Prosím o kontrolu logu - Díky Vyřešeno

[pitimir]

Tak potom OK.
ESS (resp. jeho firewall) ukazuje zablokovane utoky na tvoju adresu - pokial si s nimi dokaze poradit, nastavit nezobrazovanie a nechat to na nom. Pre istotu este toto:

1) Stiahni Defogger. Spust, klik na "Disable" -> "OK". V mieste spustenia by sa mal zjavit log, ten sem vloz.


2) Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a vpravo zafajknes vsetky polozky OKREM:

• Sections
• IAT/EAT
• Registry
• nesystemovych diskov a particii (system je zvycajne na "C:\" - takze nezaskrtnute nechas "D:\", "E:\"...atd.)
• Show All

Klik na "Scan". Po scane klik na "Save" a log c. 2 vloz sem.

Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.

[Reklama]

[Fanthomas]

Tak tentokrát už se to vše povedlo. Možná ještě než začnu, nechal jsem DR.Web projet celý disk a toto byl výsledek, takže jsem vypnul obnovu a restartoval. Má smylsl tu obnovu zapínat znova, nebo ji můžu nechat s klidem vypnutou na pořád?

A tady jsou ty logy:

defogger_disable by jpshortstuff (28.11.09.2)
Log created at 20:20 on 08/12/2009 (Tomas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled


První log z GMER: Proběhlo to a nic nevyskočilo. Pak jsem tedy zatrhl i ostatní disky a log 2 je dole.

GMER 1.0.15.15273 - http://www.gmer.net
Rootkit quick scan 2009-12-08 20:22:42
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tomas\LOCALS~1\Temp\pxtdipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:532] 85E8A930

---- EOF - GMER 1.0.15 ----
-=E.O.F=-



LOG2

GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2009-12-08 20:52:23
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tomas\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT 85E8C8A0 ZwAssignProcessToJobObject
SSDT 85E8BCB0 ZwOpenProcess
SSDT 85E8C0D0 ZwOpenThread
SSDT 85E8C6D0 ZwSuspendProcess
SSDT 85E8C4F0 ZwSuspendThread
SSDT 85E8BEE0 ZwTerminateProcess
SSDT 85E8C310 ZwTerminateThread

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 8 Bytes CALL 691538DE
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC8 80504864 8 Bytes CALL 691358EE

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[272] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Windows Defender\MSASCui.exe[332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C82EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C82C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C82C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C82C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\RTHDCPL.EXE[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01AC2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\RTHDCPL.EXE[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01AC2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\RTHDCPL.EXE[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01AC2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\RTHDCPL.EXE[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01AC2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C52EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C52C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C52C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C52C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ESET\ESET Smart Security\egui.exe[952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D82EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ESET\ESET Smart Security\egui.exe[952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D82C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ESET\ESET Smart Security\egui.exe[952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D82C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ESET\ESET Smart Security\egui.exe[952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D82C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [023E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [023E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [023E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[1200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [023E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C92EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C92C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C92C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C92C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tomas\Plocha\gmer.exe[1800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tomas\Plocha\gmer.exe[1800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tomas\Plocha\gmer.exe[1800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tomas\Plocha\gmer.exe[1800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hardcopy\hardcopy.exe[2180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BB2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hardcopy\hardcopy.exe[2180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BB2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hardcopy\hardcopy.exe[2180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BB2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hardcopy\hardcopy.exe[2180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BB2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[2668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[2668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[2668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[2668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:532] 85E8A930

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xEA 0xB3 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xEA 0xB3 0x47 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xEA 0xB3 0x47 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

[pitimir]

Mohol by si prosim ta spustit ComboFix? Log z neho by som potreboval vidiet...

[Fanthomas]

No ten tvůj smajlím nevěští určitě nic dobrého ..

Tady to je.


ComboFix 09-12-04.05 - Tomas 09.12.2009 17:14.15.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.507 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-09 do 2009-12-09 )))))))))))))))))))))))))))))))
.

