Problém se Security Tool.

Damned · Příspěvekod **Damned** » 20 bře 2010 23:29

Před každým pokusem o odstranění se může ten šmejdík pokusit zapsat položky do registru a zkopírovat se do System Volume Information (Bodů obnovy).
Tak ještě ty prohlížeče:

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="\"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command]
@="\"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE\""

Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory , najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání hodnoty do registru. Schval.

Pak zas ten SystemLook s parametrem :regfind. Pokud už nic nenajde, tak pokračuj tím MbAM (návod na první stránce).

Reklama

opice · Příspěvekod **opice** » 20 bře 2010 23:52

Mno tak SystemLook nic ale za to MbAM:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3888
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

20.3.2010 23:49:17
mbam-log-2010-03-20 (23-49-07).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 116613
Uplynulý čas: 6 minute(s), 17 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 9
Infikované hodnoty registru: 4
Infikované datové položky registru: 6
Infikované adresáře: 7
Infikované soubory: 42

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\75a35958 (Rootkit.Rustock) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\acpi32 (SpamTool.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i386si (SpamTool.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\port135sik (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

Infikované adresáře:
C:\Program Files\Advantage (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> No action taken.

Infikované soubory:
c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Documents and Settings\Petra\Local Settings\Temp\herss.exe (PWS.Frethog) -> No action taken.
C:\9d6tpg.exe (Spyware.OnlineGames) -> No action taken.
C:\ey.exe (Spyware.OnlineGames) -> No action taken.
C:\autorun.inf (PWS.Frethog) -> No action taken.
C:\ji83j.exe (PWS.Frethog) -> No action taken.
C:\k1d.exe (Spyware.OnlineGames) -> No action taken.
C:\tgt.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\drivers\5f5a9b0884510f48791ef798b22b33ba.szcpf (Rootkit.Rustock) -> No action taken.
C:\WINDOWS\system32\drivers\75a35958.sys (Rootkit.Rustock) -> No action taken.
C:\Documents and Settings\Petra\Local Settings\Temp\~TM5CA.tmp (Trojan.Agent) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\MSASCui.exe (Rogue.MultipleAV) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\vma.exe (Rogue.MultipleAV) -> No action taken.
C:\9qqigqwf.exe (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\av.exe (Rogue.MultipleAV) -> No action taken.
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> No action taken.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> No action taken.
C:\Documents and Settings\Petra\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\Petra\Local Settings\Temp\BN37.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Petra\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\Petra\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\Temp\wpv881243627542.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\Documents and Settings\Petra\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\Documents and Settings\Petra\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\config\Systemprofile\wuaucldt.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Windows Defender\av.exe (Rogue.MultipleAV) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Windows Defender\MSASCui.exe (Rogue.MultipleAV) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Windows Defender\vma.exe (Rogue.MultipleAV) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

Damned · Příspěvekod **Damned** » 21 bře 2010 00:04

Naajdi a smaž i tento (červený) soubor:
c:\WINDOWS\system32\Regedit.exe
Ten má být jen ve složce Windows a i386.

Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

opice · Příspěvekod **opice** » 21 bře 2010 00:16

V system32 je akorat nejakej "regedt32.exe"

:filefind
regedit.exe pise:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 00:11 on 21/03/2010 by Petra (Administrator - Elevation successful)

========== filefind ==========

Searching for "regedit.exe"
C:\WINDOWS\regedit.exe --a--- 147968 bytes [13:49 17/08/2004] [13:49 17/08/2004] CB5A91928D94224E7E30EE277B45E8A3
C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\regedit.exe --a--c 147968 bytes [03:22 14/04/2008] [03:22 14/04/2008] FDEB1D02CAE38665CBF114F44E6B997E
C:\WINDOWS\system32\dllcache\regedit.exe --a--c 147968 bytes [13:49 17/08/2004] [13:49 17/08/2004] CB5A91928D94224E7E30EE277B45E8A3

-=End Of File=-

Damned · Příspěvekod **Damned** » 21 bře 2010 00:24

V úvodním logu HJT je vidět na O4. Je možné, že to je jen záznam. V těch zbylých složkách může být.

Tak pokračuj smazáním v MbAM a ComboFixem.

opice · Příspěvekod **opice** » 21 bře 2010 00:42

Krom jednoho se to smazalo a chtelo to reset - zatim radsi cekam.
Btw. celou dobu jsem v nouzovem rezimu se siti..

