Log z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:55, on 23.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BOINC\boinctray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\gottfried\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 16.129.0.13:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://webcam.turnov.cz/VatDec.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1302413656
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF9F6FB4-9FD6-442D-B379-55060CF3B306}: NameServer = 90.183.115.6,90.183.115.11
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - C:\HRY\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 7840 bytes
Log z Malwarebyte's Anti-Malware:
Malwarebytes' Anti-Malware 1.42
Verze databáze: 3414
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
23.12.2009 10:07:31
mbam-log-2009-12-23 (10-07-18).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 112356
Uplynulý čas: 3 minute(s), 19 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
c:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> No action taken.
Infikované klíče registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Documents and Settings\gottfried\Local Settings\temp\a.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> No action taken.
Prosím o kontrolu logu - asi tam mám trojany Vyřešeno
-
Jelito2008
- Level 1
- Příspěvky: 65
- Registrován: říjen 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - asi tam mám trojany
Nazdar. V MbAMe sprav kompletny scan, vsetko zmaz a vloz sem log. Potom:
Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.
Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!
Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.
Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
-
Jelito2008
- Level 1
- Příspěvky: 65
- Registrován: říjen 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - asi tam mám trojany
Malwarebytes' Anti-Malware 1.42
Verze databáze: 3414
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
23.12.2009 11:08:40
mbam-log-2009-12-23 (11-08-40).txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 216534
Uplynulý čas: 35 minute(s), 1 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
c:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.
Infikované klíče registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\System Volume Information\_restore{060C638C-CB80-43CB-8416-5E05A108C8AC}\RP10\A0005425.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\gottfried\Local Settings\temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.
Log z Combofix:
ComboFix 09-12-22.03 - gottfried 23.12.2009 11:15:50.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1529 [GMT 1:00]
Spuštěný z: c:\documents and settings\gottfried\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-23 do 2009-12-23 )))))))))))))))))))))))))))))))
.
2009-12-23 09:01 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-23 09:01 . 2009-12-23 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-23 09:01 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 17:02 . 2009-12-22 17:45 -------- d-----w- C:\Sshock2
2009-12-20 14:06 . 2009-10-21 05:40 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-20 14:06 . 2009-10-21 05:40 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-20 14:06 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-20 11:14 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-20 11:14 . 2009-10-29 07:43 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-20 11:14 . 2009-10-29 07:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-20 11:14 . 2009-10-29 07:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-20 11:14 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-20 11:14 . 2009-10-29 07:43 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-20 11:14 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-20 10:50 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-12-20 10:50 . 2008-04-14 07:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-20 10:50 . 2007-06-26 10:30 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-12-20 10:50 . 2007-06-26 10:26 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-12-20 10:45 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-12-20 10:11 . 2009-12-20 10:11 0 ----a-w- c:\windows\nsreg.dat
2009-12-20 10:11 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-20 10:11 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2009-12-20 10:09 . 2009-10-12 13:40 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-12-20 10:09 . 2009-10-12 13:40 150016 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-12-20 10:03 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-20 10:03 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-20 10:03 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-20 10:03 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-20 10:03 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-20 10:03 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-20 10:03 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-20 10:03 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-20 10:02 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-20 09:56 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-20 09:55 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-20 09:55 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-20 09:55 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-20 09:55 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-20 09:55 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-20 09:55 . 2009-10-13 10:34 271360 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-12-20 09:54 . 2009-08-04 17:29 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-20 09:54 . 2009-08-04 17:29 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-20 09:54 . 2009-08-04 17:29 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-20 09:54 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-20 09:54 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-20 09:54 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-20 08:36 . 2007-10-29 12:00 29184 -c--a-w- c:\windows\system32\dllcache\sm8cw.dll
2009-12-20 08:35 . 2001-10-24 11:24 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2009-12-20 08:34 . 2007-10-29 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-12-20 08:33 . 2007-10-29 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2009-12-20 08:33 . 2007-10-29 12:00 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2009-12-20 08:33 . 2007-10-29 12:00 29184 -c--a-w- c:\windows\system32\dllcache\asptxn.dll
2009-12-20 08:33 . 2007-10-29 12:00 10240 -c--a-w- c:\windows\system32\dllcache\aspperf.dll
2009-12-20 08:33 . 2001-10-24 11:24 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-12-20 08:33 . 2007-10-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2009-12-20 08:33 . 2007-10-29 12:00 50176 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2009-12-20 08:33 . 2001-10-24 11:24 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-12-20 08:33 . 2007-10-29 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2009-12-20 08:33 . 2003-04-14 19:48 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2009-12-20 08:32 . 2007-10-29 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-12-20 08:32 . 2007-10-29 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-12-20 08:32 . 2007-10-29 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-12-20 08:32 . 2007-10-29 12:00 171008 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2009-12-20 08:32 . 2007-10-29 12:00 14848 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2009-12-20 08:32 . 2007-10-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-12-20 08:32 . 2003-04-14 19:48 212992 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2009-12-20 08:29 . 2007-10-29 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-20 08:15 . 2007-10-29 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-20 08:15 . 2007-10-29 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-20 08:15 . 2007-10-29 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-20 08:15 . 2007-10-29 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-14 13:24 . 2009-12-14 13:24 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- c:\program files\Reference Assemblies
2009-12-14 13:23 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- C:\ab0955fdaded45c86821adb2
2009-12-14 13:23 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2009-12-14 13:23 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2009-12-14 13:23 . 2008-07-06 12:06 117760 ----a-w- c:\windows\system32\prntvpt.dll
2009-12-14 13:23 . 2008-07-06 10:50 597504 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-13 00:15 . 2009-12-13 00:16 -------- d-----w- C:\f151f900aa74175e72c1
2009-12-06 20:17 . 2009-12-06 20:17 -------- d-----w- C:\241276df3ebe6d016c9f53d572
2009-12-06 20:17 . 2009-12-06 20:17 -------- d-----w- C:\1298ae62db73fca0280b8c
2009-12-06 07:39 . 2009-12-06 07:39 -------- d-----w- C:\2e6d2256aab82b6c43ba51fe2a0c99
2009-12-06 07:39 . 2009-12-06 07:39 -------- d-----w- C:\7ce96d229b784ae6cd21ba56ef
2009-12-04 14:05 . 2009-12-04 14:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-04 13:45 . 2009-12-04 13:45 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-04 13:45 . 2009-12-04 13:45 -------- d-----w- c:\windows\system32\AGEIA
2009-12-04 13:24 . 2009-12-04 13:45 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-03 13:38 . 2009-12-03 13:38 -------- d-----w- c:\program files\Common Files\BinarySense
2009-12-02 19:53 . 2009-12-02 20:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 08:57 . 2009-11-01 15:27 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-20 08:54 . 2007-10-29 12:00 519256 ----a-w- c:\windows\system32\perfh005.dat
2009-12-20 08:54 . 2007-10-29 12:00 105046 ----a-w- c:\windows\system32\perfc005.dat
2009-12-20 08:27 . 2008-05-20 13:23 23028 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-15 15:56 . 2009-03-08 19:35 -------- d-----w- c:\program files\BOINC
2009-12-14 13:23 . 2008-10-18 15:11 -------- d-----w- c:\program files\MSBuild
2009-12-12 08:33 . 2008-07-21 16:50 -------- d-----w- c:\program files\DOSBox-0.72
2009-12-10 15:05 . 2009-11-21 13:21 -------- d-----w- c:\program files\SpeedFan
2009-12-04 21:25 . 2009-09-22 17:50 110360 ----a-w- c:\windows\War3Unin.dat
2009-12-04 13:45 . 2008-06-19 17:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-03 13:37 . 2008-05-20 13:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 13:01 . 2009-02-28 14:14 -------- d-----w- c:\program files\Java
2009-11-09 20:19 . 2009-03-09 18:30 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-02 13:59 . 2009-10-30 21:19 -------- d-----w- c:\program files\Trend Micro
2009-11-01 15:27 . 2008-05-24 16:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-30 09:59 . 2009-10-30 09:59 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-10-30 09:59 . 2009-10-30 09:59 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-10-30 09:59 . 2009-10-30 09:59 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-10-30 09:58 . 2009-10-30 09:58 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-10-29 08:53 . 2009-03-09 18:29 -------- d-----w- c:\program files\AVG
2009-10-29 08:53 . 2009-03-09 18:30 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-29 08:53 . 2008-06-19 17:26 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-29 08:53 . 2009-03-09 18:30 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-29 08:53 . 2009-03-09 18:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-29 07:43 . 2007-10-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-26 13:33 . 2009-10-26 13:33 -------- d-----w- c:\program files\Lavasoft
2009-10-21 05:40 . 2007-10-29 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2007-10-29 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2007-10-29 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2007-10-29 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2007-10-29 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2007-10-29 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-02-28 14:14 411368 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 11:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2006-12-19 310792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-23 2033432]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2008-12-09 4289280]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-12-09 58112]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2007-10-29 44544]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-29 08:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\gottfried\Local Settings\Data aplikací\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"boincmgr"="c:\program files\BOINC\boincmgr.exe" /a /s
"boinctray"="c:\program files\BOINC\boinctray.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\HRY\\Dungeon Siege\\DSLOA.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\7-Zip\\7zFMn.exe"=
"c:\\HRY\\Dungeon Siege\\DungeonSiege.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\HRY\\Counter\\cstrike.exe"=
"c:\\HRY\\Counter\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\HRY\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\HRY\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\HRY\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9.3.2009 19:30 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9.3.2009 19:30 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9.3.2009 19:30 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [29.10.2009 9:53 285392]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.5.2008 17:37 691696]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\hry\Dragon Age\bin_ship\daupdatersvc.service.exe [4.12.2009 14:39 25832]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 16.129.0.13:3128
TCP: {BF9F6FB4-9FD6-442D-B379-55060CF3B306} = 90.183.115.6,90.183.115.11
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://webcam.turnov.cz/VatDec.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-HijackThis - c:\documents and settings\gottfried\Plocha\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 11:22
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\SecuROM\License information*]
"datasecu"=hex:bd,4d,d9,44,74,36,a8,24,d8,4b,01,83,e4,41,1b,25,6d,c8,23,d5,03,
76,24,29,03,42,ef,90,26,f6,97,ce,e6,bc,2d,6e,68,ff,5d,ac,55,cb,63,26,e7,67,\
"rkeysecu"=hex:f8,b4,8c,4b,e8,79,bf,6d,8f,97,64,c4,fd,35,16,4b
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3132)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\BOINC\boinc.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\www.worldcommunitygrid.org\wcg_hcmd2_maxdo_6.14_windows_intelx86
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
.
