Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Virů jak nastláno...

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
pitimir
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 479
Registrován: 18 čer 2008 17:54
Bydliště: Šutrovec
Kontaktovat uživatele:
Kontaktovat uživatele pitimir

Re: Virů jak nastláno...

#31 Příspěvek od pitimir »

Potom, zatial nie je dovod...teraz zas sup ku ComboFixu:

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
File::
C:\Program Files\QIP\qip.exe
c:\windows\vsnpstd3.exe

RenV::
C:\Program Files\QIP\qip .exe
C:\Program Files\QIP\qip .exe
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém: :!:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Nahoru
hoskinson
Návštěvník
Návštěvník
Příspěvky: 55
Registrován: 03 čer 2007 11:04

Re: Virů jak nastláno...

#32 Příspěvek od hoskinson »

ComboFix 10-01-02.04 - me 09.01.2010 15:58:44.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.471 [GMT 1:00]
Spuštěný z: c:\documents and settings\me\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\me\Plocha\CFScript.txt.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\program files\QIP\qip.exe"
"c:\windows\vsnpstd3.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\WEBELE~1\WEBGra~1.exe
c:\program files\QIP\qip.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\dxdllreg .exe
c:\windows\vsnpstd3.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-09 do 2010-01-09 )))))))))))))))))))))))))))))))
.

2010-01-09 14:55 . 2010-01-09 14:58 40960 ----a-w- c:\windows\system32\dxdllreg.exe
2010-01-09 14:53 . 2010-01-09 14:53 40960 ----a-w- c:\documents and settings\me\ati2mdxx.exe
2010-01-09 14:49 . 2010-01-09 14:49 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-01-09 14:47 . 2005-09-21 20:15 516096 ------w- c:\windows\system32\ati2sgag.exe
2010-01-09 14:47 . 2005-09-21 17:23 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2010-01-09 14:46 . 2010-01-09 14:50 -------- d-----w- c:\program files\ATI Technologies
2010-01-09 14:43 . 2005-09-06 08:04 104373 ----a-r- c:\windows\system32\atiicdxx.dat
2010-01-09 13:32 . 2010-01-09 15:02 -------- d-----w- c:\program files\WEB ELEMENTS Deluxe Website Design Graphics Collection
2010-01-03 19:11 . 2010-01-03 19:11 -------- d-----w- C:\My Website
2010-01-03 17:43 . 2010-01-03 17:43 -------- d-sh--w- c:\windows\ftpcache
2010-01-03 17:42 . 2010-01-03 17:46 -------- d-----w- c:\program files\HTMLPad 2008
2010-01-03 12:11 . 2010-01-03 12:11 -------- d-----w- c:\program files\CCleaner
2010-01-02 17:45 . 2010-01-02 18:13 -------- d-----w- c:\documents and settings\me\DoctorWeb
2010-01-01 20:28 . 2010-01-03 19:16 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution
2010-01-01 20:00 . 2010-01-01 19:59 737280 ----a-w- c:\windows\iun6002.exe
2010-01-01 13:36 . 2010-01-01 14:10 -------- d-----w- C:\MyWebSite
2009-12-31 16:34 . 2009-12-31 16:34 -------- d-----w- c:\program files\kompozer-0.7.10-win32
2009-12-29 20:49 . 2009-12-29 20:49 -------- d-----w- c:\program files\WinPcap
2009-12-29 20:48 . 2009-12-29 20:49 -------- d-----w- c:\program files\Wireshark
2009-12-29 11:06 . 2009-12-29 11:07 -------- d-----w- c:\program files\tcpview
2009-12-28 21:55 . 2009-12-28 21:56 -------- d-----w- c:\program files\Seznam DVD 2008
2009-12-28 21:13 . 2009-12-28 21:13 -------- d-----w- c:\documents and settings\me\Seznam DVD
2009-12-26 16:13 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-17 15:40 . 2009-12-17 15:40 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-17 15:40 . 2009-12-17 15:40 -------- d-----w- c:\program files\Western Digital
2009-12-17 15:25 . 2009-02-13 11:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2009-12-15 16:13 . 2009-12-15 16:53 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\MSBuild
2009-12-13 09:45 . 2009-12-15 16:15 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\Reference Assemblies
2009-12-13 09:45 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-13 09:44 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-12 19:51 . 2010-01-09 09:54 -------- d-----w- c:\program files\HDD Health
2009-12-12 19:27 . 2009-11-13 11:23 32824 ----a-w- c:\windows\system32\rrMon.sys
2009-12-12 18:42 . 2005-02-11 09:24 6144 ----a-r- c:\windows\system32\drivers\k750cm.sys
2009-12-12 18:41 . 2005-02-11 09:19 5744 ----a-r- c:\windows\system32\drivers\k750wh.sys
2009-12-12 18:34 . 2009-12-12 19:35 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-12-12 18:30 . 2009-12-12 18:30 -------- d-----w- c:\windows\Downloaded Installations
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\me\data aplikac?­
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\All Users\data aplikac?­