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3888
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

21.3.2010 0:41:38
mbam-log-2010-03-21 (00-41-36).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 116855
Uplynulý čas: 5 minute(s), 54 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 3
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Petra\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

Damned · Příspěvekod **Damned** » 21 bře 2010 00:46

Smaž to a povol restart. Win by měl naběhnout normálně. Pak ten log a ComboFix.

opice · Příspěvekod **opice** » 21 bře 2010 14:11

Dobrý nový den :smile:

Uz to cca funguje, firefox.exe ten vir sezral uz na zacatku, ale ted uz se alespon IE nespusti nefunkcni s blikajicima 2ma adresnima radkama a 2x radkou se zalozkama atd.
Po davno smazanem ICQ v program files zustavaji 3 adresare (smazat?) a ten na zacatku zminovany ICQ6toolbar ma sice uninstall, coz akorat skoci na stranku ICQ kde je napsano, ze se to smazalo, ale jinak to na disku je ve stejne podobe.
MbAM tan i pres nekolikaty pokus necha 2 potvory.

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3888
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

21.3.2010 13:24:01
mbam-log-2010-03-21 (13-23-56).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 117847
Uplynulý čas: 4 minute(s), 58 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 2
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§

a Combo Log:

ComboFix 10-03-20.04 - Petra 21.03.2010 13:46:36.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1015.521 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petra\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bveijo.exe
C:\df.exe
c:\documents and settings\Petra\Local Settings\Temporary Internet Files\7GEBQIQ.jpg
c:\documents and settings\Petra\Local Settings\Temporary Internet Files\HtT5m6BA.jpg
c:\documents and settings\Petra\Local Settings\Temporary Internet Files\xC5tP8.jpg
c:\documents and settings\Petra\Local Settings\Temporary Internet Files\Y8a0D.jpg
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\fjhdyfhsn.bat
c:\windows\wiaservim.log
C:\ws.exe
D:\9d6tpg.exe
D:\9qqigqwf.exe
D:\Autorun.inf
D:\bveijo.exe
D:\df.exe
D:\ey.exe
D:\ji83j.exe
D:\tgt.exe
D:\ws.exe

c:\windows\system32\drivers\cdrom.sys . . . chybí !!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPI32
-------\Legacy_I386SI
-------\Legacy_PORT135SIK

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-21 do 2010-03-21 )))))))))))))))))))))))))))))))
.

2010-03-20 22:38 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-20 22:38 . 2010-03-20 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-20 22:38 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-20 16:12 . 2010-03-20 16:12 -------- d-----w- C:\rsit
2010-03-20 09:32 . 2010-03-20 09:32 16384 ---ha-w- C:\SZKGFS.dat
2010-03-20 09:31 . 2010-03-20 09:41 -------- d-----w- c:\program files\STOPzilla!
2010-03-20 09:31 . 2010-03-20 09:31 -------- d-----w- c:\program files\Common Files\iS3
2010-03-14 19:20 . 2010-03-14 19:20 116736 --sh--r- C:\nhx.exe
2010-03-05 17:16 . 2010-03-05 17:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2010-03-05 17:14 . 2010-03-05 17:14 442368 ----a-r- c:\windows\system32\SZBase5.dll
2010-03-05 17:13 . 2010-03-05 17:13 540672 ----a-r- c:\windows\system32\SZComp5.dll
2010-02-24 14:06 . 2010-02-24 14:06 173328 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2010-02-22 21:51 . 2010-02-22 21:51 -------- d-----w- c:\program files\rajce