**************************************************************************
.
Celkový čas: 2009-12-23 11:26:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-23 10:26
Před spuštěním: Volných bajtů: 152 943 841 280
Po spuštění: Volných bajtů: 152 929 169 408
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - D6CD740A101FFE52429065ABD78D7E0E
Verze databáze: 3414
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
23.12.2009 11:08:40
mbam-log-2009-12-23 (11-08-40).txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 216534
Uplynulý čas: 35 minute(s), 1 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
c:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.
Infikované klíče registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\System Volume Information\_restore{060C638C-CB80-43CB-8416-5E05A108C8AC}\RP10\A0005425.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\gottfried\Local Settings\temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.
Log z Combofix:
ComboFix 09-12-22.03 - gottfried 23.12.2009 11:15:50.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1529 [GMT 1:00]
Spuštěný z: c:\documents and settings\gottfried\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-23 do 2009-12-23 )))))))))))))))))))))))))))))))
.
2009-12-23 09:01 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-23 09:01 . 2009-12-23 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-23 09:01 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 17:02 . 2009-12-22 17:45 -------- d-----w- C:\Sshock2
2009-12-20 14:06 . 2009-10-21 05:40 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-20 14:06 . 2009-10-21 05:40 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-20 14:06 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-20 11:14 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-20 11:14 . 2009-10-29 07:43 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-20 11:14 . 2009-10-29 07:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-20 11:14 . 2009-10-29 07:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-20 11:14 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-20 11:14 . 2009-10-29 07:43 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-20 11:14 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-20 10:50 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-12-20 10:50 . 2008-04-14 07:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-20 10:50 . 2007-06-26 10:30 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-12-20 10:50 . 2007-06-26 10:26 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-12-20 10:45 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-12-20 10:11 . 2009-12-20 10:11 0 ----a-w- c:\windows\nsreg.dat
2009-12-20 10:11 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-20 10:11 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2009-12-20 10:09 . 2009-10-12 13:40 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-12-20 10:09 . 2009-10-12 13:40 150016 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-12-20 10:03 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-20 10:03 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-20 10:03 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-20 10:03 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-20 10:03 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-20 10:03 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-20 10:03 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-20 10:03 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-20 10:02 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-20 09:56 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-20 09:55 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-20 09:55 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-20 09:55 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-20 09:55 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-20 09:55 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-20 09:55 . 2009-10-13 10:34 271360 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-12-20 09:54 . 2009-08-04 17:29 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-20 09:54 . 2009-08-04 17:29 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-20 09:54 . 2009-08-04 17:29 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-20 09:54 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-20 09:54 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-20 09:54 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-20 08:36 . 2007-10-29 12:00 29184 -c--a-w- c:\windows\system32\dllcache\sm8cw.dll
2009-12-20 08:35 . 2001-10-24 11:24 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2009-12-20 08:34 . 2007-10-29 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-12-20 08:33 . 2007-10-29 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2009-12-20 08:33 . 2007-10-29 12:00 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2009-12-20 08:33 . 2007-10-29 12:00 29184 -c--a-w- c:\windows\system32\dllcache\asptxn.dll
2009-12-20 08:33 . 2007-10-29 12:00 10240 -c--a-w- c:\windows\system32\dllcache\aspperf.dll
2009-12-20 08:33 . 2001-10-24 11:24 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-12-20 08:33 . 2007-10-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2009-12-20 08:33 . 2007-10-29 12:00 50176 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2009-12-20 08:33 . 2001-10-24 11:24 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-12-20 08:33 . 2007-10-29 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2009-12-20 08:33 . 2003-04-14 19:48 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2009-12-20 08:32 . 2007-10-29 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-12-20 08:32 . 2007-10-29 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-12-20 08:32 . 2007-10-29 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-12-20 08:32 . 2007-10-29 12:00 171008 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2009-12-20 08:32 . 2007-10-29 12:00 14848 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2009-12-20 08:32 . 2007-10-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-12-20 08:32 . 2003-04-14 19:48 212992 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2009-12-20 08:29 . 2007-10-29 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-20 08:15 . 2007-10-29 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-20 08:15 . 2007-10-29 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-20 08:15 . 2007-10-29 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-20 08:15 . 2007-10-29 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-14 13:24 . 2009-12-14 13:24 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- c:\program files\Reference Assemblies
2009-12-14 13:23 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- C:\ab0955fdaded45c86821adb2
2009-12-14 13:23 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2009-12-14 13:23 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2009-12-14 13:23 . 2008-07-06 12:06 117760 ----a-w- c:\windows\system32\prntvpt.dll
2009-12-14 13:23 . 2008-07-06 10:50 597504 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-13 00:15 . 2009-12-13 00:16 -------- d-----w- C:\f151f900aa74175e72c1
2009-12-06 20:17 . 2009-12-06 20:17 -------- d-----w- C:\241276df3ebe6d016c9f53d572
2009-12-06 20:17 . 2009-12-06 20:17 -------- d-----w- C:\1298ae62db73fca0280b8c
2009-12-06 07:39 . 2009-12-06 07:39 -------- d-----w- C:\2e6d2256aab82b6c43ba51fe2a0c99
2009-12-06 07:39 . 2009-12-06 07:39 -------- d-----w- C:\7ce96d229b784ae6cd21ba56ef
2009-12-04 14:05 . 2009-12-04 14:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-04 13:45 . 2009-12-04 13:45 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-04 13:45 . 2009-12-04 13:45 -------- d-----w- c:\windows\system32\AGEIA
2009-12-04 13:24 . 2009-12-04 13:45 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-03 13:38 . 2009-12-03 13:38 -------- d-----w- c:\program files\Common Files\BinarySense
2009-12-02 19:53 . 2009-12-02 20:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 08:57 . 2009-11-01 15:27 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-20 08:54 . 2007-10-29 12:00 519256 ----a-w- c:\windows\system32\perfh005.dat
2009-12-20 08:54 . 2007-10-29 12:00 105046 ----a-w- c:\windows\system32\perfc005.dat
2009-12-20 08:27 . 2008-05-20 13:23 23028 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-15 15:56 . 2009-03-08 19:35 -------- d-----w- c:\program files\BOINC
2009-12-14 13:23 . 2008-10-18 15:11 -------- d-----w- c:\program files\MSBuild
2009-12-12 08:33 . 2008-07-21 16:50 -------- d-----w- c:\program files\DOSBox-0.72
2009-12-10 15:05 . 2009-11-21 13:21 -------- d-----w- c:\program files\SpeedFan
2009-12-04 21:25 . 2009-09-22 17:50 110360 ----a-w- c:\windows\War3Unin.dat
2009-12-04 13:45 . 2008-06-19 17:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-03 13:37 . 2008-05-20 13:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 13:01 . 2009-02-28 14:14 -------- d-----w- c:\program files\Java
2009-11-09 20:19 . 2009-03-09 18:30 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-02 13:59 . 2009-10-30 21:19 -------- d-----w- c:\program files\Trend Micro
2009-11-01 15:27 . 2008-05-24 16:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-30 09:59 . 2009-10-30 09:59 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-10-30 09:59 . 2009-10-30 09:59 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-10-30 09:59 . 2009-10-30 09:59 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-10-30 09:58 . 2009-10-30 09:58 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-10-29 08:53 . 2009-03-09 18:29 -------- d-----w- c:\program files\AVG
2009-10-29 08:53 . 2009-03-09 18:30 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-29 08:53 . 2008-06-19 17:26 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-29 08:53 . 2009-03-09 18:30 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-29 08:53 . 2009-03-09 18:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-29 07:43 . 2007-10-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-26 13:33 . 2009-10-26 13:33 -------- d-----w- c:\program files\Lavasoft
2009-10-21 05:40 . 2007-10-29 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2007-10-29 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2007-10-29 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2007-10-29 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2007-10-29 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2007-10-29 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-02-28 14:14 411368 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 11:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2006-12-19 310792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-23 2033432]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2008-12-09 4289280]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-12-09 58112]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2007-10-29 44544]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-29 08:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\gottfried\Local Settings\Data aplikací\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"boincmgr"="c:\program files\BOINC\boincmgr.exe" /a /s
"boinctray"="c:\program files\BOINC\boinctray.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\HRY\\Dungeon Siege\\DSLOA.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\7-Zip\\7zFMn.exe"=
"c:\\HRY\\Dungeon Siege\\DungeonSiege.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\HRY\\Counter\\cstrike.exe"=
"c:\\HRY\\Counter\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\HRY\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\HRY\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\HRY\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9.3.2009 19:30 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9.3.2009 19:30 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9.3.2009 19:30 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [29.10.2009 9:53 285392]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.5.2008 17:37 691696]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\hry\Dragon Age\bin_ship\daupdatersvc.service.exe [4.12.2009 14:39 25832]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 16.129.0.13:3128
TCP: {BF9F6FB4-9FD6-442D-B379-55060CF3B306} = 90.183.115.6,90.183.115.11
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://webcam.turnov.cz/VatDec.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-HijackThis - c:\documents and settings\gottfried\Plocha\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 11:22
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\SecuROM\License information*]
"datasecu"=hex:bd,4d,d9,44,74,36,a8,24,d8,4b,01,83,e4,41,1b,25,6d,c8,23,d5,03,
76,24,29,03,42,ef,90,26,f6,97,ce,e6,bc,2d,6e,68,ff,5d,ac,55,cb,63,26,e7,67,\
"rkeysecu"=hex:f8,b4,8c,4b,e8,79,bf,6d,8f,97,64,c4,fd,35,16,4b
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3132)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\BOINC\boinc.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\www.worldcommunitygrid.org\wcg_hcmd2_maxdo_6.14_windows_intelx86
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
.
**************************************************************************
.