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 15:04 . 2009-11-28 11:55 -------- d-----w- c:\program files\QIP
2010-01-09 14:58 . 2010-01-09 14:55 40960 ----a-w- c:\windows\system32\dxdllreg .exe
2010-01-09 14:47 . 2009-11-26 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-09 09:54 . 2009-11-28 12:10 -------- d---a-w- c:\program files\NetMeter
2010-01-09 09:54 . 2009-11-28 12:08 -------- d---a-w- c:\program files\MemInfo
2010-01-03 17:10 . 2009-12-06 11:57 -------- d-----w- c:\program files\AAALOGO2009.1
2010-01-01 12:36 . 2009-12-01 20:31 -------- d-----w- c:\program files\Nvu
2009-12-30 19:52 . 2009-11-28 12:05 -------- d---a-w- c:\program files\LFS
2009-12-29 12:10 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-12-29 12:10 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2009-12-28 20:08 . 2009-11-29 09:00 -------- d-----w- c:\program files\DiskBase
2009-12-24 13:06 . 2009-11-28 16:34 -------- d-----w- c:\program files\DreamCom
2009-12-16 19:39 . 2009-11-28 18:20 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-12-12 18:34 . 2009-11-28 16:09 -------- d-----w- c:\program files\Sony Ericsson
2009-12-12 18:16 . 2009-11-29 19:49 -------- d-----w- c:\program files\Google
2009-12-12 14:42 . 2009-11-30 18:49 -------- d-----w- c:\program files\MyPhoneExplorer
2009-12-10 17:49 . 2009-11-28 20:13 -------- d-----w- c:\program files\The KMPlayer
2009-12-08 19:47 . 2009-11-28 16:27 -------- d-----w- c:\program files\AMP Font Viewer
2009-12-08 07:55 . 2009-12-08 07:55 -------- d-----w- c:\program files\FreeRapid-0.83
2009-12-08 06:53 . 2009-12-06 12:13 -------- d-----w- c:\program files\Common Files\BinarySense
2009-12-07 13:49 . 2009-12-07 13:46 -------- d-----w- c:\program files\VB Colour Picker
2009-12-06 13:41 . 2009-11-28 16:13 -------- d-----w- c:\program files\Opera USB
2009-12-03 20:06 . 2009-12-03 20:06 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-03 13:19 . 2009-12-03 13:17 -------- d-----w- c:\program files\UltraISO
2009-12-03 13:17 . 2009-12-03 13:17 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-02 20:12 . 2009-11-29 08:33 -------- d-----w- c:\program files\MSI
2009-12-02 20:09 . 2009-12-02 20:09 -------- d-----w- c:\program files\Common Files\snpstd3
2009-12-02 19:29 . 2009-12-02 19:23 -------- d-----w- c:\program files\TechSmith
2009-12-02 17:16 . 2009-11-28 12:57 294912 ----a-w- c:\windows\TrnWord.dll
2009-12-02 17:16 . 2009-11-28 12:57 356352 ----a-w- c:\windows\TrnOutl.dll
2009-12-02 17:16 . 2009-11-28 12:57 45056 ----a-w- c:\windows\TRNOEH.DLL
2009-12-02 17:16 . 2009-11-28 12:57 26624 ----a-w- c:\windows\OETRN.EXE
2009-12-02 17:16 . 2009-11-28 12:57 200704 ----a-w- c:\windows\TRNOET.DLL
2009-12-02 17:16 . 2009-11-29 11:05 -------- d-----w- c:\program files\PC Translator
2009-12-02 17:06 . 2009-11-28 13:01 -------- d-----w- c:\program files\Topfield
2009-11-30 20:18 . 2009-11-30 20:14 -------- d-----w- c:\program files\Womble Multimedia
2009-11-30 19:25 . 2009-11-30 19:25 -------- d-----w- c:\program files\Avanquest
2009-11-30 18:14 . 2009-11-28 12:18 -------- d---a-w- c:\program files\The Ultimate File Splitter 1.0
2009-11-30 18:13 . 2009-11-30 18:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-30 18:13 . 2009-11-28 11:17 -------- d-----w- c:\program files\Java
2009-11-30 18:06 . 2009-11-28 12:16 -------- d---a-w- c:\program files\ShellExView
2009-11-30 18:04 . 2009-11-30 18:04 -------- d-----w- c:\program files\Skype
2009-11-30 18:00 . 2009-11-30 18:00 -------- d-----w- c:\program files\Samsung
2009-11-30 17:59 . 2009-11-28 16:20 -------- d---a-w- c:\program files\RealDrawPRO4
2009-11-30 17:53 . 2009-11-28 16:20 -------- d-----w- c:\program files\pravitko
2009-11-30 17:41 . 2009-11-28 12:08 -------- d-----w- c:\program files\MediaCoder
2009-11-30 17:38 . 2009-11-28 16:19 -------- d---a-w- c:\program files\LiknoWebButtonMakerFree
2009-11-30 17:37 . 2009-11-28 12:05 -------- d---a-w- c:\program files\lexikon
2009-11-30 17:28 . 2009-11-28 12:02 -------- d---a-r- c:\program files\GSpot