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 12:52 . 2010-03-21 12:52 3264 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-03-20 23:34 . 2008-01-02 19:26 -------- d-----w- c:\program files\ICQToolbar
2010-03-05 20:30 . 2009-01-02 21:18 -------- d-----w- c:\program files\The KMPlayer
2010-02-15 17:16 . 2010-02-15 17:16 -------- d-----w- c:\program files\Software602
2010-01-31 20:16 . 2010-01-31 20:16 45 ---h--w- c:\windows\dsez8528.dat
2008-05-09 19:47 . 2008-01-03 22:25 17420800 -c--a-w- c:\program files\eav_nt32_csy.msi
2008-03-29 16:11 . 2008-03-29 16:11 1207296 -c--a-w- c:\program files\bwgen31.exe
2008-01-24 21:26 . 2008-01-24 21:26 15496704 -c--a-w- c:\program files\0_solidconverterpdf.exe
2008-01-24 17:33 . 2008-01-24 16:43 194414768 -c--a-w- c:\program files\Nero-8.2.8.0_csy_trial.exe
2008-01-24 17:18 . 2008-01-24 16:49 61678444 -c--a-w- c:\program files\zps10_cz.exe
2008-01-03 21:48 . 2008-01-03 21:48 2155208 -c--a-w- c:\program files\tcmd702a.exe
2008-01-02 19:25 . 2008-01-02 19:24 13674640 -c--a-w- c:\program files\install_atlas_icq6.exe
2007-10-15 13:43 . 2007-10-15 13:38 23876904 -c--a-w- c:\program files\SkypeSetup.exe
2007-10-09 17:46 . 2007-10-09 17:45 12829368 -c--a-w- c:\program files\Install_ICQ6.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-30 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-30 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-30 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-03-29 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
"TPSMain"="TPSMain.exe" [2006-03-21 299008]
"TPSODDCtl"="TPSODDCtl.exe" [2006-03-21 102400]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-08-31 102400]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Petra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
syspck32.exe [2004-8-17 16896]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2007-10-8 155648]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-10-8 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 15:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosA2dp.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHid.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHSP.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\The KMPlayer\\KMPlayer.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\WINDOWS\\system32\\00THotkey.exe"=
"c:\\Program Files\\Apoint2K\\Apoint.exe"=
"c:\\WINDOWS\\AGRSMMSG.exe"=
"c:\\WINDOWS\\system32\\TPSMain.exe"=
"c:\\WINDOWS\\system32\\TPSODDCtl.exe"=
"c:\\WINDOWS\\system32\\thpsrv.exe"=
"c:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"=
"c:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"c:\\Program Files\\TOSHIBA\\TOSHIBA Controls\\TFncKy.exe"=
"c:\\Program Files\\TOSHIBA\\Wireless Hotkey\\TosHKCW.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFSServ.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe"=
"c:\\Program Files\\Protector Suite QL\\psqltray.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE4\\OpwareSE4.exe"=
"c:\\WINDOWS\\system32\\TPSBattM.exe"=
"c:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe"=
"c:\\Program Files\\Apoint2K\\Apntex.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtMng.exe"=
"c:\\WINDOWS\\system32\\RAMASST.exe"=
"c:\\Program Files\\WinZip\\WZQKPICK.EXE"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [7.12.2009 17:59 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [24.2.2010 15:06 173328]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [27.12.2004 22:31 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [8.10.2007 19:14 6144]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5.5.2006 17:00 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5.5.2006 16:59 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5.5.2006 16:33 3456]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [7.12.2009 17:59 61328]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [15.2.2009 14:18 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [15.2.2009 14:18 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [15.2.2009 14:18 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [15.2.2009 14:18 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [15.2.2009 14:18 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [15.2.2009 14:18 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [15.2.2009 14:18 109952]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B8FB684D-9891-41B5-BAC9-DE6D0AC61C13} = 212.158.128.2,212.158.128.3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-tpsvc - TPSvc.dll
AddRemove-Easy-PhotoPrint EX - d:\easy-photoprint ex\uninst.exe

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll

- - - - - - - > 'explorer.exe'(3836)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\TPSODDCtl.exe
c:\windows\system32\thpsrv.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\update\update.exe
.
**************************************************************************
.
Celkový čas: 2010-03-21 13:55:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-21 12:55

Před spuštěním: 897 019 904
Po spuštění: 1 672 531 968

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 0944ACB60A04CC0047CE46BDA3FFEB34

Damned · Příspěvekod **Damned** » 21 bře 2010 18:21

Odinstaluj si kompletně FF, včetně doplňků (pluginů).
*****************************************************************************************************************************************
Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
C:\rsit
C:\SZKGFS.dat
C:\nhx.exe
c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\dsez8528.dat
c:\program files\eav_nt32_csy.msi
c:\program files\bwgen31.exe
c:\documents and settings\Petra\Nabˇdka Start\Programy\Po spuçtŘnˇ\syspck32.exe
c:\documents and settings\Petra\Nabídka Start\Programy\Po spuštění\syspck32.exe
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\update\update.exe

Folder::
c:\program files\ICQToolbar
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\logon.scr"=-
"c:\\WINDOWS\\system32\\wscntfy.exe"=-
"c:\\WINDOWS\\system32\\wuauclt.exe"=-
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=-
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe"=

Registry-clean::

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
*****************************************************************************************************************************************
Start-spustit-napiš: notepad a dej OK. Do něho vlož tento celý (bledě zelený) text:

Kód: Vybrat vše

dir \cdrom.sys /a h /s > File.txt

uložho na Plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

opice · Příspěvekod **opice** » 21 bře 2010 19:45

Zásek hned na prvním bodu: FF (doufam ze je myslen firefox :smile:

) nejde pres ovladaci panely odebrat a to ani v nouzovem rezimu..