Celkový čas: 2009-12-23 11:26:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-23 10:26
Před spuštěním: Volných bajtů: 152 943 841 280
Po spuštění: Volných bajtů: 152 929 169 408
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - D6CD740A101FFE52429065ABD78D7E0E
Re: Prosím o kontrolu logu - asi tam mám trojany
Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Kód: Vybrat vše
KillAll::
Folder::
C:\f151f900aa74175e72c1
C:\241276df3ebe6d016c9f53d572
C:\1298ae62db73fca0280b8c
C:\2e6d2256aab82b6c43ba51fe2a0c99
C:\7ce96d229b784ae6cd21ba56ef
DDS::
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://webcam.turnov.cz/VatDec.cab
RegNull::
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\Microsoft\SystemCertificates\AddressBook*]
FixCSet::Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
-
Jelito2008
- Level 1
- Příspěvky: 65
- Registrován: říjen 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - asi tam mám trojany
Tady to je, počítač naběhl normálně.
ComboFix 09-12-22.03 - gottfried 23.12.2009 11:57:24.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1505 [GMT 1:00]
Spuštěný z: c:\documents and settings\gottfried\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\gottfried\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1298ae62db73fca0280b8c
c:\1298ae62db73fca0280b8c\$shtdwn$.req
c:\1298ae62db73fca0280b8c\dotnetfx20\aspnet.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\clr.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\crt.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\dw.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\netfx_ca.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\netfx_core.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\netfx_other.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\netfx20a_x86.msi
c:\1298ae62db73fca0280b8c\dotnetfx20\prexp.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\winforms.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\netfx30a_x86.msi
c:\1298ae62db73fca0280b8c\dotnetfx30\rgb9rast_x86.msi
c:\1298ae62db73fca0280b8c\dotnetfx30\wcf.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wcs.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wf.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wf_32.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wic_x86_enu.exe
c:\1298ae62db73fca0280b8c\dotnetfx30\wpf_other.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wpf_other_32.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wpf1.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wpf2.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wpf2_32.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\x86\msxml6.msi
c:\1298ae62db73fca0280b8c\dotnetfx30\xps.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\xpsepsc-x86-en-us.exe
c:\1298ae62db73fca0280b8c\dotnetfx35\x86\netfx35_x86.exe
c:\1298ae62db73fca0280b8c\dotnetfx35setup.exe
c:\1298ae62db73fca0280b8c\tools\clwireg.exe
C:\241276df3ebe6d016c9f53d572
c:\241276df3ebe6d016c9f53d572\baseline.dat
c:\241276df3ebe6d016c9f53d572\deffactory.dat
c:\241276df3ebe6d016c9f53d572\DeleteTemp.exe
c:\241276df3ebe6d016c9f53d572\dlmgr.dll
c:\241276df3ebe6d016c9f53d572\DW20.EXE
c:\241276df3ebe6d016c9f53d572\DWINTL20.DLL
c:\241276df3ebe6d016c9f53d572\eula.1025.rtf
c:\241276df3ebe6d016c9f53d572\eula.1028.rtf
c:\241276df3ebe6d016c9f53d572\eula.1029.rtf
c:\241276df3ebe6d016c9f53d572\eula.1030.rtf
c:\241276df3ebe6d016c9f53d572\eula.1031.rtf
c:\241276df3ebe6d016c9f53d572\eula.1032.rtf
c:\241276df3ebe6d016c9f53d572\eula.1033.rtf
c:\241276df3ebe6d016c9f53d572\eula.1035.rtf
c:\241276df3ebe6d016c9f53d572\eula.1036.rtf
c:\241276df3ebe6d016c9f53d572\eula.1037.rtf
c:\241276df3ebe6d016c9f53d572\eula.1038.rtf
c:\241276df3ebe6d016c9f53d572\eula.1040.rtf
c:\241276df3ebe6d016c9f53d572\eula.1041.rtf
c:\241276df3ebe6d016c9f53d572\eula.1042.rtf
c:\241276df3ebe6d016c9f53d572\eula.1043.rtf
c:\241276df3ebe6d016c9f53d572\eula.1044.rtf
c:\241276df3ebe6d016c9f53d572\eula.1045.rtf
c:\241276df3ebe6d016c9f53d572\eula.1046.rtf
c:\241276df3ebe6d016c9f53d572\eula.1049.rtf
c:\241276df3ebe6d016c9f53d572\eula.1053.rtf
c:\241276df3ebe6d016c9f53d572\eula.1055.rtf
c:\241276df3ebe6d016c9f53d572\eula.2052.rtf
c:\241276df3ebe6d016c9f53d572\eula.2070.rtf
c:\241276df3ebe6d016c9f53d572\eula.3082.rtf
c:\241276df3ebe6d016c9f53d572\gencomp.dll
c:\241276df3ebe6d016c9f53d572\HtmlLite.dll
c:\241276df3ebe6d016c9f53d572\locdata.1025.ini
c:\241276df3ebe6d016c9f53d572\locdata.1028.ini
c:\241276df3ebe6d016c9f53d572\locdata.1029.ini
c:\241276df3ebe6d016c9f53d572\locdata.1030.ini
c:\241276df3ebe6d016c9f53d572\locdata.1031.ini
c:\241276df3ebe6d016c9f53d572\locdata.1032.ini
c:\241276df3ebe6d016c9f53d572\locdata.1035.ini
c:\241276df3ebe6d016c9f53d572\locdata.1036.ini
c:\241276df3ebe6d016c9f53d572\locdata.1037.ini
c:\241276df3ebe6d016c9f53d572\locdata.1038.ini
c:\241276df3ebe6d016c9f53d572\locdata.1040.ini
c:\241276df3ebe6d016c9f53d572\locdata.1041.ini
c:\241276df3ebe6d016c9f53d572\locdata.1042.ini
c:\241276df3ebe6d016c9f53d572\locdata.1043.ini
c:\241276df3ebe6d016c9f53d572\locdata.1044.ini
c:\241276df3ebe6d016c9f53d572\locdata.1045.ini
c:\241276df3ebe6d016c9f53d572\locdata.1046.ini
c:\241276df3ebe6d016c9f53d572\locdata.1049.ini
c:\241276df3ebe6d016c9f53d572\locdata.1053.ini
c:\241276df3ebe6d016c9f53d572\locdata.1055.ini
c:\241276df3ebe6d016c9f53d572\locdata.2052.ini
c:\241276df3ebe6d016c9f53d572\locdata.2070.ini
c:\241276df3ebe6d016c9f53d572\locdata.3082.ini
c:\241276df3ebe6d016c9f53d572\locdata.ini
c:\241276df3ebe6d016c9f53d572\logo.bmp
c:\241276df3ebe6d016c9f53d572\setup.exe
c:\241276df3ebe6d016c9f53d572\setup.sdb
c:\241276df3ebe6d016c9f53d572\setupres.1025.dll
c:\241276df3ebe6d016c9f53d572\setupres.1028.dll
c:\241276df3ebe6d016c9f53d572\setupres.1029.dll
c:\241276df3ebe6d016c9f53d572\setupres.1030.dll
c:\241276df3ebe6d016c9f53d572\setupres.1031.dll
c:\241276df3ebe6d016c9f53d572\setupres.1032.dll
c:\241276df3ebe6d016c9f53d572\setupres.1035.dll
c:\241276df3ebe6d016c9f53d572\setupres.1036.dll
c:\241276df3ebe6d016c9f53d572\setupres.1037.dll
c:\241276df3ebe6d016c9f53d572\setupres.1038.dll
c:\241276df3ebe6d016c9f53d572\setupres.1040.dll
c:\241276df3ebe6d016c9f53d572\setupres.1041.dll
c:\241276df3ebe6d016c9f53d572\setupres.1042.dll
c:\241276df3ebe6d016c9f53d572\setupres.1043.dll
c:\241276df3ebe6d016c9f53d572\setupres.1044.dll
c:\241276df3ebe6d016c9f53d572\setupres.1045.dll
c:\241276df3ebe6d016c9f53d572\setupres.1046.dll
c:\241276df3ebe6d016c9f53d572\setupres.1049.dll
c:\241276df3ebe6d016c9f53d572\setupres.1053.dll
c:\241276df3ebe6d016c9f53d572\setupres.1055.dll
c:\241276df3ebe6d016c9f53d572\setupres.2052.dll
c:\241276df3ebe6d016c9f53d572\setupres.2070.dll
c:\241276df3ebe6d016c9f53d572\setupres.3082.dll
c:\241276df3ebe6d016c9f53d572\setupres.dll
c:\241276df3ebe6d016c9f53d572\SITSetup.dll
c:\241276df3ebe6d016c9f53d572\vs_setup.dll
c:\241276df3ebe6d016c9f53d572\vs_setup.MS_
c:\241276df3ebe6d016c9f53d572\vs_setup.pdi
c:\241276df3ebe6d016c9f53d572\vs70uimgr.dll
c:\241276df3ebe6d016c9f53d572\vsbasereqs.dll
c:\241276df3ebe6d016c9f53d572\vsscenario.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1025.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1028.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1029.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1030.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1031.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1032.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1035.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1036.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1037.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1038.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1040.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1041.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1042.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1043.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1044.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1045.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1046.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1049.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1053.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1055.dll
c:\241276df3ebe6d016c9f53d572\WapRes.2052.dll
c:\241276df3ebe6d016c9f53d572\WapRes.2070.dll
c:\241276df3ebe6d016c9f53d572\WapRes.3082.dll
c:\241276df3ebe6d016c9f53d572\WapRes.dll
c:\241276df3ebe6d016c9f53d572\WapUI.dll
C:\2e6d2256aab82b6c43ba51fe2a0c99
c:\2e6d2256aab82b6c43ba51fe2a0c99\baseline.dat
c:\2e6d2256aab82b6c43ba51fe2a0c99\deffactory.dat
c:\2e6d2256aab82b6c43ba51fe2a0c99\DeleteTemp.exe
c:\2e6d2256aab82b6c43ba51fe2a0c99\dlmgr.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\DW20.EXE
c:\2e6d2256aab82b6c43ba51fe2a0c99\DWINTL20.DLL
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1025.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1028.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1029.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1030.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1031.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1032.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1033.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1035.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1036.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1037.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1038.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1040.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1041.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1042.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1043.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1044.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1045.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1046.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1049.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1053.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1055.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.2052.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.2070.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.3082.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\gencomp.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\HtmlLite.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1025.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1028.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1029.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1030.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1031.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1032.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1035.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1036.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1037.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1038.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1040.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1041.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1042.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1043.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1044.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1045.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1046.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1049.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1053.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1055.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.2052.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.2070.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.3082.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\logo.bmp
c:\2e6d2256aab82b6c43ba51fe2a0c99\setup.exe
c:\2e6d2256aab82b6c43ba51fe2a0c99\setup.sdb
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1025.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1028.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1029.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1030.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1031.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1032.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1035.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1036.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1037.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1038.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1040.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1041.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1042.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1043.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1044.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1045.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1046.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1049.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1053.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1055.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.2052.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.2070.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.3082.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\SITSetup.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\vs_setup.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\vs_setup.MS_
c:\2e6d2256aab82b6c43ba51fe2a0c99\vs_setup.pdi
c:\2e6d2256aab82b6c43ba51fe2a0c99\vs70uimgr.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\vsbasereqs.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\vsscenario.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1025.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1028.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1029.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1030.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1031.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1032.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1035.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1036.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1037.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1038.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1040.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1041.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1042.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1043.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1044.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1045.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1046.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1049.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1053.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1055.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.2052.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.2070.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.3082.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapUI.dll
C:\7ce96d229b784ae6cd21ba56ef
c:\7ce96d229b784ae6cd21ba56ef\$shtdwn$.req
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\aspnet.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\clr.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\crt.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\dw.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\netfx_ca.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\netfx_core.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\netfx_other.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\netfx20a_x86.msi
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\prexp.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\winforms.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\netfx30a_x86.msi
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\rgb9rast_x86.msi
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wcf.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wcs.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wf.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wf_32.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wic_x86_enu.exe
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wpf_other.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wpf_other_32.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wpf1.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wpf2.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wpf2_32.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\x86\msxml6.msi
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\xps.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\xpsepsc-x86-en-us.exe
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx35\x86\netfx35_x86.exe
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx35setup.exe
c:\7ce96d229b784ae6cd21ba56ef\tools\clwireg.exe
C:\f151f900aa74175e72c1
c:\f151f900aa74175e72c1\$shtdwn$.req
c:\f151f900aa74175e72c1\mrt.exe._p
c:\f151f900aa74175e72c1\mrtstub.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-23 do 2009-12-23 )))))))))))))))))))))))))))))))
.
