-07-08 11:25 . 2009-07-08 11:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-08 11:25 . 2009-07-08 11:25 -------- d-----w- c:\program files\Java
2009-07-08 10:18 . 2008-11-18 12:39 72568 ----a-w- c:\users\Pavel\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-07 17:22 . 2009-07-07 17:22 -------- d-----w- c:\program files\Dostihy 3000 Deluxe
2009-07-07 15:55 . 2009-03-09 15:53 -------- d-----w- c:\users\Pavel\AppData\Roaming\uTorrent
2009-07-07 15:54 . 2009-07-07 15:02 -------- d-----w- c:\program files\BitComet
2009-07-07 10:03 . 2009-07-07 10:02 -------- d-----w- c:\program files\ICQ612_18_53
2009-07-03 15:28 . 2009-07-03 15:28 -------- d-----w- c:\users\Pavel\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-07-03 10:32 . 2009-07-03 10:32 -------- d-----r- c:\program files\Skype
2009-07-03 10:32 . 2009-07-03 10:32 -------- d-----w- c:\program files\Common Files\Skype
2009-07-03 10:32 . 2009-07-03 10:31 -------- d-----w- c:\programdata\Skype
2009-07-03 10:26 . 2009-07-03 10:26 -------- d-----w- c:\programdata\WLInstaller
2009-07-03 10:14 . 2009-06-24 17:12 -------- d-----w- c:\program files\Microsoft
2009-06-29 17:18 . 2008-12-14 20:54 5021800 ----a-w- c:\programdata\SweetIM\Messenger\update\sweetimsetup.exe
2009-06-15 15:29 . 2009-07-15 08:01 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:23 . 2009-07-15 08:01 24064 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 15:22 . 2009-07-15 08:01 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:21 . 2009-07-15 08:01 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 15:20 . 2009-07-15 08:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-06-15 13:03 . 2009-07-15 08:01 289792 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-25_17.47.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-27 18:15 . 2009-08-26 20:00 48780 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-26 20:00 80910 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-08-25 17:47 80910 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-18 12:40 . 2009-08-25 17:47 10180 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1853382227-3427846857-181528931-1000_UserData.bin
+ 2008-11-18 12:40 . 2009-08-26 20:00 10180 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1853382227-3427846857-181528931-1000_UserData.bin
- 2008-11-18 12:36 . 2009-08-25 17:29 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-18 12:36 . 2009-08-26 19:49 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-18 12:36 . 2009-08-26 19:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-18 12:36 . 2009-08-25 17:29 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-18 12:36 . 2009-08-25 17:29 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-18 12:36 . 2009-08-26 19:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-16 16:36 . 2009-08-26 12:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-16 16:36 . 2009-07-29 09:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-16 16:36 . 2009-08-26 12:49 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-16 16:36 . 2009-07-29 09:18 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-16 16:36 . 2009-08-26 12:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-16 16:36 . 2009-07-29 09:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:25 . 2009-08-25 13:34 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-08-26 14:24 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 07:11 . 2006-11-02 07:11 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18046_none_0de371cfef8dc034\AcRes.dll
+ 2008-11-18 13:21 . 2008-11-18 13:21 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18267_none_0be85e73f276bf22\AcRes.dll
+ 2009-08-26 13:14 . 2009-08-26 13:14 9560 c:\windows\System32\networklist\icons\{912E1A09-EAF5-46BD-89FC-5182645C0C3E}_48.bin
+ 2009-08-26 13:14 . 2009-08-26 13:14 4280 c:\windows\System32\networklist\icons\{912E1A09-EAF5-46BD-89FC-5182645C0C3E}_32.bin
+ 2009-08-26 13:14 . 2009-08-26 13:14 2456 c:\windows\System32\networklist\icons\{912E1A09-EAF5-46BD-89FC-5182645C0C3E}_24.bin
- 2009-08-25 17:45 . 2009-08-25 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-26 19:58 . 2009-08-26 19:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-25 17:45 . 2009-08-25 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-26 19:58 . 2009-08-26 19:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2009-08-24 19:14 610142 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-26 14:25 610142 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-24 19:14 103924 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-26 14:25 103924 c:\windows\System32\perfc009.dat
+ 2007-09-27 18:20 . 2007-06-18 16:03 737280 c:\windows\System32\drivers\athr.sys
+ 2009-08-26 14:24 . 2008-12-29 21:57 952832 c:\windows\LastGood.Tmp\system32\DRIVERS\athr.sys
+ 2006-11-02 10:25 . 2009-08-26 14:24 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-08-25 13:34 143360 c:\windows\inf\infstrng.dat
+ 2008-11-18 13:20 . 2008-11-18 13:20 1695744 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18267_none_41c67558c16754d0\gameux.dll
+ 2006-11-02 10:22 . 2009-08-26 19:56 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-08-15 21:15 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-08-26 19:45 . 2009-08-26 19:45 6148096 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-05-04 17:45 . 2009-08-26 13:36 52004019 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-11-18 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[Damned]

Ještě zbytek logu.