Damned · Příspěvekod **Damned** » 21 bře 2010 19:56

Zkus ho reinstalovat do stejné složky a poté odinstalovat (až vyčistíme PC dáš si ho zpět). Napíše nějakou chybu?
Pokud by ani poté nešel, pokračuj dalšímy kroky

opice · Příspěvekod **opice** » 21 bře 2010 21:10

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3888
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

21.3.2010 20:25:30
mbam-log-2010-03-21 (20-25-30).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 114693
Uplynulý čas: 3 minute(s), 19 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

ComboFix 10-03-20.06 - Petra 21.03.2010 20:45:45.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1015.610 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petra\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petra\Plocha\CFScript.txt

FILE ::
"c:\documents and settings\Petra\Nabˇdka Start\Programy\Po spuçtŘnˇ\syspck32.exe"
"c:\documents and settings\Petra\Nabídka Start\Programy\Po spuštění\syspck32.exe"
"C:\nhx.exe"
"c:\program files\bwgen31.exe"
"c:\program files\eav_nt32_csy.msi"
"C:\rsit"
"C:\SZKGFS.dat"
"c:\windows\dsez8528.dat"
"c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\update\update.exe"
"c:\windows\system32\drivers\kgpcpy.cfg"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Petra\Nabídka Start\Programy\Po spuštění\syspck32.exe
C:\nhx.exe
c:\program files\bwgen31.exe
c:\program files\eav_nt32_csy.msi
c:\program files\ICQToolbar
c:\program files\ICQToolbar\about.html
c:\program files\ICQToolbar\basis.xml
c:\program files\ICQToolbar\Dlg_Res.xml
c:\program files\ICQToolbar\download.html
c:\program files\ICQToolbar\Games.xml
c:\program files\ICQToolbar\games_button.xml
c:\program files\ICQToolbar\icons.bmp
c:\program files\ICQToolbar\loading.html
c:\program files\ICQToolbar\logo_small.gif
c:\program files\ICQToolbar\newversion.txt
c:\program files\ICQToolbar\tb_buttons.xml
c:\program files\ICQToolbar\tb_games.xml
c:\program files\ICQToolbar\tb_options.xml
c:\program files\ICQToolbar\toolbaru.crc
c:\program files\ICQToolbar\version.txt
C:\SZKGFS.dat
c:\windows\dsez8528.dat
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\_downloadprogress_.state
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\_unpacked_.state
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\_usedelta_.state
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\IE7-WindowsXP-KB969897-x86-CSY.psm
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\advpack.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\dxtmsft.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\dxtrans.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\extmgr.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\html.iec
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\icardie.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\ie4uinit.exe
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\ieakeng.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\ieaksie.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\ieakui.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\ieapfltr.dat
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\ieapfltr.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\iedkcs32.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\ieencode.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\ieframe.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\ieframe.dll.mui
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\iernonce.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\iertutil.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\ieudinit.exe
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\iexplore.exe
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\inetcpl.cpl
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\jsproxy.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\msfeeds.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\msfeedsbs.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\mshtml.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\mshtmled.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\msrating.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\mstime.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\occache.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\pngfilt.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\url.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\urlmon.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\webcheck.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3gdr\wininet.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\advpack.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\dxtmsft.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\dxtrans.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\extmgr.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\html.iec
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\icardie.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\ie4uinit.exe
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\ieakeng.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\ieaksie.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\ieakui.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\ieapfltr.dat
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\ieapfltr.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\iedkcs32.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\ieencode.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\ieframe.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\ieframe.dll.mui
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\iernonce.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\iertutil.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\ieudinit.exe
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\iexplore.exe
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\inetcpl.cpl
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\jsproxy.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\msfeeds.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\msfeedsbs.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\mshtml.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\mshtmled.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\msrating.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\mstime.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\occache.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\pngfilt.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\url.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\urlmon.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\webcheck.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\sp3qfe\wininet.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\spmsg.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\spuninst.exe
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\susdl.rq0
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\update\branches.inf
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\update\eula.txt
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\update\KB969897-IE7.cat
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\update\spcustom.dll
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\update\update.exe
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\update\update.url
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\update\update.ver
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\update\update_SP3GDR.inf
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\update\update_SP3QFE.inf
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\update\updatebr.inf
c:\windows\SoftwareDistribution\Download\8b06f2cd1e89558b4127cc090b6306c1\update\updspapi.dll
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\2T4hRF5q.jpg
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\54PLC4.jpg
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\AbDhd5.jpg
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Ew3kRvR.jpg
c:\windows\system32\drivers\kgpcpy.cfg

c:\windows\system32\drivers\cdrom.sys . . . chybí !!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-21 do 2010-03-21 )))))))))))))))))))))))))))))))
.