2009-12-08 19:08 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-04 21:14 . 2009-12-04 21:14 621886 ----a-w- c:\windows\system32\drivers\sptd.sys.zip
2009-12-03 15:54 . 2009-12-03 15:54 -------- d---a-w- c:\windows\VDLL.DLL
2009-12-03 15:54 . 2009-12-03 15:54 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-12-03 15:54 . 2009-12-03 15:54 -------- d---a-w- c:\windows\logo_1.exe
2009-12-03 15:47 . 2009-12-03 15:47 28672 ----a-w- c:\windows\system32\eEmpty.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 19:17 . 2004-08-18 12:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2009-12-08 19:17 . 2004-08-18 12:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2009-12-04 16:58 . 2009-04-25 20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-03 15:14 . 2009-04-25 20:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-04-25 20:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-30 05:27 . 2009-04-30 06:50 -------- d-----w- c:\program files\Java
2009-11-16 08:06 . 2009-04-09 13:21 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-11-16 08:06 . 2009-04-09 13:21 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-11-16 08:03 . 2009-04-09 13:18 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 07:56 . 2009-04-09 13:10 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-11 20:24 . 2009-04-28 19:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-11 19:06 . 2007-12-02 16:52 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-10 19:16 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-10 19:16 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-08 18:25 . 2009-11-08 14:24 -------- d-----w- c:\program files\ABC
2009-11-02 19:42 . 2009-10-03 09:47 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 16:11 . 2009-10-31 16:10 -------- d-----w- c:\program files\QuickTime Alternative
2009-10-29 19:14 . 2007-10-18 16:01 -------- d-----w- c:\program files\WinAce
2009-10-29 07:45 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2009-06-03 16:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-18 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-18 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-04-20 19:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:19 . 2004-08-18 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-05_17.17.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-09 15:48 . 2009-12-09 15:48 16384 c:\windows\temp\Perflib_Perfdata_a4.dat
- 2004-08-18 12:00 . 2009-08-29 07:30 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-18 12:00 . 2009-12-08 19:17 40836 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2009-12-04 21:51 40836 c:\windows\system32\perfc009.dat
- 2007-08-13 16:54 . 2009-08-29 07:30 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 16:54 . 2009-10-29 07:45 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-18 12:00 . 2009-08-29 07:30 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 27648 c:\windows\system32\jsproxy.dll
- 2009-03-08 02:32 . 2009-08-28 10:27 13824 c:\windows\system32\ieudinit.exe
+ 2009-03-08 02:32 . 2009-10-28 14:35 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-18 12:00 . 2009-10-29 07:45 44544 c:\windows\system32\iernonce.dll
- 2004-08-18 12:00 . 2009-08-29 07:30 44544 c:\windows\system32\iernonce.dll
+ 2004-08-18 12:00 . 2009-10-28 14:35 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-18 12:00 . 2009-08-28 10:27 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 16:36 . 2009-10-29 07:45 63488 c:\windows\system32\icardie.dll
- 2007-08-13 16:36 . 2009-08-29 07:30 63488 c:\windows\system32\icardie.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-10-12 13:40 . 2009-10-12 13:40 79872 c:\windows\system32\dllcache\raschap.dll