2009-11-30 17:04 . 2009-11-28 16:19 -------- d---a-w- c:\program files\FileZilla FTP Client
2009-11-30 17:03 . 2009-11-28 12:00 -------- d---a-w- c:\program files\EvilLyrics
2009-11-30 17:00 . 2009-11-28 12:00 -------- d-----w- c:\program files\DVDFab Decrypter 3
2009-11-30 16:59 . 2009-11-28 12:00 -------- d---a-w- c:\program files\DVD Decrypter
2009-11-30 16:48 . 2009-11-28 18:02 -------- d-----w- c:\program files\Internet Download Manager
2009-11-30 15:51 . 2009-11-30 15:51 2331008 ----a-w- c:\windows\system32\TUKernel.exe
2009-11-29 20:37 . 2009-11-28 11:57 -------- d-----w- c:\program files\Cedulky
2009-11-29 20:36 . 2009-11-28 16:11 -------- d-----w- c:\program files\Caricature Studio 3.0
2009-11-29 20:33 . 2009-11-29 20:33 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-11-29 20:33 . 2009-11-29 20:33 2944 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-11-29 20:33 . 2009-11-29 20:33 27776 ----a-w- c:\windows\system32\bbcap.dll
2009-11-29 20:29 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Avidemux 2.4
2009-11-29 20:28 . 2009-11-29 20:27 -------- d-----w- c:\program files\AutoGK
2009-11-29 20:27 . 2009-11-29 20:27 43602 ----a-w- c:\windows\system32\xvid-uninstall.exe
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\Gabest
2009-11-29 20:26 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Audacity
2009-11-29 19:46 . 2009-11-28 11:14 -------- d---a-w- c:\program files\DVD Shrink
2009-11-29 17:50 . 2009-11-29 17:50 -------- d-----w- c:\program files\Microsoft.NET
2009-11-29 14:54 . 2009-11-29 14:51 -------- d-----w- c:\program files\linguatec
2009-11-29 10:52 . 2009-11-29 10:52 -------- d-----w- c:\program files\MSXML 4.0
2009-11-29 10:30 . 2009-11-29 10:12 -------- d-----w- c:\program files\Zoner
2009-11-29 08:28 . 2009-11-29 08:23 -------- d-----w- c:\program files\ASUS
2009-11-29 08:14 . 2009-11-29 07:52 113335 ----a-w- c:\windows\hpoins07.dat
2009-11-29 08:10 . 2009-11-29 08:10 -------- d-----w- c:\program files\Common Files\HP
2009-11-29 08:10 . 2009-11-29 07:57 -------- d-----w- c:\program files\HP
2009-11-29 08:09 . 2009-11-29 08:09 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-29 08:07 . 2009-11-29 08:07 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-11-28 22:06 . 2009-11-28 21:59 -------- d-----w- c:\program files\Nero
2009-11-28 22:01 . 2009-11-28 21:59 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 20:10 . 2009-11-28 20:10 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-28 18:56 . 2009-11-28 18:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 16:19 . 2009-11-28 16:19 -------- d-----w- c:\program files\CardTest
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostscript
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostgum
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\DComSoft
2009-11-28 15:26 . 2009-11-28 15:23 -------- d-----w- c:\program files\OO Software
2009-11-28 14:48 . 2009-11-26 18:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 14:44 . 2009-11-28 14:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-28 14:15 . 2009-11-28 13:47 -------- d-----w- c:\program files\ICQ6.5
2009-11-28 13:46 . 2009-11-28 11:55 -------- d-----w- c:\program files\ICQ6
2009-11-28 13:30 . 2009-11-28 11:37 -------- d-----w- c:\program files\Symantec
2009-11-28 13:30 . 2009-11-28 11:37 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-28 13:30 . 2009-11-28 11:37 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-28 13:30 . 2009-11-28 11:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-28 13:30 . 2009-11-28 11:37 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-28 12:57 . 2009-11-28 12:57 491520 ----a-w- c:\windows\WebIE.dll
2009-11-28 12:20 . 2009-11-28 12:00 -------- d-----w- c:\program files\Diagnostika HDD
2009-11-28 12:16 . 2009-11-28 12:16 -------- d-----w- c:\program files\Smart PC Solutions
2009-11-28 11:57 . 2009-11-28 11:57 -------- d-----w- c:\program files\Calculator
2009-11-28 11:46 . 2009-11-28 11:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
.