2010-03-20 22:38 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-20 22:38 . 2010-03-20 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-20 22:38 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-20 16:12 . 2010-03-20 16:12 -------- d-----w- C:\rsit
2010-03-20 09:31 . 2010-03-20 09:41 -------- d-----w- c:\program files\STOPzilla!
2010-03-20 09:31 . 2010-03-20 09:31 -------- d-----w- c:\program files\Common Files\iS3
2010-03-05 17:16 . 2010-03-05 17:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2010-03-05 17:14 . 2010-03-05 17:14 442368 ----a-r- c:\windows\system32\SZBase5.dll
2010-03-05 17:13 . 2010-03-05 17:13 540672 ----a-r- c:\windows\system32\SZComp5.dll
2010-02-24 14:06 . 2010-02-24 14:06 173328 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2010-02-22 21:51 . 2010-02-22 21:51 -------- d-----w- c:\program files\rajce

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 19:54 . 2010-03-21 19:54 288 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-03-05 20:30 . 2009-01-02 21:18 -------- d-----w- c:\program files\The KMPlayer
2010-02-15 17:16 . 2010-02-15 17:16 -------- d-----w- c:\program files\Software602
2008-01-24 21:26 . 2008-01-24 21:26 15496704 -c--a-w- c:\program files\0_solidconverterpdf.exe
2008-01-24 17:33 . 2008-01-24 16:43 194414768 -c--a-w- c:\program files\Nero-8.2.8.0_csy_trial.exe
2008-01-24 17:18 . 2008-01-24 16:49 61678444 -c--a-w- c:\program files\zps10_cz.exe
2008-01-03 21:48 . 2008-01-03 21:48 2155208 -c--a-w- c:\program files\tcmd702a.exe
2008-01-02 19:25 . 2008-01-02 19:24 13674640 -c--a-w- c:\program files\install_atlas_icq6.exe
2007-10-15 13:43 . 2007-10-15 13:38 23876904 -c--a-w- c:\program files\SkypeSetup.exe
2007-10-09 17:46 . 2007-10-09 17:45 12829368 -c--a-w- c:\program files\Install_ICQ6.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-03-21_12.51.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-30 18:19 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2007-10-08 17:15 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2007-10-08 17:15 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
- 2007-11-24 13:59 . 2007-11-30 12:39 18296 c:\windows\system32\spmsg.dll
+ 2007-11-24 13:59 . 2008-07-09 07:36 18296 c:\windows\system32\spmsg.dll
+ 2010-03-21 12:56 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-03-21 12:56 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 44544 c:\windows\system32\pngfilt.dll
- 2007-08-13 17:54 . 2009-02-20 17:13 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 17:54 . 2009-04-29 04:47 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 27648 c:\windows\system32\jsproxy.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 17:39 . 2009-04-28 09:04 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 17:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-17 13:49 . 2009-04-29 04:47 44544 c:\windows\system32\iernonce.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 44544 c:\windows\system32\iernonce.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 78336 c:\windows\system32\ieencode.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 78336 c:\windows\system32\ieencode.dll
- 2004-08-17 13:49 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-17 13:49 . 2009-04-28 09:04 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 17:36 . 2009-04-29 04:47 63488 c:\windows\system32\icardie.dll
- 2007-08-13 17:36 . 2009-02-20 17:13 63488 c:\windows\system32\icardie.dll
+ 2007-10-08 17:15 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-10-08 17:15 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
- 2004-08-17 13:49 . 2009-02-20 17:13 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-11-30 16:12 . 2009-02-20 17:13 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-11-30 16:12 . 2009-04-29 04:47 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-11-30 16:12 . 2009-04-28 09:04 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-11-30 16:12 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-17 13:49 . 2009-04-29 04:47 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-17 13:49 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-17 13:49 . 2009-04-28 09:04 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-11-30 16:12 . 2009-02-20 17:13 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-11-30 16:12 . 2009-04-29 04:47 63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-17 13:49 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-17 13:49 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 44544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 52224 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 27648 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll
+ 2010-03-21 12:55 . 2009-02-20 10:20 13824 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe
+ 2010-03-21 12:55 . 2009-02-20 17:13 44544 c:\windows\ie7updates\KB969897-IE7\iernonce.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 78336 c:\windows\ie7updates\KB969897-IE7\ieencode.dll
+ 2010-03-21 12:55 . 2009-02-20 10:20 70656 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe
+ 2010-03-21 12:55 . 2009-02-20 17:13 63488 c:\windows\ie7updates\KB969897-IE7\icardie.dll
+ 2010-03-21 12:55 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll
+ 2010-03-21 12:55 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB970238\spmsg.dll
+ 2010-03-21 12:55 . 2008-07-09 07:36 26488 c:\windows\$hf_mig$\KB969897-IE7\update\spcustom.dll
+ 2010-03-21 12:55 . 2008-07-09 07:36 18296 c:\windows\$hf_mig$\KB969897-IE7\spmsg.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 44544 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\pngfilt.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 52224 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msfeedsbs.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 27648 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\jsproxy.dll