2009-12-23 09:01 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-23 09:01 . 2009-12-23 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-23 09:01 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 17:02 . 2009-12-23 10:53 -------- d-----w- C:\Sshock2
2009-12-20 14:06 . 2009-10-21 05:40 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-20 14:06 . 2009-10-21 05:40 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-20 14:06 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-20 11:14 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-20 11:14 . 2009-10-29 07:43 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-20 11:14 . 2009-10-29 07:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-20 11:14 . 2009-10-29 07:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-20 11:14 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-20 11:14 . 2009-10-29 07:43 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-20 11:14 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-20 10:50 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-12-20 10:50 . 2008-04-14 07:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-20 10:50 . 2007-06-26 10:30 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-12-20 10:50 . 2007-06-26 10:26 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-12-20 10:45 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-12-20 10:11 . 2009-12-20 10:11 0 ----a-w- c:\windows\nsreg.dat
2009-12-20 10:11 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-20 10:11 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2009-12-20 10:09 . 2009-10-12 13:40 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-12-20 10:09 . 2009-10-12 13:40 150016 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-12-20 10:03 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-20 10:03 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-20 10:03 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-20 10:03 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-20 10:03 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-20 10:03 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-20 10:03 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-20 10:03 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-20 10:02 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-20 09:56 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-20 09:55 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-20 09:55 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-20 09:55 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-20 09:55 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-20 09:55 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-20 09:55 . 2009-10-13 10:34 271360 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-12-20 09:54 . 2009-08-04 17:29 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-20 09:54 . 2009-08-04 17:29 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-20 09:54 . 2009-08-04 17:29 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-20 09:54 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-20 09:54 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-20 09:54 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-20 08:36 . 2007-10-29 12:00 29184 -c--a-w- c:\windows\system32\dllcache\sm8cw.dll
2009-12-20 08:35 . 2001-10-24 11:24 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2009-12-20 08:34 . 2007-10-29 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-12-20 08:33 . 2007-10-29 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2009-12-20 08:33 . 2007-10-29 12:00 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2009-12-20 08:33 . 2007-10-29 12:00 29184 -c--a-w- c:\windows\system32\dllcache\asptxn.dll
2009-12-20 08:33 . 2007-10-29 12:00 10240 -c--a-w- c:\windows\system32\dllcache\aspperf.dll
2009-12-20 08:33 . 2001-10-24 11:24 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-12-20 08:33 . 2007-10-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2009-12-20 08:33 . 2007-10-29 12:00 50176 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2009-12-20 08:33 . 2001-10-24 11:24 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-12-20 08:33 . 2007-10-29 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2009-12-20 08:33 . 2003-04-14 19:48 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2009-12-20 08:32 . 2007-10-29 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-12-20 08:32 . 2007-10-29 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-12-20 08:32 . 2007-10-29 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-12-20 08:32 . 2007-10-29 12:00 171008 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2009-12-20 08:32 . 2007-10-29 12:00 14848 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2009-12-20 08:32 . 2007-10-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-12-20 08:32 . 2003-04-14 19:48 212992 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2009-12-20 08:29 . 2007-10-29 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-20 08:15 . 2007-10-29 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-20 08:15 . 2007-10-29 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-20 08:15 . 2007-10-29 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-20 08:15 . 2007-10-29 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-14 13:24 . 2009-12-14 13:24 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- c:\program files\Reference Assemblies
2009-12-14 13:23 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- C:\ab0955fdaded45c86821adb2
2009-12-14 13:23 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2009-12-14 13:23 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2009-12-14 13:23 . 2008-07-06 12:06 117760 ----a-w- c:\windows\system32\prntvpt.dll
2009-12-14 13:23 . 2008-07-06 10:50 597504 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-04 14:05 . 2009-12-04 14:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-04 13:45 . 2009-12-04 13:45 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-04 13:45 . 2009-12-04 13:45 -------- d-----w- c:\windows\system32\AGEIA
2009-12-04 13:24 . 2009-12-04 13:45 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-03 13:38 . 2009-12-03 13:38 -------- d-----w- c:\program files\Common Files\BinarySense
2009-12-02 19:53 . 2009-12-02 20:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 08:57 . 2009-11-01 15:27 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-20 08:54 . 2007-10-29 12:00 519256 ----a-w- c:\windows\system32\perfh005.dat
2009-12-20 08:54 . 2007-10-29 12:00 105046 ----a-w- c:\windows\system32\perfc005.dat
2009-12-20 08:27 . 2008-05-20 13:23 23028 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-15 15:56 . 2009-03-08 19:35 -------- d-----w- c:\program files\BOINC
2009-12-14 13:23 . 2008-10-18 15:11 -------- d-----w- c:\program files\MSBuild
2009-12-12 08:33 . 2008-07-21 16:50 -------- d-----w- c:\program files\DOSBox-0.72
2009-12-10 15:05 . 2009-11-21 13:21 -------- d-----w- c:\program files\SpeedFan
2009-12-04 21:25 . 2009-09-22 17:50 110360 ----a-w- c:\windows\War3Unin.dat
2009-12-04 13:45 . 2008-06-19 17:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-03 13:37 . 2008-05-20 13:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 13:01 . 2009-02-28 14:14 -------- d-----w- c:\program files\Java
2009-11-09 20:19 . 2009-03-09 18:30 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-02 13:59 . 2009-10-30 21:19 -------- d-----w- c:\program files\Trend Micro
2009-11-01 15:27 . 2008-05-24 16:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-30 09:59 . 2009-10-30 09:59 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-10-30 09:59 . 2009-10-30 09:59 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-10-30 09:59 . 2009-10-30 09:59 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-10-30 09:58 . 2009-10-30 09:58 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-10-29 08:53 . 2009-03-09 18:29 -------- d-----w- c:\program files\AVG
2009-10-29 08:53 . 2009-03-09 18:30 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-29 08:53 . 2008-06-19 17:26 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-29 08:53 . 2009-03-09 18:30 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-29 08:53 . 2009-03-09 18:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-29 07:43 . 2007-10-29 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-26 13:33 . 2009-10-26 13:33 -------- d-----w- c:\program files\Lavasoft
2009-10-21 05:40 . 2007-10-29 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2007-10-29 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2007-10-29 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2007-10-29 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2007-10-29 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2007-10-29 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-02-28 14:14 411368 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 11:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2006-12-19 310792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-23 2033432]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2008-12-09 4289280]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-12-09 58112]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2007-10-29 44544]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-29 08:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\gottfried\Local Settings\Data aplikací\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"boincmgr"="c:\program files\BOINC\boincmgr.exe" /a /s
"boinctray"="c:\program files\BOINC\boinctray.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\HRY\\Dungeon Siege\\DSLOA.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\7-Zip\\7zFMn.exe"=
"c:\\HRY\\Dungeon Siege\\DungeonSiege.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\HRY\\Counter\\cstrike.exe"=
"c:\\HRY\\Counter\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\HRY\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\HRY\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\HRY\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9.3.2009 19:30 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9.3.2009 19:30 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9.3.2009 19:30 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [29.10.2009 9:53 285392]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.5.2008 17:37 691696]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\hry\Dragon Age\bin_ship\daupdatersvc.service.exe [4.12.2009 14:39 25832]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 16.129.0.13:3128
TCP: {BF9F6FB4-9FD6-442D-B379-55060CF3B306} = 90.183.115.6,90.183.115.11
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 12:03
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\SecuROM\License information*]
"datasecu"=hex:bd,4d,d9,44,74,36,a8,24,d8,4b,01,83,e4,41,1b,25,6d,c8,23,d5,03,
76,24,29,03,42,ef,90,26,f6,97,ce,e6,bc,2d,6e,68,ff,5d,ac,55,cb,63,26,e7,67,\
"rkeysecu"=hex:f8,b4,8c,4b,e8,79,bf,6d,8f,97,64,c4,fd,35,16,4b
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3828)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\BOINC\boinc.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\www.worldcommunitygrid.org\wcg_hcmd2_maxdo_6.14_windows_intelx86
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
.