Kód: Vybrat vše

<pre>
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\QIP\qip                   .exe
c:\program files\QIP\qip                  .exe
c:\windows\system32\dxdllreg .exe
</pre>
((((((((((((((((((((((((((((( SnapShot@2010-01-03_12.51.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-09 15:04 . 2010-01-09 15:04 16384 c:\windows\Temp\Perflib_Perfdata_5c0.dat
+ 2010-01-09 14:55 . 2010-01-09 14:55 16384 c:\windows\Temp\Perflib_Perfdata_19c.dat
+ 2010-01-09 14:47 . 2005-09-21 14:54 73728 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Oemdspif.dll
+ 2010-01-09 14:47 . 2001-11-09 03:01 24064 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativcoxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:04 17408 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atitvo32.dll
+ 2010-01-09 14:47 . 2005-09-21 14:52 53248 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDDC.DLL
+ 2010-01-09 14:47 . 2005-09-21 14:54 25088 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Ati2mdxx.exe
+ 2010-01-09 14:47 . 2005-09-21 14:54 46080 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:05 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2erec.dll
+ 2010-01-09 14:47 . 2005-09-21 14:54 39936 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2edxx.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 32768 c:\windows\system32\dllcache\ativtmxx.dll
- 2008-04-14 03:21 . 2008-04-14 03:21 32768 c:\windows\system32\ativtmxx.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 32768 c:\windows\system32\ativtmxx.dll
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut5_A0E145F55ACF4AF1A273244121F5A8BA.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut5_A0E145F55ACF4AF1A273244121F5A8BA.exe
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut3_D5D4D9CBC85D4CA8AA2EA6AA4F123F20.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut3_D5D4D9CBC85D4CA8AA2EA6AA4F123F20.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut1_08ED310EBCB045CE8C3E405A81A28F9C.exe
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut1_08ED310EBCB045CE8C3E405A81A28F9C.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\ARPPRODUCTICON.exe
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\ARPPRODUCTICON.exe
+ 2010-01-09 14:47 . 2005-09-21 14:40 600672 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativvaxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:54 106496 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atipdlxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:27 147456 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atikvmag.dll
+ 2010-01-09 14:47 . 2005-09-21 17:23 307200 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiiiexx.dll
+ 2010-01-09 14:47 . 2005-09-06 08:04 104373 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiicdxx.dat
+ 2010-01-09 14:47 . 2005-09-21 16:48 258048 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDEMGR.dll
+ 2010-01-09 14:47 . 2005-09-21 14:53 376832 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.exe
+ 2010-01-09 14:47 . 2005-09-21 14:59 238592 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2dvag.dll
+ 2010-01-09 14:47 . 2005-09-21 13:59 233472 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2cqag.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 870784 c:\windows\system32\dllcache\ati3d1ag.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 377984 c:\windows\system32\dllcache\ati2dvaa.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 870784 c:\windows\system32\ati3d1ag.dll
- 2008-04-14 03:21 . 2008-04-14 03:21 870784 c:\windows\system32\ati3d1ag.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 377984 c:\windows\system32\ati2dvaa.dll
- 2008-04-14 03:21 . 2008-04-14 03:21 377984 c:\windows\system32\ati2dvaa.dll
+ 2010-01-09 14:49 . 2010-01-09 14:49 923136 c:\windows\Installer\59364.msi
+ 2010-01-09 14:47 . 2005-09-21 15:13 4718592 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglxx.dll
+ 2010-01-09 14:47 . 2005-09-21 16:13 6684672 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglx1.dll
+ 2010-01-09 14:47 . 2005-09-21 14:45 2429984 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati3duag.dll
+ 2010-01-09 14:47 . 2005-09-21 14:59 1334784 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2mtag.sys
+ 2010-01-09 14:52 . 2010-01-09 14:52 15331840 c:\windows\Installer\59371.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"="c:\program files\qip\qip .exe" [2010-01-09 40960]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [2010-01-09 40960]