+ 2009-04-28 09:54 . 2009-04-28 09:54 13824 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieudinit.exe
+ 2009-04-29 04:38 . 2009-04-29 04:38 44544 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iernonce.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 78336 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieencode.dll
+ 2009-04-28 09:54 . 2009-04-28 09:54 70656 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ie4uinit.exe
+ 2009-04-29 04:38 . 2009-04-29 04:38 63488 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\icardie.dll
+ 2010-03-21 12:54 . 2008-07-09 07:36 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll
+ 2010-03-21 12:54 . 2008-07-09 07:36 18296 c:\windows\$hf_mig$\KB968537\spmsg.dll
+ 2010-03-21 12:56 . 2008-07-09 07:36 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
+ 2010-03-21 12:56 . 2008-07-09 07:36 18296 c:\windows\$hf_mig$\KB961501\spmsg.dll
+ 2006-10-16 10:40 . 2009-04-15 09:55 358912 c:\windows\system32\xpsp3res.dll
- 2006-10-16 10:40 . 2008-02-15 22:03 358912 c:\windows\system32\xpsp3res.dll
+ 2007-10-08 17:15 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2007-10-08 17:15 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2007-10-08 17:15 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 827392 c:\windows\system32\wininet.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 233472 c:\windows\system32\webcheck.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 233472 c:\windows\system32\webcheck.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 105984 c:\windows\system32\url.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 105984 c:\windows\system32\url.dll
+ 2004-08-17 13:49 . 2009-04-15 15:18 584192 c:\windows\system32\rpcrt4.dll
- 2004-08-17 13:49 . 2007-07-09 13:11 584192 c:\windows\system32\rpcrt4.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 102912 c:\windows\system32\occache.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 102912 c:\windows\system32\occache.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 671232 c:\windows\system32\mstime.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 671232 c:\windows\system32\mstime.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 193024 c:\windows\system32\msrating.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 193024 c:\windows\system32\msrating.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 477696 c:\windows\system32\mshtmled.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-13 17:54 . 2009-04-29 04:47 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 17:54 . 2009-02-20 17:13 459264 c:\windows\system32\msfeeds.dll
+ 2004-08-17 13:49 . 2009-05-07 15:44 345088 c:\windows\system32\localspl.dll
+ 2007-08-13 17:34 . 2009-04-29 04:47 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 17:34 . 2009-02-20 17:13 268288 c:\windows\system32\iertutil.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 385024 c:\windows\system32\iedkcs32.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 11:27 . 2009-02-20 17:13 383488 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 11:27 . 2009-04-29 04:47 383488 c:\windows\system32\ieapfltr.dll
+ 2001-10-25 14:00 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
- 2001-10-25 14:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 153088 c:\windows\system32\ieakeng.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 153088 c:\windows\system32\ieakeng.dll
- 2007-10-08 18:58 . 2009-06-10 10:12 210488 c:\windows\system32\FNTCACHE.DAT
+ 2007-10-08 18:58 . 2010-03-21 13:22 210488 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-17 13:49 . 2009-04-29 04:47 133120 c:\windows\system32\extmgr.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 133120 c:\windows\system32\extmgr.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 214528 c:\windows\system32\dxtrans.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 214528 c:\windows\system32\dxtrans.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 347136 c:\windows\system32\dxtmsft.dll
+ 2007-10-08 17:15 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-10-08 17:15 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-10-08 17:15 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 827392 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-17 13:49 . 2007-07-09 13:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-17 13:49 . 2009-04-15 15:18 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-11-30 16:12 . 2009-02-20 17:13 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-11-30 16:12 . 2009-04-29 04:47 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2004-08-17 13:49 . 2009-05-07 15:44 345088 c:\windows\system32\dllcache\localspl.dll
+ 2007-10-08 17:14 . 2009-04-25 05:27 636088 c:\windows\system32\dllcache\iexplore.exe
- 2007-11-30 16:12 . 2009-02-20 17:13 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-11-30 16:12 . 2009-04-29 04:47 268288 c:\windows\system32\dllcache\iertutil.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-11-30 16:12 . 2009-04-29 04:47 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-11-30 16:12 . 2009-02-20 17:13 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2001-10-25 14:00 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2001-10-25 14:00 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 124928 c:\windows\system32\advpack.dll
- 2004-08-17 13:49 . 2009-02-20 17:13 124928 c:\windows\system32\advpack.dll
+ 2010-03-21 12:55 . 2009-03-03 00:14 826368 c:\windows\ie7updates\KB969897-IE7\wininet.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 233472 c:\windows\ie7updates\KB969897-IE7\webcheck.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 105984 c:\windows\ie7updates\KB969897-IE7\url.dll
+ 2010-03-21 12:55 . 2008-07-09 07:36 391032 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll
+ 2010-03-21 12:55 . 2008-07-09 07:36 233848 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe
+ 2010-03-21 12:55 . 2009-02-20 17:13 102912 c:\windows\ie7updates\KB969897-IE7\occache.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 671232 c:\windows\ie7updates\KB969897-IE7\mstime.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 193024 c:\windows\ie7updates\KB969897-IE7\msrating.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 477696 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 459264 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll
+ 2010-03-21 12:55 . 2009-02-28 04:54 636072 c:\windows\ie7updates\KB969897-IE7\iexplore.exe
+ 2010-03-21 12:55 . 2009-02-20 17:13 268288 c:\windows\ie7updates\KB969897-IE7\iertutil.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 385024 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 383488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll
+ 2010-03-21 12:55 . 2009-02-20 05:14 161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 230400 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 153088 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 133120 c:\windows\ie7updates\KB969897-IE7\extmgr.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 347136 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 124928 c:\windows\ie7updates\KB969897-IE7\advpack.dll
+ 2010-03-21 12:55 . 2007-11-30 12:39 391032 c:\windows\$hf_mig$\KB970238\update\updspapi.dll
+ 2010-03-21 12:55 . 2007-11-30 12:39 759160 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2010-03-21 12:55 . 2007-11-30 12:39 233848 c:\windows\$hf_mig$\KB970238\spuninst.exe
+ 2009-04-15 15:25 . 2009-04-15 15:25 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll
+ 2009-04-15 14:54 . 2009-04-15 14:54 585216 c:\windows\$hf_mig$\KB970238\SP3GDR\rpcrt4.dll
+ 2009-04-15 09:55 . 2009-04-15 09:55 358912 c:\windows\$hf_mig$\KB970238\SP2QFE\spru0405.dll
+ 2009-04-15 15:31 . 2009-04-15 15:31 583168 c:\windows\$hf_mig$\KB970238\SP2QFE\rpcrt4.dll
+ 2010-03-21 12:55 . 2008-07-09 07:36 391032 c:\windows\$hf_mig$\KB969897-IE7\update\updspapi.dll
+ 2010-03-21 12:55 . 2008-07-09 07:36 759160 c:\windows\$hf_mig$\KB969897-IE7\update\update.exe
+ 2010-03-21 12:55 . 2008-07-09 07:36 233848 c:\windows\$hf_mig$\KB969897-IE7\spuninst.exe
+ 2009-04-29 04:38 . 2009-04-29 04:38 828928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 233472 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\webcheck.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 105984 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\url.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 102912 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\occache.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 671232 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mstime.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 193024 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msrating.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 477696 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtmled.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 459264 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msfeeds.dll
+ 2009-04-25 05:27 . 2009-04-25 05:27 636088 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
+ 2009-04-29 04:38 . 2009-04-29 04:38 268288 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iertutil.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 388608 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iedkcs32.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 380928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieapfltr.dll
+ 2009-04-25 05:26 . 2009-04-25 05:26 161792 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieakui.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 230400 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieaksie.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 153088 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieakeng.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 132608 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\extmgr.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 214528 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\dxtrans.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 347136 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\dxtmsft.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 124928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\advpack.dll
+ 2010-03-21 12:54 . 2008-07-09 07:36 391032 c:\windows\$hf_mig$\KB968537\update\updspapi.dll
+ 2010-03-21 12:54 . 2008-07-09 07:36 759160 c:\windows\$hf_mig$\KB968537\update\update.exe
+ 2010-03-21 12:54 . 2008-07-09 07:36 233848 c:\windows\$hf_mig$\KB968537\spuninst.exe
+ 2010-03-21 12:56 . 2008-07-09 07:36 391032 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
+ 2010-03-21 12:56 . 2008-07-09 07:36 759160 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2010-03-21 12:56 . 2008-07-09 07:36 233848 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2009-05-07 15:16 . 2009-05-07 15:16 347136 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
+ 2009-05-07 15:33 . 2009-05-07 15:33 346624 c:\windows\$hf_mig$\KB961501\SP3GDR\localspl.dll
+ 2009-05-07 15:31 . 2009-05-07 15:31 347136 c:\windows\$hf_mig$\KB961501\SP2QFE\localspl.dll
+ 2007-10-08 17:15 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-17 13:44 . 2009-04-19 20:11 1846656 c:\windows\system32\win32k.sys
+ 2004-08-17 13:49 . 2009-04-29 04:47 1159680 c:\windows\system32\urlmon.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 3596288 c:\windows\system32\mshtml.dll
+ 2007-08-13 17:54 . 2009-04-29 04:47 6066176 c:\windows\system32\ieframe.dll
- 2007-08-13 17:54 . 2009-02-20 17:13 6066176 c:\windows\system32\ieframe.dll