+ 2007-08-13 16:36 . 2009-10-29 07:45 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-13 16:36 . 2009-08-29 07:30 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2009-02-20 17:13 . 2009-08-29 07:30 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-02-20 17:13 . 2009-10-29 07:45 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-08-13 16:54 . 2009-08-29 07:30 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 16:54 . 2009-10-29 07:45 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-02-20 10:20 . 2009-08-28 10:27 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-02-20 10:20 . 2009-10-28 14:35 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-13 16:39 . 2009-10-29 07:45 44544 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-13 16:39 . 2009-08-29 07:30 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-06-03 16:09 . 2009-10-29 07:45 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-06-03 16:09 . 2009-08-29 07:30 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 16:39 . 2009-10-28 14:35 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 16:39 . 2009-08-28 10:27 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-02-20 17:13 . 2009-10-29 07:45 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-02-20 17:13 . 2009-08-29 07:30 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2007-08-13 16:42 . 2009-10-29 07:45 17408 c:\windows\system32\dllcache\corpol.dll
- 2007-08-13 16:42 . 2009-08-29 07:30 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 44544 c:\windows\ie7updates\KB976325-IE7\pngfilt.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 52224 c:\windows\ie7updates\KB976325-IE7\msfeedsbs.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 27648 c:\windows\ie7updates\KB976325-IE7\jsproxy.dll
+ 2009-12-08 19:10 . 2009-08-28 10:27 13824 c:\windows\ie7updates\KB976325-IE7\ieudinit.exe
+ 2009-12-08 19:10 . 2009-08-29 07:30 44544 c:\windows\ie7updates\KB976325-IE7\iernonce.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 78336 c:\windows\ie7updates\KB976325-IE7\ieencode.dll
+ 2009-12-08 19:10 . 2009-08-28 10:27 70656 c:\windows\ie7updates\KB976325-IE7\ie4uinit.exe
+ 2009-12-08 19:10 . 2009-08-29 07:30 63488 c:\windows\ie7updates\KB976325-IE7\icardie.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 17408 c:\windows\ie7updates\KB976325-IE7\corpol.dll
+ 2004-08-18 12:00 . 2009-08-25 09:19 354816 c:\windows\system32\winhttp.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 233472 c:\windows\system32\webcheck.dll
- 2004-08-18 12:00 . 2009-08-29 07:31 233472 c:\windows\system32\webcheck.dll
- 2004-08-18 12:00 . 2009-08-29 07:30 105984 c:\windows\system32\url.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 105984 c:\windows\system32\url.dll
- 2004-08-18 12:00 . 2009-12-04 21:51 314508 c:\windows\system32\perfh009.dat
+ 2004-08-18 12:00 . 2009-12-08 19:17 314508 c:\windows\system32\perfh009.dat
+ 2004-08-18 12:00 . 2009-10-29 07:45 102912 c:\windows\system32\occache.dll
- 2004-08-18 12:00 . 2009-08-29 07:30 102912 c:\windows\system32\occache.dll
- 2004-08-18 12:00 . 2009-08-29 07:30 671232 c:\windows\system32\mstime.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 671232 c:\windows\system32\mstime.dll
- 2004-08-18 12:00 . 2009-08-29 07:30 193024 c:\windows\system32\msrating.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 193024 c:\windows\system32\msrating.dll
- 2004-08-18 12:00 . 2009-08-29 07:30 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 16:54 . 2009-08-29 07:30 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 16:54 . 2009-10-29 07:45 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 16:34 . 2009-08-29 07:30 268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 16:34 . 2009-10-29 07:45 268288 c:\windows\system32\iertutil.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 385024 c:\windows\system32\iedkcs32.dll
- 2004-08-18 12:00 . 2009-08-29 07:30 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 10:27 . 2009-10-29 07:45 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 10:27 . 2009-08-29 07:30 380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-18 12:00 . 2009-10-28 06:52 161792 c:\windows\system32\ieakui.dll
- 2004-08-18 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll
- 2004-08-18 12:00 . 2009-08-29 07:30 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 230400 c:\windows\system32\ieaksie.dll
- 2004-08-18 12:00 . 2009-08-29 07:30 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 153088 c:\windows\system32\ieakeng.dll
- 2004-08-18 12:00 . 2009-08-29 07:30 133120 c:\windows\system32\extmgr.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 133120 c:\windows\system32\extmgr.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 214528 c:\windows\system32\dxtrans.dll