**************************************************************************
.
Celkový čas: 2009-12-23 12:06:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-23 11:06
Před spuštěním: Volných bajtů: 152 936 497 152
Po spuštění: Volných bajtů: 152 841 216 000
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 01147C7A0B2A2B10E5ABA366BD05CB99
ComboFix 09-12-22.03 - gottfried 23.12.2009 11:57:24.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1505 [GMT 1:00]
Spuštěný z: c:\documents and settings\gottfried\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\gottfried\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1298ae62db73fca0280b8c
c:\1298ae62db73fca0280b8c\$shtdwn$.req
c:\1298ae62db73fca0280b8c\dotnetfx20\aspnet.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\clr.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\crt.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\dw.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\netfx_ca.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\netfx_core.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\netfx_other.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\netfx20a_x86.msi
c:\1298ae62db73fca0280b8c\dotnetfx20\prexp.msp
c:\1298ae62db73fca0280b8c\dotnetfx20\winforms.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\netfx30a_x86.msi
c:\1298ae62db73fca0280b8c\dotnetfx30\rgb9rast_x86.msi
c:\1298ae62db73fca0280b8c\dotnetfx30\wcf.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wcs.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wf.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wf_32.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wic_x86_enu.exe
c:\1298ae62db73fca0280b8c\dotnetfx30\wpf_other.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wpf_other_32.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wpf1.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wpf2.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\wpf2_32.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\x86\msxml6.msi
c:\1298ae62db73fca0280b8c\dotnetfx30\xps.msp
c:\1298ae62db73fca0280b8c\dotnetfx30\xpsepsc-x86-en-us.exe
c:\1298ae62db73fca0280b8c\dotnetfx35\x86\netfx35_x86.exe
c:\1298ae62db73fca0280b8c\dotnetfx35setup.exe
c:\1298ae62db73fca0280b8c\tools\clwireg.exe
C:\241276df3ebe6d016c9f53d572
c:\241276df3ebe6d016c9f53d572\baseline.dat
c:\241276df3ebe6d016c9f53d572\deffactory.dat
c:\241276df3ebe6d016c9f53d572\DeleteTemp.exe
c:\241276df3ebe6d016c9f53d572\dlmgr.dll
c:\241276df3ebe6d016c9f53d572\DW20.EXE
c:\241276df3ebe6d016c9f53d572\DWINTL20.DLL
c:\241276df3ebe6d016c9f53d572\eula.1025.rtf
c:\241276df3ebe6d016c9f53d572\eula.1028.rtf
c:\241276df3ebe6d016c9f53d572\eula.1029.rtf
c:\241276df3ebe6d016c9f53d572\eula.1030.rtf
c:\241276df3ebe6d016c9f53d572\eula.1031.rtf
c:\241276df3ebe6d016c9f53d572\eula.1032.rtf
c:\241276df3ebe6d016c9f53d572\eula.1033.rtf
c:\241276df3ebe6d016c9f53d572\eula.1035.rtf
c:\241276df3ebe6d016c9f53d572\eula.1036.rtf
c:\241276df3ebe6d016c9f53d572\eula.1037.rtf
c:\241276df3ebe6d016c9f53d572\eula.1038.rtf
c:\241276df3ebe6d016c9f53d572\eula.1040.rtf
c:\241276df3ebe6d016c9f53d572\eula.1041.rtf
c:\241276df3ebe6d016c9f53d572\eula.1042.rtf
c:\241276df3ebe6d016c9f53d572\eula.1043.rtf
c:\241276df3ebe6d016c9f53d572\eula.1044.rtf
c:\241276df3ebe6d016c9f53d572\eula.1045.rtf
c:\241276df3ebe6d016c9f53d572\eula.1046.rtf
c:\241276df3ebe6d016c9f53d572\eula.1049.rtf
c:\241276df3ebe6d016c9f53d572\eula.1053.rtf
c:\241276df3ebe6d016c9f53d572\eula.1055.rtf
c:\241276df3ebe6d016c9f53d572\eula.2052.rtf
c:\241276df3ebe6d016c9f53d572\eula.2070.rtf
c:\241276df3ebe6d016c9f53d572\eula.3082.rtf
c:\241276df3ebe6d016c9f53d572\gencomp.dll
c:\241276df3ebe6d016c9f53d572\HtmlLite.dll
c:\241276df3ebe6d016c9f53d572\locdata.1025.ini
c:\241276df3ebe6d016c9f53d572\locdata.1028.ini
c:\241276df3ebe6d016c9f53d572\locdata.1029.ini
c:\241276df3ebe6d016c9f53d572\locdata.1030.ini
c:\241276df3ebe6d016c9f53d572\locdata.1031.ini
c:\241276df3ebe6d016c9f53d572\locdata.1032.ini
c:\241276df3ebe6d016c9f53d572\locdata.1035.ini
c:\241276df3ebe6d016c9f53d572\locdata.1036.ini
c:\241276df3ebe6d016c9f53d572\locdata.1037.ini
c:\241276df3ebe6d016c9f53d572\locdata.1038.ini
c:\241276df3ebe6d016c9f53d572\locdata.1040.ini
c:\241276df3ebe6d016c9f53d572\locdata.1041.ini
c:\241276df3ebe6d016c9f53d572\locdata.1042.ini
c:\241276df3ebe6d016c9f53d572\locdata.1043.ini
c:\241276df3ebe6d016c9f53d572\locdata.1044.ini
c:\241276df3ebe6d016c9f53d572\locdata.1045.ini
c:\241276df3ebe6d016c9f53d572\locdata.1046.ini
c:\241276df3ebe6d016c9f53d572\locdata.1049.ini
c:\241276df3ebe6d016c9f53d572\locdata.1053.ini
c:\241276df3ebe6d016c9f53d572\locdata.1055.ini
c:\241276df3ebe6d016c9f53d572\locdata.2052.ini
c:\241276df3ebe6d016c9f53d572\locdata.2070.ini
c:\241276df3ebe6d016c9f53d572\locdata.3082.ini
c:\241276df3ebe6d016c9f53d572\locdata.ini
c:\241276df3ebe6d016c9f53d572\logo.bmp
c:\241276df3ebe6d016c9f53d572\setup.exe
c:\241276df3ebe6d016c9f53d572\setup.sdb
c:\241276df3ebe6d016c9f53d572\setupres.1025.dll
c:\241276df3ebe6d016c9f53d572\setupres.1028.dll
c:\241276df3ebe6d016c9f53d572\setupres.1029.dll
c:\241276df3ebe6d016c9f53d572\setupres.1030.dll
c:\241276df3ebe6d016c9f53d572\setupres.1031.dll
c:\241276df3ebe6d016c9f53d572\setupres.1032.dll
c:\241276df3ebe6d016c9f53d572\setupres.1035.dll
c:\241276df3ebe6d016c9f53d572\setupres.1036.dll
c:\241276df3ebe6d016c9f53d572\setupres.1037.dll
c:\241276df3ebe6d016c9f53d572\setupres.1038.dll
c:\241276df3ebe6d016c9f53d572\setupres.1040.dll
c:\241276df3ebe6d016c9f53d572\setupres.1041.dll
c:\241276df3ebe6d016c9f53d572\setupres.1042.dll
c:\241276df3ebe6d016c9f53d572\setupres.1043.dll
c:\241276df3ebe6d016c9f53d572\setupres.1044.dll
c:\241276df3ebe6d016c9f53d572\setupres.1045.dll
c:\241276df3ebe6d016c9f53d572\setupres.1046.dll
c:\241276df3ebe6d016c9f53d572\setupres.1049.dll
c:\241276df3ebe6d016c9f53d572\setupres.1053.dll
c:\241276df3ebe6d016c9f53d572\setupres.1055.dll
c:\241276df3ebe6d016c9f53d572\setupres.2052.dll
c:\241276df3ebe6d016c9f53d572\setupres.2070.dll
c:\241276df3ebe6d016c9f53d572\setupres.3082.dll
c:\241276df3ebe6d016c9f53d572\setupres.dll
c:\241276df3ebe6d016c9f53d572\SITSetup.dll
c:\241276df3ebe6d016c9f53d572\vs_setup.dll
c:\241276df3ebe6d016c9f53d572\vs_setup.MS_
c:\241276df3ebe6d016c9f53d572\vs_setup.pdi
c:\241276df3ebe6d016c9f53d572\vs70uimgr.dll
c:\241276df3ebe6d016c9f53d572\vsbasereqs.dll
c:\241276df3ebe6d016c9f53d572\vsscenario.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1025.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1028.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1029.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1030.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1031.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1032.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1035.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1036.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1037.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1038.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1040.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1041.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1042.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1043.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1044.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1045.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1046.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1049.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1053.dll
c:\241276df3ebe6d016c9f53d572\WapRes.1055.dll
c:\241276df3ebe6d016c9f53d572\WapRes.2052.dll
c:\241276df3ebe6d016c9f53d572\WapRes.2070.dll
c:\241276df3ebe6d016c9f53d572\WapRes.3082.dll
c:\241276df3ebe6d016c9f53d572\WapRes.dll
c:\241276df3ebe6d016c9f53d572\WapUI.dll
C:\2e6d2256aab82b6c43ba51fe2a0c99
c:\2e6d2256aab82b6c43ba51fe2a0c99\baseline.dat
c:\2e6d2256aab82b6c43ba51fe2a0c99\deffactory.dat
c:\2e6d2256aab82b6c43ba51fe2a0c99\DeleteTemp.exe
c:\2e6d2256aab82b6c43ba51fe2a0c99\dlmgr.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\DW20.EXE
c:\2e6d2256aab82b6c43ba51fe2a0c99\DWINTL20.DLL
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1025.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1028.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1029.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1030.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1031.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1032.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1033.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1035.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1036.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1037.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1038.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1040.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1041.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1042.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1043.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1044.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1045.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1046.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1049.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1053.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.1055.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.2052.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.2070.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\eula.3082.rtf
c:\2e6d2256aab82b6c43ba51fe2a0c99\gencomp.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\HtmlLite.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1025.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1028.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1029.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1030.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1031.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1032.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1035.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1036.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1037.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1038.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1040.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1041.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1042.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1043.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1044.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1045.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1046.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1049.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1053.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.1055.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.2052.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.2070.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.3082.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\locdata.ini
c:\2e6d2256aab82b6c43ba51fe2a0c99\logo.bmp
c:\2e6d2256aab82b6c43ba51fe2a0c99\setup.exe
c:\2e6d2256aab82b6c43ba51fe2a0c99\setup.sdb
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1025.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1028.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1029.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1030.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1031.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1032.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1035.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1036.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1037.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1038.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1040.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1041.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1042.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1043.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1044.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1045.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1046.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1049.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1053.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.1055.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.2052.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.2070.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.3082.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\setupres.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\SITSetup.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\vs_setup.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\vs_setup.MS_
c:\2e6d2256aab82b6c43ba51fe2a0c99\vs_setup.pdi
c:\2e6d2256aab82b6c43ba51fe2a0c99\vs70uimgr.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\vsbasereqs.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\vsscenario.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1025.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1028.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1029.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1030.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1031.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1032.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1035.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1036.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1037.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1038.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1040.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1041.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1042.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1043.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1044.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1045.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1046.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1049.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1053.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.1055.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.2052.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.2070.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.3082.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapRes.dll
c:\2e6d2256aab82b6c43ba51fe2a0c99\WapUI.dll
C:\7ce96d229b784ae6cd21ba56ef
c:\7ce96d229b784ae6cd21ba56ef\$shtdwn$.req
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\aspnet.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\clr.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\crt.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\dw.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\netfx_ca.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\netfx_core.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\netfx_other.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\netfx20a_x86.msi
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\prexp.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx20\winforms.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\netfx30a_x86.msi
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\rgb9rast_x86.msi
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wcf.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wcs.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wf.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wf_32.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wic_x86_enu.exe
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wpf_other.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wpf_other_32.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wpf1.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wpf2.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\wpf2_32.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\x86\msxml6.msi
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\xps.msp
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx30\xpsepsc-x86-en-us.exe
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx35\x86\netfx35_x86.exe
c:\7ce96d229b784ae6cd21ba56ef\dotnetfx35setup.exe
c:\7ce96d229b784ae6cd21ba56ef\tools\clwireg.exe
C:\f151f900aa74175e72c1
c:\f151f900aa74175e72c1\$shtdwn$.req
c:\f151f900aa74175e72c1\mrt.exe._p
c:\f151f900aa74175e72c1\mrtstub.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-23 do 2009-12-23 )))))))))))))))))))))))))))))))
.