"DXDllRegExe"="c:\windows\system32\dxdllreg.exe" [2010-01-09 40960]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2010-01-09 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\cli .exe [2005-9-22 57344]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"OEXPRESS"=c:\windows\OETRN.EXE
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"ASUSTeKRCAppl"=c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe
"QIP2005"=c:\program files\QIP\qip .exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"OODefragTray"=c:\windows\system32\oodtray.exe
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"tsnpstd3"=c:\windows\tsnpstd3.exe
"Adobe_Reader"=c:\program files\internet explorer\wmpscfgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [28.11.2009 14:30 310320]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [29.11.2009 21:33 2944]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [28.11.2009 14:30 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [28.11.2009 14:30 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys [6.1.2010 16:46 329592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [28.11.2009 14:30 117640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [29.11.2009 9:23 2825088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.12.2009 21:31 102448]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
S3 pbfilter;pbfilter;\??\c:\program files\Peerblock\pbfilter.sys --> c:\program files\Peerblock\pbfilter.sys [?]
S3 TfBulk;TfBulk;c:\windows\system32\drivers\TfBulk.SYS [31.5.2007 21:11 13312]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.12.2009 16:25 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.12.2009 21:06 717296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-08 c:\windows\Tasks\Automatic maintenance.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2009-10-29 19:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-09 16:05
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1606980848-57989841-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="38D140A9C8AA2DD0A9B3839FED7894F6A768EFF07D5F3B942D0054CD2522FA393796A30010953ED4E27A0D380E36D63319A016A1CB7C6832CFE85949938D675858B4BE5FAC359C34BCC6513637B4C78CAD7DA39FAE5EC15F05523E12E301BD34CE3127A79DA68FBD6B9A705E3B1F0746BC9DDCB5685CDE7564151196E7A12FDA93C0D50C697C7E53E8A86CC76E93D8B8DDD1700240C27BE0C7C0C719788691EB6252A81498BAF8EBF1DA2BE12BA5224E711FEAF58051F820CE1839B171BEDC1EBA03E09C365EB09087CC78EA4F5CEE8618C0C15678BCD84A5C90A3C831CB2FB8E0A7A3D4D454FB61EFCE00F73CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DFEBC9E127BECC74C3B060D50980065913945AF4169ABFAC48E096D6F9E618E3074F761E2A2E07A02B0E13CA95E35C926D2876A746242FB75C17503C45B71A5641771062E51D9504ECA70EEA2C40B39CA312615CE0B5AD593C81BDB8F07452FFAD25932E7AD6989F3C226E61658015B277ACEC32E6BF61518557F014CC98C3F5F07AF85CD19885FEEC49CF8A4D7F7AA67C65421B43F851A818ECE133E7BDB3C8187193563AA125A3F73909033B6B3F83E262CEC45F8531BD00FD745EAAAA85CD11DDD09F12C47D967E2E2A8699DDF685D1970F6893B119F8BE78CDE1D17CE314704E8DC021E4C12EF1D1952336788F101975E28EF5FD784BC1A85BB63380E1ADD6B4A21E2302B08E31D5AB441A22060630958F8A97121FA709D7B498EB78A4E937836D929CA4E1853D6F4870793FAD3C4CE64F72AB2CA07B75C4E8D35F04AD6EAC18420AA0807EF512C5A98BDB2D2C06B372C48AC179703AAB6821DB177B991EA54322083360991F6781DC9DF2A45ED9F0B7E202C48AD1A61003CA4A21127AF9D2FDC1A1358EDD5DD87F8102FDAD3772D834B486BA197CD797D48E269B4C7B81248C9E07BA4B067A89AC974AF57634D65CDA921EFB3C4F2956B152CAC92B184DB85615E258533C2F6668E93A8E6BDB39C8D541B01C28532DAF7B466570BE04210C3AD0E3919393C73156FA0270511C12C57A73D2CC89108F1485F8D953433F2C854E08129336AFA49C333DE7AE2ECE2EFB5272244F0044689F06F315AD6EDEC28F8CCDB275954F82781472837E14757C8A777F65D9B5910D2FDE3F3DC70B7D94CEAEAD52A47E60542553CE9359A7B339C9DE10050DEF55F84EE5F0E16339CB6DFD6D63A6C6A76C25137C726115944DDD17E56913B021E00D6B4A849C4840BD50BDB4F6B6EE43B280F1542F0AB1C4593D5A465967E817E9409B92B07EA7D575DFC8DB95CF30DD1003C4E2874279682639ADB450E3F0FA38FDAD575B84EEC38C6E8749D96826F3AE81C3A1BED"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3836)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\oodag.exe
c:\program files\internet explorer\wmpscfgs .exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\docume~1\me\locals~1\temp\wmpscfgs.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-09 16:08:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-09 15:08
ComboFix2.txt 2010-01-09 10:05
ComboFix3.txt 2010-01-08 18:56
ComboFix4.txt 2010-01-03 19:32
ComboFix5.txt 2010-01-09 14:57