- 2004-08-18 12:00 . 2009-08-29 07:30 214528 c:\windows\system32\dxtrans.dll
- 2004-08-18 12:00 . 2009-08-29 07:30 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 347136 c:\windows\system32\dxtmsft.dll
+ 2008-04-21 06:45 . 2009-10-29 07:45 832512 c:\windows\system32\dllcache\wininet.dll
- 2008-04-21 06:45 . 2009-08-29 07:31 832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:32 . 2009-08-25 09:19 354816 c:\windows\system32\dllcache\winhttp.dll
- 2007-08-13 16:54 . 2009-08-29 07:31 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 16:54 . 2009-10-29 07:45 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-13 16:44 . 2009-08-29 07:30 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 16:44 . 2009-10-29 07:45 105984 c:\windows\system32\dllcache\url.dll
+ 2009-10-12 13:40 . 2009-10-12 13:40 150016 c:\windows\system32\dllcache\rastls.dll
- 2007-08-13 16:44 . 2009-08-29 07:30 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 16:44 . 2009-10-29 07:45 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:34 . 2009-10-13 10:34 271360 c:\windows\system32\dllcache\oakley.dll
+ 2007-08-13 16:54 . 2009-10-29 07:45 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-08-13 16:54 . 2009-08-29 07:30 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-08-13 16:44 . 2009-08-29 07:30 193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-13 16:44 . 2009-10-29 07:45 193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-13 16:54 . 2009-10-29 07:45 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 16:54 . 2009-08-29 07:30 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2009-02-20 17:13 . 2009-08-29 07:30 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-02-20 17:13 . 2009-10-29 07:45 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-08-13 16:43 . 2009-10-28 06:54 634632 c:\windows\system32\dllcache\iexplore.exe
- 2009-02-20 17:13 . 2009-08-29 07:30 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-02-20 17:13 . 2009-10-29 07:45 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-13 16:39 . 2009-10-29 07:45 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 16:39 . 2009-08-29 07:30 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-02-20 17:13 . 2009-10-29 07:45 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2009-02-20 17:13 . 2009-08-29 07:30 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-18 12:00 . 2009-10-28 06:52 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-18 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-13 16:39 . 2009-08-29 07:30 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 16:39 . 2009-10-29 07:45 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 16:39 . 2009-10-29 07:45 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 16:39 . 2009-08-29 07:30 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2007-08-13 16:54 . 2009-10-29 07:45 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-08-13 16:54 . 2009-08-29 07:30 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-08-13 16:35 . 2009-08-29 07:30 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 16:35 . 2009-10-29 07:45 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-13 16:35 . 2009-08-29 07:30 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 16:35 . 2009-10-29 07:45 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-13 16:39 . 2009-08-29 07:30 124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-08-13 16:39 . 2009-10-29 07:45 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 124928 c:\windows\system32\advpack.dll
- 2004-08-18 12:00 . 2009-08-29 07:30 124928 c:\windows\system32\advpack.dll
+ 2009-12-08 19:10 . 2009-08-29 07:31 832512 c:\windows\ie7updates\KB976325-IE7\wininet.dll
+ 2009-12-08 19:10 . 2009-08-29 07:31 233472 c:\windows\ie7updates\KB976325-IE7\webcheck.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 105984 c:\windows\ie7updates\KB976325-IE7\url.dll
+ 2009-12-08 19:10 . 2009-05-26 11:40 391032 c:\windows\ie7updates\KB976325-IE7\spuninst\updspapi.dll
+ 2009-12-08 19:10 . 2009-05-26 11:40 233848 c:\windows\ie7updates\KB976325-IE7\spuninst\spuninst.exe