2009-12-23 09:01 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-23 09:01 . 2009-12-23 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-23 09:01 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 17:02 . 2009-12-23 10:53 -------- d-----w- C:\Sshock2
2009-12-20 14:06 . 2009-10-21 05:40 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-20 14:06 . 2009-10-21 05:40 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-20 14:06 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-20 11:14 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-20 11:14 . 2009-10-29 07:43 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-20 11:14 . 2009-10-29 07:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-20 11:14 . 2009-10-29 07:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-20 11:14 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-20 11:14 . 2009-10-29 07:43 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-20 11:14 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-20 10:50 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-12-20 10:50 . 2008-04-14 07:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-20 10:50 . 2007-06-26 10:30 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-12-20 10:50 . 2007-06-26 10:26 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-12-20 10:45 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-12-20 10:11 . 2009-12-20 10:11 0 ----a-w- c:\windows\nsreg.dat
2009-12-20 10:11 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-20 10:11 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2009-12-20 10:09 . 2009-10-12 13:40 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-12-20 10:09 . 2009-10-12 13:40 150016 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-12-20 10:03 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-20 10:03 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-20 10:03 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-20 10:03 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-20 10:03 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-20 10:03 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-20 10:03 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-20 10:03 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-20 10:02 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-20 09:56 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-20 09:55 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-20 09:55 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-20 09:55 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-20 09:55 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-20 09:55 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-20 09:55 . 2009-10-13 10:34 271360 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-12-20 09:54 . 2009-08-04 17:29 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-20 09:54 . 2009-08-04 17:29 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-20 09:54 . 2009-08-04 17:29 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-20 09:54 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-20 09:54 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-20 09:54 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-20 08:36 . 2007-10-29 12:00 29184 -c--a-w- c:\windows\system32\dllcache\sm8cw.dll
2009-12-20 08:35 . 2001-10-24 11:24 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2009-12-20 08:34 . 2007-10-29 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-12-20 08:33 . 2007-10-29 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2009-12-20 08:33 . 2007-10-29 12:00 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2009-12-20 08:33 . 2007-10-29 12:00 29184 -c--a-w- c:\windows\system32\dllcache\asptxn.dll
2009-12-20 08:33 . 2007-10-29 12:00 10240 -c--a-w- c:\windows\system32\dllcache\aspperf.dll
2009-12-20 08:33 . 2001-10-24 11:24 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-12-20 08:33 . 2007-10-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2009-12-20 08:33 . 2007-10-29 12:00 50176 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2009-12-20 08:33 . 2001-10-24 11:24 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-12-20 08:33 . 2007-10-29 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2009-12-20 08:33 . 2003-04-14 19:48 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2009-12-20 08:32 . 2007-10-29 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-12-20 08:32 . 2007-10-29 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-12-20 08:32 . 2007-10-29 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-12-20 08:32 . 2007-10-29 12:00 171008 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2009-12-20 08:32 . 2007-10-29 12:00 14848 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2009-12-20 08:32 . 2007-10-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-12-20 08:32 . 2003-04-14 19:48 212992 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2009-12-20 08:29 . 2007-10-29 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-20 08:15 . 2007-10-29 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-20 08:15 . 2007-10-29 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-20 08:15 . 2007-10-29 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-20 08:15 . 2007-10-29 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-14 13:24 . 2009-12-14 13:24 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- c:\program files\Reference Assemblies
2009-12-14 13:23 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- C:\ab0955fdaded45c86821adb2
2009-12-14 13:23 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2009-12-14 13:23 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2009-12-14 13:23 . 2008-07-06 12:06 117760 ----a-w- c:\windows\system32\prntvpt.dll
2009-12-14 13:23 . 2008-07-06 10:50 597504 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-04 14:05 . 2009-12-04 14:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-04 13:45 . 2009-12-04 13:45 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-04 13:45 . 2009-12-04 13:45 -------- d-----w- c:\windows\system32\AGEIA
2009-12-04 13:24 . 2009-12-04 13:45 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-03 13:38 . 2009-12-03 13:38 -------- d-----w- c:\program files\Common Files\BinarySense
2009-12-02 19:53 . 2009-12-02 20:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 08:57 . 2009-11-01 15:27 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-20 08:54 . 2007-10-29 12:00 519256 ----a-w- c:\windows\system32\perfh005.dat
2009-12-20 08:54 . 2007-10-29 12:00 105046 ----a-w- c:\windows\system32\perfc005.dat
2009-12-20 08:27 . 2008-05-20 13:23 23028 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-15 15:56 . 2009-03-08 19:35 -------- d-----w- c:\program files\BOINC
2009-12-14 13:23 . 2008-10-18 15:11 -------- d-----w- c:\program files\MSBuild
2009-12-12 08:33 . 2008-07-21 16:50 -------- d-----w- c:\program files\DOSBox-0.72
2009-12-10 15:05 . 2009-11-21 13:21 -------- d-----w- c:\program files\SpeedFan
2009-12-04 21:25 . 2009-09-22 17:50 110360 ----a-w- c:\windows\War3Unin.dat
2009-12-04 13:45 . 2008-06-19 17:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-03 13:37 . 2008-05-20 13:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 13:01 . 2009-02-28 14:14 -------- d-----w- c:\program files\Java
2009-11-09 20:19 . 2009-03-09 18:30 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-02 13:59 . 2009-10-30 21:19 -------- d-----w- c:\program files\Trend Micro
2009-11-01 15:27 . 2008-05-24 16:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-30 09:59 . 2009-10-30 09:59 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-10-30 09:59 . 2009-10-30 09:59 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-10-30 09:59 . 2009-10-30 09:59 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-10-30 09:58 . 2009-10-30 09:58 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-10-29 08:53 . 2009-03-09 18:29 -------- d-----w- c:\program files\AVG
2009-10-29 08:53 . 2009-03-09 18:30 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-29 08:53 . 2008-06-19 17:26 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-29 08:53 . 2009-03-09 18:30 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-29 08:53 . 2009-03-09 18:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-29 07:43 . 2007-10-29 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-26 13:33 . 2009-10-26 13:33 -------- d-----w- c:\program files\Lavasoft
2009-10-21 05:40 . 2007-10-29 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2007-10-29 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2007-10-29 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2007-10-29 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2007-10-29 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2007-10-29 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-02-28 14:14 411368 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 11:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2006-12-19 310792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-23 2033432]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2008-12-09 4289280]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-12-09 58112]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2007-10-29 44544]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-29 08:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\gottfried\Local Settings\Data aplikací\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"boincmgr"="c:\program files\BOINC\boincmgr.exe" /a /s
"boinctray"="c:\program files\BOINC\boinctray.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\HRY\\Dungeon Siege\\DSLOA.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\7-Zip\\7zFMn.exe"=
"c:\\HRY\\Dungeon Siege\\DungeonSiege.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\HRY\\Counter\\cstrike.exe"=
"c:\\HRY\\Counter\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\HRY\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\HRY\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\HRY\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9.3.2009 19:30 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9.3.2009 19:30 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9.3.2009 19:30 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [29.10.2009 9:53 285392]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.5.2008 17:37 691696]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\hry\Dragon Age\bin_ship\daupdatersvc.service.exe [4.12.2009 14:39 25832]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 16.129.0.13:3128
TCP: {BF9F6FB4-9FD6-442D-B379-55060CF3B306} = 90.183.115.6,90.183.115.11
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 12:03
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\SecuROM\License information*]
"datasecu"=hex:bd,4d,d9,44,74,36,a8,24,d8,4b,01,83,e4,41,1b,25,6d,c8,23,d5,03,
76,24,29,03,42,ef,90,26,f6,97,ce,e6,bc,2d,6e,68,ff,5d,ac,55,cb,63,26,e7,67,\
"rkeysecu"=hex:f8,b4,8c,4b,e8,79,bf,6d,8f,97,64,c4,fd,35,16,4b
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3828)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\BOINC\boinc.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\www.worldcommunitygrid.org\wcg_hcmd2_maxdo_6.14_windows_intelx86
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
.