Před spuštěním: Volných bajtů: 236 455 170 048
Po spuštění: Volných bajtů: 236 423 442 432

- - End Of File - - 8BB16DC3CFB66AEAAD27495E43B580C7
Nahoru
pitimir
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 479
Registrován: 18 čer 2008 17:54
Bydliště: Šutrovec
Kontaktovat uživatele:
Kontaktovat uživatele pitimir

Re: Virů jak nastláno...

#33 Příspěvek od pitimir »

GRRRRRRRRRRRRRR :evil:
Zabijal by som, hlavne ked zo mna haved robi somara, tak ako v tomto pripade...
Ten sviniar sa hra na schovavacku - jednu polozku zmazeme a dalsie sa obnovia.

Novy skript pre CF...

Kód: Vybrat vše

KillAll::
RenV::
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\QIP\qip                   .exe
c:\program files\QIP\qip                  .exe
c:\windows\system32\dxdllreg .exe
c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe
c:\program files\QIP\qip .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\windows\system32\dxdllreg .exe

File::
c:\program files\internet explorer\wmpscfgs.exe
c:\program files\Internet Explorer\wmpscfgs .exe
c:\windows\system32\dxdllreg.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\documents and settings\me\ati2mdxx.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe_Reader"=-
"DXDllRegExe"=-
"ATICCC"=-
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém: :!:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Nahoru
hoskinson
Návštěvník
Návštěvník
Příspěvky: 55
Registrován: 03 čer 2007 11:04

Re: Virů jak nastláno...

#34 Příspěvek od hoskinson »

ComboFix 10-01-02.04 - me 09.01.2010 17:58:29.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.507 [GMT 1:00]
Spuštěný z: c:\documents and settings\me\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\me\Plocha\CFScript.txt.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\documents and settings\me\ati2mdxx.exe"
"c:\program files\ATI Technologies\ATI.ACE\cli.exe"
"c:\program files\Internet Explorer\wmpscfgs .exe"
"c:\program files\internet explorer\wmpscfgs.exe"
"c:\windows\system32\dxdllreg.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\me\ati2mdxx.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\internet explorer\wmpscfgs.exe
c:\windows\system32\dxdllreg.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-09 do 2010-01-09 )))))))))))))))))))))))))))))))
.