+ 2009-12-08 19:10 . 2009-08-29 07:30 102912 c:\windows\ie7updates\KB976325-IE7\occache.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 671232 c:\windows\ie7updates\KB976325-IE7\mstime.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 193024 c:\windows\ie7updates\KB976325-IE7\msrating.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 477696 c:\windows\ie7updates\KB976325-IE7\mshtmled.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 459264 c:\windows\ie7updates\KB976325-IE7\msfeeds.dll
+ 2009-12-08 19:10 . 2009-08-27 05:18 634648 c:\windows\ie7updates\KB976325-IE7\iexplore.exe
+ 2009-12-08 19:10 . 2009-08-29 07:30 268288 c:\windows\ie7updates\KB976325-IE7\iertutil.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 385024 c:\windows\ie7updates\KB976325-IE7\iedkcs32.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 380928 c:\windows\ie7updates\KB976325-IE7\ieapfltr.dll
+ 2009-12-08 19:10 . 2009-08-27 05:18 161792 c:\windows\ie7updates\KB976325-IE7\ieakui.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 230400 c:\windows\ie7updates\KB976325-IE7\ieaksie.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 153088 c:\windows\ie7updates\KB976325-IE7\ieakeng.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 133120 c:\windows\ie7updates\KB976325-IE7\extmgr.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 214528 c:\windows\ie7updates\KB976325-IE7\dxtrans.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 347136 c:\windows\ie7updates\KB976325-IE7\dxtmsft.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 124928 c:\windows\ie7updates\KB976325-IE7\advpack.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2004-08-18 12:00 . 2009-11-21 16:03 471552 c:\windows\AppPatch\aclayers.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 1168384 c:\windows\system32\urlmon.dll
- 2004-08-18 12:00 . 2009-08-29 07:31 1168384 c:\windows\system32\urlmon.dll
- 2004-08-18 12:00 . 2009-10-21 04:08 3598336 c:\windows\system32\mshtml.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 3598336 c:\windows\system32\mshtml.dll
- 2007-08-13 16:54 . 2009-08-29 07:30 6067200 c:\windows\system32\ieframe.dll
+ 2007-08-13 16:54 . 2009-10-29 07:45 6067200 c:\windows\system32\ieframe.dll
- 2008-06-26 08:14 . 2009-08-29 07:31 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-26 08:14 . 2009-10-29 07:45 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-18 12:00 . 2009-10-29 07:45 3598336 c:\windows\system32\dllcache\mshtml.dll
- 2004-08-18 12:00 . 2009-10-21 04:08 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2009-02-20 17:13 . 2009-10-29 07:45 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2009-02-20 17:13 . 2009-08-29 07:30 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-12-08 19:10 . 2009-08-29 07:31 1168384 c:\windows\ie7updates\KB976325-IE7\urlmon.dll
+ 2009-12-08 19:10 . 2009-10-21 04:08 3598336 c:\windows\ie7updates\KB976325-IE7\mshtml.dll
+ 2009-12-08 19:10 . 2009-08-29 07:30 6067200 c:\windows\ie7updates\KB976325-IE7\ieframe.dll
+ 2007-10-16 10:49 . 2009-12-01 20:06 25966024 c:\windows\system32\MRT.exe
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Tomas\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hardcopy.LNK - c:\program files\Hardcopy\hardcopy.exe [2009-2-13 1286656]
Windows Commander 32.lnk - c:\wincmd\WINCMD32.EXE [2007-10-18 1443328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 14:18 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [3.2.2009 13:53 1155072]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 9:10 3276800]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\ih5vf0wz.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-09 17:17
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows NT\CurrentVersion]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-1460304000-3615762775-1979223112-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9c,99,cf,bd,01,69,ff,0e,a0,3b,3a,9f,bd,5f,ec,a5,c7,78,ea,72,f2,08,cd,
9c,2f,e0,a8,64,3a,b3,c7,89,ab,28,12,20,4b,30,d6,9e,29,3b,9b,4a,34,0b,71,6b,\
"??"=hex:6f,78,d6,80,a5,79,1f,fb,6f,a7,34,1e,1d,9f,8c,96
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2700)
c:\program files\Hardcopy\HcDLL2_28_Win32.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-12-09 17:18
ComboFix-quarantined-files.txt 2009-12-09 16:18
ComboFix2.txt 2009-12-06 17:30
ComboFix3.txt 2009-12-05 17:18