+ 2007-10-08 17:15 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-17 13:44 . 2009-04-19 20:11 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-17 13:49 . 2009-04-29 04:47 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-17 13:49 . 2009-04-29 04:47 3596288 c:\windows\system32\dllcache\mshtml.dll
- 2007-11-30 16:12 . 2009-02-20 17:13 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2007-11-30 16:12 . 2009-04-29 04:47 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 1160192 c:\windows\ie7updates\KB969897-IE7\urlmon.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 3595264 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
+ 2010-03-21 12:55 . 2009-02-20 17:13 6066176 c:\windows\ie7updates\KB969897-IE7\ieframe.dll
+ 2010-03-21 12:55 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat
+ 2009-04-29 04:38 . 2009-04-29 04:38 1163264 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\urlmon.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 3598336 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
+ 2009-04-29 04:38 . 2009-04-29 04:38 6069248 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieframe.dll
+ 2009-06-10 10:21 . 2008-07-09 14:25 2455488 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieapfltr.dat
+ 2009-04-19 19:44 . 2009-04-19 19:44 1847808 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys
+ 2009-04-19 19:52 . 2009-04-19 19:52 1847168 c:\windows\$hf_mig$\KB968537\SP3GDR\win32k.sys
+ 2009-04-19 19:58 . 2009-04-19 19:58 1847936 c:\windows\$hf_mig$\KB968537\SP2QFE\win32k.sys
+ 2007-11-30 16:07 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-30 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-30 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-30 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-03-29 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
"TPSMain"="TPSMain.exe" [2006-03-21 299008]
"TPSODDCtl"="TPSODDCtl.exe" [2006-03-21 102400]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-08-31 102400]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2007-10-8 155648]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-10-8 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 15:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosA2dp.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHid.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHSP.exe"=
"c:\\Program Files\\The KMPlayer\\KMPlayer.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\WINDOWS\\system32\\00THotkey.exe"=
"c:\\Program Files\\Apoint2K\\Apoint.exe"=
"c:\\WINDOWS\\AGRSMMSG.exe"=
"c:\\WINDOWS\\system32\\TPSMain.exe"=
"c:\\WINDOWS\\system32\\TPSODDCtl.exe"=
"c:\\WINDOWS\\system32\\thpsrv.exe"=
"c:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"=
"c:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"c:\\Program Files\\TOSHIBA\\TOSHIBA Controls\\TFncKy.exe"=
"c:\\Program Files\\TOSHIBA\\Wireless Hotkey\\TosHKCW.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFSServ.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe"=
"c:\\Program Files\\Protector Suite QL\\psqltray.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE4\\OpwareSE4.exe"=
"c:\\WINDOWS\\system32\\TPSBattM.exe"=
"c:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe"=
"c:\\Program Files\\Apoint2K\\Apntex.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtMng.exe"=
"c:\\WINDOWS\\system32\\RAMASST.exe"=
"c:\\Program Files\\WinZip\\WZQKPICK.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [7.12.2009 17:59 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [24.2.2010 15:06 173328]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [27.12.2004 22:31 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [8.10.2007 19:14 6144]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5.5.2006 17:00 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5.5.2006 16:59 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5.5.2006 16:33 3456]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [7.12.2009 17:59 61328]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [15.2.2009 14:18 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [15.2.2009 14:18 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [15.2.2009 14:18 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [15.2.2009 14:18 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [15.2.2009 14:18 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [15.2.2009 14:18 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [15.2.2009 14:18 109952]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B8FB684D-9891-41B5-BAC9-DE6D0AC61C13} = 212.158.128.2,212.158.128.3
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 20:54
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll

- - - - - - - > 'explorer.exe'(2728)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\TPSODDCtl.exe
c:\windows\system32\thpsrv.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
.
**************************************************************************
.
Celkový čas: 2010-03-21 20:58:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-21 19:58
ComboFix2.txt 2010-03-21 12:55

Před spuštěním: 1 373 900 800
Po spuštění: 1 344 897 024

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 674A15589615B051F6FDB53B57C5A026

Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je A4E0-5353.

Výpis adresáře C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee

13.04.2008 19:40 62 976 cdrom.sys
1 souborů, 62 976 bajtů

Problém se Security Tool.

Re: Problém se Security Tool.

Re: Problém se Security Tool.

Re: Problém se Security Tool.

Re: Problém se Security Tool.

Re: Problém se Security Tool.

Re: Problém se Security Tool.

Re: Problém se Security Tool.

Re: Problém se Security Tool.

Re: Problém se Security Tool.

Re: Problém se Security Tool.

Re: Problém se Security Tool.

Re: Problém se Security Tool.

Kdo je online