2010-01-09 14:49 . 2010-01-09 14:49 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-01-09 14:47 . 2005-09-21 20:15 516096 ------w- c:\windows\system32\ati2sgag.exe
2010-01-09 14:47 . 2005-09-21 17:23 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2010-01-09 14:46 . 2010-01-09 14:50 -------- d-----w- c:\program files\ATI Technologies
2010-01-09 14:43 . 2005-09-06 08:04 104373 ----a-r- c:\windows\system32\atiicdxx.dat
2010-01-09 13:32 . 2010-01-09 15:02 -------- d-----w- c:\program files\WEB ELEMENTS Deluxe Website Design Graphics Collection
2010-01-03 19:11 . 2010-01-03 19:11 -------- d-----w- C:\My Website
2010-01-03 17:43 . 2010-01-03 17:43 -------- d-sh--w- c:\windows\ftpcache
2010-01-03 17:42 . 2010-01-03 17:46 -------- d-----w- c:\program files\HTMLPad 2008
2010-01-03 12:11 . 2010-01-03 12:11 -------- d-----w- c:\program files\CCleaner
2010-01-02 17:45 . 2010-01-02 18:13 -------- d-----w- c:\documents and settings\me\DoctorWeb
2010-01-01 20:28 . 2010-01-03 19:16 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution
2010-01-01 20:00 . 2010-01-01 19:59 737280 ----a-w- c:\windows\iun6002.exe
2010-01-01 13:36 . 2010-01-01 14:10 -------- d-----w- C:\MyWebSite
2009-12-31 16:34 . 2009-12-31 16:34 -------- d-----w- c:\program files\kompozer-0.7.10-win32
2009-12-29 20:49 . 2009-12-29 20:49 -------- d-----w- c:\program files\WinPcap
2009-12-29 20:48 . 2009-12-29 20:49 -------- d-----w- c:\program files\Wireshark
2009-12-29 11:06 . 2009-12-29 11:07 -------- d-----w- c:\program files\tcpview
2009-12-28 21:55 . 2009-12-28 21:56 -------- d-----w- c:\program files\Seznam DVD 2008
2009-12-28 21:13 . 2009-12-28 21:13 -------- d-----w- c:\documents and settings\me\Seznam DVD
2009-12-26 16:13 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-17 15:40 . 2009-12-17 15:40 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-17 15:40 . 2009-12-17 15:40 -------- d-----w- c:\program files\Western Digital
2009-12-17 15:25 . 2009-02-13 11:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2009-12-15 16:13 . 2009-12-15 16:53 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\MSBuild
2009-12-13 09:45 . 2009-12-15 16:15 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\Reference Assemblies
2009-12-13 09:45 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-13 09:44 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-12 19:51 . 2010-01-09 09:54 -------- d-----w- c:\program files\HDD Health
2009-12-12 19:27 . 2009-11-13 11:23 32824 ----a-w- c:\windows\system32\rrMon.sys
2009-12-12 18:42 . 2005-02-11 09:24 6144 ----a-r- c:\windows\system32\drivers\k750cm.sys
2009-12-12 18:41 . 2005-02-11 09:19 5744 ----a-r- c:\windows\system32\drivers\k750wh.sys
2009-12-12 18:34 . 2009-12-12 19:35 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-12-12 18:30 . 2009-12-12 18:30 -------- d-----w- c:\windows\Downloaded Installations
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\me\data aplikac?­
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\All Users\data aplikac?­