Před spuštěním: Volných bajtů: 91 609 047 040
Po spuštění: Volných bajtů: 91 576 881 152

- - End Of File - - 55DE867655EB63F502D771CD3F8A91E1

[pitimir]

1) Start -> Spustit -> (napis) cmd /c mbr.exe -f >log1.txt&start log1.txt
Otvori dalsi textak (log1.txt), aj jeho obsah sem skopiruj.


2) Start -> Spustit -> (napis) cmd /c mbr.exe -t >log2.txt&start log2.txt
Otvori sa dalsi textak (log2.txt), aj jeho obsah sem skopiruj.

[Fanthomas]

TXT1:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

TXT2:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
kernel: MBR read successfully
user & kernel MBR OK

[pitimir]

Stiahni a spust AVPTool. Vypracuj log podla navodu a vloz ho.

A opis stav a spravanie PC.

[Fanthomas]

Takže nic.. Upozorňuji, že ten scan netrval hodiny jak bylo v popisu, ale pouze 27 minut

Autoscan: completed <1 minute ago (events: 2, objects: 93138, time: 00:27:18)
10.12.2009 17:28:59 Task started
10.12.2009 17:56:17 Task completed

[pitimir]

No programy si kapanek protirecia...vies ty co, skus spustit znova GMER a ten velky log (c. 2) mi sem este raz vloz.

[Fanthomas]

Tak tady je ten log2


GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2009-12-10 21:03:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tomas\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT 860388A0 ZwAssignProcessToJobObject
SSDT 86037CB0 ZwOpenProcess
SSDT 860380D0 ZwOpenThread
SSDT 860386D0 ZwSuspendProcess
SSDT 860384F0 ZwSuspendThread
SSDT 86037EE0 ZwTerminateProcess
SSDT 86038310 ZwTerminateThread

---- Kernel code sections - GMER 1.0.15 ----

? 85216572.sys Systém nemůže nalézt uvedený soubor. !
? system32\DRIVERS\8521657.sys Systém nemůže nalézt uvedenou cestu. !
? system32\DRIVERS\85216571.sys Systém nemůže nalézt uvedenou cestu. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[852] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [023F2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [023F2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [023F2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [023F2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [03B52EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [03B52C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [03B52C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [03B52C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tomas\Plocha\gmer.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tomas\Plocha\gmer.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tomas\Plocha\gmer.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tomas\Plocha\gmer.exe[1992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[2756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[2756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[2756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[2756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:540] 86036930

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xEA 0xB3 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xEA 0xB3 0x47 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xEA 0xB3 0x47 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

[pitimir]

Spytam sa: V uvodnom poste pises, ze si skusal Dr. Web. Aky produkt? CureIt? Ten by mal pripadny MBR rootkit zachytit...

A pozrieme sa na to manualne, davaj prosim bacha...
- Vypni firewall a spust program HXD. Klikni hore na ikonku pevneho disku - na karte, ktora sa objavi pod "Fyzicke disky", oznac "Pevny Disk" a klik na "OK" (daj pozor, aby bol zakrtnuty stvorcek pri "Otvor len na citanie").

- V pravo hore je napisane "Sektor" a okienko so sipkami. Pomocou nich budes nastavovat a hladat jednotlive sektory. Teraz pride to dolezite, takze pozor:
Sektor 0 je MBR a sektor 63 je BOOT - tieto dva NECHAT NAPOKOJI. Sektory od 1 do 62 maju byt nulove (t.j. 000000000000).

Pozri sa prosim, ci su nulove aj u teba (v tvojom PC). Nic zatial neprepisuj, nic ine nestlacaj. Velmi chulostiva operacia :)

Potrebujem len, aby si mi napisal, ci sektory 1-62 obsahuju IBA nuly, alebo su tam popisane nejake kliky-haky :)

Dakujem.

[Fanthomas]

Ahoj.. ty máš teda se mnou potíže..

Takže provedeno. Vše jen z nulama kromě sektoru 62

Jinak ten Dr.Web je CureIt. Mimo to PC ještě občas projíždím antivirem s ESS4, MWAM a Spybot.