**************************************************************************
.
Celkový čas: 2009-12-23 12:06:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-23 11:06
Před spuštěním: Volných bajtů: 152 936 497 152
Po spuštění: Volných bajtů: 152 841 216 000
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 01147C7A0B2A2B10E5ABA366BD05CB99
Re: Prosím o kontrolu logu - asi tam mám trojany
Este jeden CFScript, tentokrat v tomto zneni:
Kód: Vybrat vše
KillAll::
RegLock::
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\Microsoft\SystemCertificates\AddressBook*]
RegNull::
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\Microsoft\SystemCertificates\AddressBook*]
FixCSet::Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
-
Jelito2008
- Level 1
- Příspěvky: 65
- Registrován: říjen 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - asi tam mám trojany
ComboFix 09-12-22.03 - gottfried 23.12.2009 20:53:59.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1517 [GMT 1:00]
Spuštěný z: c:\documents and settings\gottfried\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\gottfried\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\LOG.TXT
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-23 do 2009-12-23 )))))))))))))))))))))))))))))))
.
2009-12-23 09:01 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-23 09:01 . 2009-12-23 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-23 09:01 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 17:02 . 2009-12-23 12:26 -------- d-----w- C:\Sshock2
2009-12-20 14:06 . 2009-10-21 05:40 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-20 14:06 . 2009-10-21 05:40 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-20 14:06 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-20 11:14 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-20 11:14 . 2009-10-29 07:43 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-20 11:14 . 2009-10-29 07:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-20 11:14 . 2009-10-29 07:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-20 11:14 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-20 11:14 . 2009-10-29 07:43 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-20 11:14 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-20 10:50 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-12-20 10:50 . 2008-04-14 07:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-20 10:50 . 2007-06-26 10:30 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-12-20 10:50 . 2007-06-26 10:26 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-12-20 10:45 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-12-20 10:11 . 2009-12-20 10:11 0 ----a-w- c:\windows\nsreg.dat
2009-12-20 10:11 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-20 10:11 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2009-12-20 10:09 . 2009-10-12 13:40 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-12-20 10:09 . 2009-10-12 13:40 150016 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-12-20 10:03 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-20 10:03 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-20 10:03 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-20 10:03 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-20 10:03 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-20 10:03 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-20 10:03 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-20 10:03 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-20 10:02 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-20 09:56 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-20 09:55 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-20 09:55 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-20 09:55 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-20 09:55 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-20 09:55 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-20 09:55 . 2009-10-13 10:34 271360 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-12-20 09:54 . 2009-08-04 17:29 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-20 09:54 . 2009-08-04 17:29 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-20 09:54 . 2009-08-04 17:29 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-20 09:54 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-20 09:54 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-20 09:54 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-20 08:36 . 2007-10-29 12:00 29184 -c--a-w- c:\windows\system32\dllcache\sm8cw.dll
2009-12-20 08:35 . 2001-10-24 11:24 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2009-12-20 08:34 . 2007-10-29 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-12-20 08:33 . 2007-10-29 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2009-12-20 08:33 . 2007-10-29 12:00 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2009-12-20 08:33 . 2007-10-29 12:00 29184 -c--a-w- c:\windows\system32\dllcache\asptxn.dll
2009-12-20 08:33 . 2007-10-29 12:00 10240 -c--a-w- c:\windows\system32\dllcache\aspperf.dll
2009-12-20 08:33 . 2001-10-24 11:24 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-12-20 08:33 . 2007-10-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2009-12-20 08:33 . 2007-10-29 12:00 50176 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2009-12-20 08:33 . 2001-10-24 11:24 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-12-20 08:33 . 2007-10-29 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2009-12-20 08:33 . 2003-04-14 19:48 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2009-12-20 08:32 . 2007-10-29 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-12-20 08:32 . 2007-10-29 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-12-20 08:32 . 2007-10-29 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-12-20 08:32 . 2007-10-29 12:00 171008 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2009-12-20 08:32 . 2007-10-29 12:00 14848 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2009-12-20 08:32 . 2007-10-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-12-20 08:32 . 2003-04-14 19:48 212992 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2009-12-20 08:29 . 2007-10-29 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-20 08:15 . 2007-10-29 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-20 08:15 . 2007-10-29 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-20 08:15 . 2007-10-29 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-20 08:15 . 2007-10-29 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-14 13:24 . 2009-12-14 13:24 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- c:\program files\Reference Assemblies
2009-12-14 13:23 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- C:\ab0955fdaded45c86821adb2
2009-12-14 13:23 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2009-12-14 13:23 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2009-12-14 13:23 . 2008-07-06 12:06 117760 ----a-w- c:\windows\system32\prntvpt.dll
2009-12-14 13:23 . 2008-07-06 10:50 597504 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-04 14:05 . 2009-12-04 14:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-04 13:45 . 2009-12-04 13:45 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-04 13:45 . 2009-12-04 13:45 -------- d-----w- c:\windows\system32\AGEIA
2009-12-04 13:24 . 2009-12-04 13:45 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-03 13:38 . 2009-12-03 13:38 -------- d-----w- c:\program files\Common Files\BinarySense
2009-12-02 19:53 . 2009-12-02 20:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 11:15 . 2009-11-21 13:21 -------- d-----w- c:\program files\SpeedFan
2009-12-20 08:57 . 2009-11-01 15:27 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-20 08:54 . 2007-10-29 12:00 519256 ----a-w- c:\windows\system32\perfh005.dat
2009-12-20 08:54 . 2007-10-29 12:00 105046 ----a-w- c:\windows\system32\perfc005.dat
2009-12-20 08:27 . 2008-05-20 13:23 23028 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-15 15:56 . 2009-03-08 19:35 -------- d-----w- c:\program files\BOINC
2009-12-14 13:23 . 2008-10-18 15:11 -------- d-----w- c:\program files\MSBuild
2009-12-12 08:33 . 2008-07-21 16:50 -------- d-----w- c:\program files\DOSBox-0.72
2009-12-04 21:25 . 2009-09-22 17:50 110360 ----a-w- c:\windows\War3Unin.dat
2009-12-04 13:45 . 2008-06-19 17:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-03 13:37 . 2008-05-20 13:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 13:01 . 2009-02-28 14:14 -------- d-----w- c:\program files\Java
2009-11-09 20:19 . 2009-03-09 18:30 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-02 13:59 . 2009-10-30 21:19 -------- d-----w- c:\program files\Trend Micro
2009-11-01 15:27 . 2008-05-24 16:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-30 09:59 . 2009-10-30 09:59 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-10-30 09:59 . 2009-10-30 09:59 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-10-30 09:59 . 2009-10-30 09:59 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-10-30 09:58 . 2009-10-30 09:58 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-10-29 08:53 . 2009-03-09 18:29 -------- d-----w- c:\program files\AVG
2009-10-29 08:53 . 2009-03-09 18:30 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-29 08:53 . 2008-06-19 17:26 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-29 08:53 . 2009-03-09 18:30 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-29 08:53 . 2009-03-09 18:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-29 07:43 . 2007-10-29 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-26 13:33 . 2009-10-26 13:33 -------- d-----w- c:\program files\Lavasoft
2009-10-21 05:40 . 2007-10-29 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2007-10-29 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2007-10-29 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2007-10-29 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2007-10-29 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2007-10-29 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-02-28 14:14 411368 ----a-w- c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-23_11.02.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-23 20:00 . 2009-12-23 20:00 16384 c:\windows\temp\Perflib_Perfdata_630.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 11:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2006-12-19 310792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-23 2033432]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2008-12-09 4289280]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-12-09 58112]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2007-10-29 44544]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-29 08:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\gottfried\Local Settings\Data aplikací\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"boincmgr"="c:\program files\BOINC\boincmgr.exe" /a /s
"boinctray"="c:\program files\BOINC\boinctray.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\HRY\\Dungeon Siege\\DSLOA.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\7-Zip\\7zFMn.exe"=
"c:\\HRY\\Dungeon Siege\\DungeonSiege.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\HRY\\Counter\\cstrike.exe"=
"c:\\HRY\\Counter\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\HRY\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\HRY\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\HRY\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9.3.2009 19:30 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9.3.2009 19:30 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9.3.2009 19:30 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [29.10.2009 9:53 285392]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.5.2008 17:37 691696]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\hry\Dragon Age\bin_ship\daupdatersvc.service.exe [4.12.2009 14:39 25832]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 16.129.0.13:3128
TCP: {BF9F6FB4-9FD6-442D-B379-55060CF3B306} = 90.183.115.6,90.183.115.11
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 21:01
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\SecuROM\License information*]
"datasecu"=hex:bd,4d,d9,44,74,36,a8,24,d8,4b,01,83,e4,41,1b,25,6d,c8,23,d5,03,
76,24,29,03,42,ef,90,26,f6,97,ce,e6,bc,2d,6e,68,ff,5d,ac,55,cb,63,26,e7,67,\
"rkeysecu"=hex:f8,b4,8c,4b,e8,79,bf,6d,8f,97,64,c4,fd,35,16,4b
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(708)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\BOINC\boinc.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\www.worldcommunitygrid.org\wcg_hcmd2_maxdo_6.14_windows_intelx86
c:\documents and settings\All Users\Data aplikací\BOINC\projects\www.worldcommunitygrid.org\wcg_hcmd2_maxdo_6.14_windows_intelx86
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
.
**************************************************************************
.
Celkový čas: 2009-12-23 21:04:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-23 20:04
ComboFix2.txt 2009-12-23 11:06
Před spuštěním: Volných bajtů: 152 750 256 128
Po spuštění: Volných bajtů: 152 757 129 216
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 20CF77891BDBF1F2BE1BB9281433C7F6
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1517 [GMT 1:00]
Spuštěný z: c:\documents and settings\gottfried\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\gottfried\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\LOG.TXT
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-23 do 2009-12-23 )))))))))))))))))))))))))))))))
.
2009-12-23 09:01 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-23 09:01 . 2009-12-23 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-23 09:01 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 17:02 . 2009-12-23 12:26 -------- d-----w- C:\Sshock2
2009-12-20 14:06 . 2009-10-21 05:40 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-12-20 14:06 . 2009-10-21 05:40 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-12-20 14:06 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-20 11:14 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-20 11:14 . 2009-10-29 07:43 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-20 11:14 . 2009-10-29 07:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-20 11:14 . 2009-10-29 07:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-20 11:14 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-20 11:14 . 2009-10-29 07:43 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-20 11:14 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-20 10:50 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-12-20 10:50 . 2008-04-14 07:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-20 10:50 . 2007-06-26 10:30 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-12-20 10:50 . 2007-06-26 10:26 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-12-20 10:45 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-12-20 10:11 . 2009-12-20 10:11 0 ----a-w- c:\windows\nsreg.dat
2009-12-20 10:11 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-20 10:11 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2009-12-20 10:09 . 2009-10-12 13:40 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-12-20 10:09 . 2009-10-12 13:40 150016 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-12-20 10:03 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-20 10:03 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-20 10:03 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-20 10:03 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-20 10:03 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-20 10:03 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-20 10:03 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-20 10:03 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-20 10:02 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-20 09:56 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-20 09:55 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-20 09:55 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-20 09:55 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-20 09:55 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-20 09:55 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-20 09:55 . 2009-10-13 10:34 271360 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-12-20 09:54 . 2009-08-04 17:29 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-20 09:54 . 2009-08-04 17:29 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-20 09:54 . 2009-08-04 17:29 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-20 09:54 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-20 09:54 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-20 09:54 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-20 08:36 . 2007-10-29 12:00 29184 -c--a-w- c:\windows\system32\dllcache\sm8cw.dll
2009-12-20 08:35 . 2001-10-24 11:24 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2009-12-20 08:34 . 2007-10-29 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-12-20 08:33 . 2007-10-29 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2009-12-20 08:33 . 2007-10-29 12:00 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2009-12-20 08:33 . 2007-10-29 12:00 29184 -c--a-w- c:\windows\system32\dllcache\asptxn.dll
2009-12-20 08:33 . 2007-10-29 12:00 10240 -c--a-w- c:\windows\system32\dllcache\aspperf.dll
2009-12-20 08:33 . 2001-10-24 11:24 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-12-20 08:33 . 2007-10-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2009-12-20 08:33 . 2007-10-29 12:00 50176 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2009-12-20 08:33 . 2001-10-24 11:24 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-12-20 08:33 . 2007-10-29 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2009-12-20 08:33 . 2003-04-14 19:48 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2009-12-20 08:32 . 2007-10-29 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-12-20 08:32 . 2007-10-29 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-12-20 08:32 . 2007-10-29 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-12-20 08:32 . 2007-10-29 12:00 171008 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2009-12-20 08:32 . 2007-10-29 12:00 14848 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2009-12-20 08:32 . 2007-10-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-12-20 08:32 . 2003-04-14 19:48 212992 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2009-12-20 08:29 . 2007-10-29 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-20 08:15 . 2007-10-29 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-20 08:15 . 2007-10-29 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-20 08:15 . 2007-10-29 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-20 08:15 . 2007-10-29 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-14 13:24 . 2009-12-14 13:24 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- c:\program files\Reference Assemblies
2009-12-14 13:23 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-----w- C:\ab0955fdaded45c86821adb2
2009-12-14 13:23 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2009-12-14 13:23 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2009-12-14 13:23 . 2008-07-06 12:06 117760 ----a-w- c:\windows\system32\prntvpt.dll
2009-12-14 13:23 . 2008-07-06 10:50 597504 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-14 13:23 . 2009-12-14 13:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-04 14:05 . 2009-12-04 14:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-04 13:45 . 2009-12-04 13:45 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-04 13:45 . 2009-12-04 13:45 -------- d-----w- c:\windows\system32\AGEIA
2009-12-04 13:24 . 2009-12-04 13:45 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-03 13:38 . 2009-12-03 13:38 -------- d-----w- c:\program files\Common Files\BinarySense
2009-12-02 19:53 . 2009-12-02 20:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 11:15 . 2009-11-21 13:21 -------- d-----w- c:\program files\SpeedFan
2009-12-20 08:57 . 2009-11-01 15:27 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-20 08:54 . 2007-10-29 12:00 519256 ----a-w- c:\windows\system32\perfh005.dat
2009-12-20 08:54 . 2007-10-29 12:00 105046 ----a-w- c:\windows\system32\perfc005.dat
2009-12-20 08:27 . 2008-05-20 13:23 23028 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-15 15:56 . 2009-03-08 19:35 -------- d-----w- c:\program files\BOINC
2009-12-14 13:23 . 2008-10-18 15:11 -------- d-----w- c:\program files\MSBuild
2009-12-12 08:33 . 2008-07-21 16:50 -------- d-----w- c:\program files\DOSBox-0.72
2009-12-04 21:25 . 2009-09-22 17:50 110360 ----a-w- c:\windows\War3Unin.dat
2009-12-04 13:45 . 2008-06-19 17:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-03 13:37 . 2008-05-20 13:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 13:01 . 2009-02-28 14:14 -------- d-----w- c:\program files\Java
2009-11-09 20:19 . 2009-03-09 18:30 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-02 13:59 . 2009-10-30 21:19 -------- d-----w- c:\program files\Trend Micro
2009-11-01 15:27 . 2008-05-24 16:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-30 09:59 . 2009-10-30 09:59 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-10-30 09:59 . 2009-10-30 09:59 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-10-30 09:59 . 2009-10-30 09:59 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-10-30 09:58 . 2009-10-30 09:58 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-10-29 08:53 . 2009-03-09 18:29 -------- d-----w- c:\program files\AVG
2009-10-29 08:53 . 2009-03-09 18:30 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-29 08:53 . 2008-06-19 17:26 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-29 08:53 . 2009-03-09 18:30 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-29 08:53 . 2009-03-09 18:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-29 07:43 . 2007-10-29 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-26 13:33 . 2009-10-26 13:33 -------- d-----w- c:\program files\Lavasoft
2009-10-21 05:40 . 2007-10-29 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2007-10-29 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2007-10-29 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2007-10-29 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2007-10-29 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2007-10-29 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-02-28 14:14 411368 ----a-w- c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-23_11.02.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-23 20:00 . 2009-12-23 20:00 16384 c:\windows\temp\Perflib_Perfdata_630.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 11:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2006-12-19 310792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-23 2033432]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2008-12-09 4289280]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-12-09 58112]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2007-10-29 44544]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-29 08:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\gottfried\Local Settings\Data aplikací\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"boincmgr"="c:\program files\BOINC\boincmgr.exe" /a /s
"boinctray"="c:\program files\BOINC\boinctray.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\HRY\\Dungeon Siege\\DSLOA.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\7-Zip\\7zFMn.exe"=
"c:\\HRY\\Dungeon Siege\\DungeonSiege.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\HRY\\Counter\\cstrike.exe"=
"c:\\HRY\\Counter\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\HRY\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\HRY\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\HRY\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9.3.2009 19:30 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9.3.2009 19:30 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9.3.2009 19:30 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [29.10.2009 9:53 285392]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.5.2008 17:37 691696]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\hry\Dragon Age\bin_ship\daupdatersvc.service.exe [4.12.2009 14:39 25832]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 16.129.0.13:3128
TCP: {BF9F6FB4-9FD6-442D-B379-55060CF3B306} = 90.183.115.6,90.183.115.11
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 21:01
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2683955804-987046154-540425850-1004\Software\SecuROM\License information*]
"datasecu"=hex:bd,4d,d9,44,74,36,a8,24,d8,4b,01,83,e4,41,1b,25,6d,c8,23,d5,03,
76,24,29,03,42,ef,90,26,f6,97,ce,e6,bc,2d,6e,68,ff,5d,ac,55,cb,63,26,e7,67,\
"rkeysecu"=hex:f8,b4,8c,4b,e8,79,bf,6d,8f,97,64,c4,fd,35,16,4b
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(708)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\BOINC\boinc.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\www.worldcommunitygrid.org\wcg_hcmd2_maxdo_6.14_windows_intelx86
c:\documents and settings\All Users\Data aplikací\BOINC\projects\www.worldcommunitygrid.org\wcg_hcmd2_maxdo_6.14_windows_intelx86
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\freehal.net_freehal_at_home\freehalboinc_20091212.094255_windows_intelx86.exe
.
**************************************************************************
.
Celkový čas: 2009-12-23 21:04:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-23 20:04
ComboFix2.txt 2009-12-23 11:06
Před spuštěním: Volných bajtů: 152 750 256 128
Po spuštění: Volných bajtů: 152 757 129 216
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 20CF77891BDBF1F2BE1BB9281433C7F6
Re: Prosím o kontrolu logu - asi tam mám trojany
Ako sa sprava PC z tvojho pohladu?
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
-
Jelito2008
- Level 1
- Příspěvky: 65
- Registrován: říjen 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - asi tam mám trojany
Aha, omlouvám se, zopakuju pod administrátorem 
Re: Prosím o kontrolu logu - asi tam mám trojany
Netreba...len mi odpovedz na otazku :)
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
-
Jelito2008
- Level 1
- Příspěvky: 65
- Registrován: říjen 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - asi tam mám trojany
Před dvěma dny jsem musel reinstalovat Windows, ale od té doby všechno šlape. Tohle byla jen preventivní kontrola.
Re: Prosím o kontrolu logu - asi tam mám trojany
To si celkom rychly, za dve dni nakazit PC
1) Docistime to:
2) Vloz log z HJT.
V pripade nezrovnalosti sa >>tu<< nachadza navod.
1) Docistime to:
- Odinstaluj Combofix:
Start -> Spustit -> (napis) combofix /uninstall
- Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).
- Precisti PC CCleanerom (vratane registrov).
- Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).
2) Vloz log z HJT.
V pripade nezrovnalosti sa >>tu<< nachadza navod.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 107 hostů