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 16:58 . 2009-11-28 11:55 -------- d-----w- c:\program files\QIP
2010-01-09 14:47 . 2009-11-26 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-09 09:54 . 2009-11-28 12:10 -------- d---a-w- c:\program files\NetMeter
2010-01-09 09:54 . 2009-11-28 12:08 -------- d---a-w- c:\program files\MemInfo
2010-01-03 17:10 . 2009-12-06 11:57 -------- d-----w- c:\program files\AAALOGO2009.1
2010-01-01 12:36 . 2009-12-01 20:31 -------- d-----w- c:\program files\Nvu
2009-12-30 19:52 . 2009-11-28 12:05 -------- d---a-w- c:\program files\LFS
2009-12-29 12:10 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-12-29 12:10 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2009-12-28 20:08 . 2009-11-29 09:00 -------- d-----w- c:\program files\DiskBase
2009-12-24 13:06 . 2009-11-28 16:34 -------- d-----w- c:\program files\DreamCom
2009-12-16 19:39 . 2009-11-28 18:20 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-12-12 18:34 . 2009-11-28 16:09 -------- d-----w- c:\program files\Sony Ericsson
2009-12-12 18:16 . 2009-11-29 19:49 -------- d-----w- c:\program files\Google
2009-12-12 14:42 . 2009-11-30 18:49 -------- d-----w- c:\program files\MyPhoneExplorer
2009-12-10 17:49 . 2009-11-28 20:13 -------- d-----w- c:\program files\The KMPlayer
2009-12-08 19:47 . 2009-11-28 16:27 -------- d-----w- c:\program files\AMP Font Viewer
2009-12-08 07:55 . 2009-12-08 07:55 -------- d-----w- c:\program files\FreeRapid-0.83
2009-12-08 06:53 . 2009-12-06 12:13 -------- d-----w- c:\program files\Common Files\BinarySense
2009-12-07 13:49 . 2009-12-07 13:46 -------- d-----w- c:\program files\VB Colour Picker
2009-12-06 13:41 . 2009-11-28 16:13 -------- d-----w- c:\program files\Opera USB
2009-12-03 20:06 . 2009-12-03 20:06 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-03 13:19 . 2009-12-03 13:17 -------- d-----w- c:\program files\UltraISO
2009-12-03 13:17 . 2009-12-03 13:17 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-02 20:12 . 2009-11-29 08:33 -------- d-----w- c:\program files\MSI
2009-12-02 20:09 . 2009-12-02 20:09 -------- d-----w- c:\program files\Common Files\snpstd3
2009-12-02 19:29 . 2009-12-02 19:23 -------- d-----w- c:\program files\TechSmith
2009-12-02 17:16 . 2009-11-28 12:57 294912 ----a-w- c:\windows\TrnWord.dll
2009-12-02 17:16 . 2009-11-28 12:57 356352 ----a-w- c:\windows\TrnOutl.dll
2009-12-02 17:16 . 2009-11-28 12:57 45056 ----a-w- c:\windows\TRNOEH.DLL
2009-12-02 17:16 . 2009-11-28 12:57 26624 ----a-w- c:\windows\OETRN.EXE
2009-12-02 17:16 . 2009-11-28 12:57 200704 ----a-w- c:\windows\TRNOET.DLL
2009-12-02 17:16 . 2009-11-29 11:05 -------- d-----w- c:\program files\PC Translator
2009-12-02 17:06 . 2009-11-28 13:01 -------- d-----w- c:\program files\Topfield
2009-11-30 20:18 . 2009-11-30 20:14 -------- d-----w- c:\program files\Womble Multimedia
2009-11-30 19:25 . 2009-11-30 19:25 -------- d-----w- c:\program files\Avanquest
2009-11-30 18:14 . 2009-11-28 12:18 -------- d---a-w- c:\program files\The Ultimate File Splitter 1.0
2009-11-30 18:13 . 2009-11-30 18:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-30 18:13 . 2009-11-28 11:17 -------- d-----w- c:\program files\Java
2009-11-30 18:06 . 2009-11-28 12:16 -------- d---a-w- c:\program files\ShellExView
2009-11-30 18:04 . 2009-11-30 18:04 -------- d-----w- c:\program files\Skype
2009-11-30 18:00 . 2009-11-30 18:00 -------- d-----w- c:\program files\Samsung
2009-11-30 17:59 . 2009-11-28 16:20 -------- d---a-w- c:\program files\RealDrawPRO4
2009-11-30 17:53 . 2009-11-28 16:20 -------- d-----w- c:\program files\pravitko
2009-11-30 17:41 . 2009-11-28 12:08 -------- d-----w- c:\program files\MediaCoder
2009-11-30 17:38 . 2009-11-28 16:19 -------- d---a-w- c:\program files\LiknoWebButtonMakerFree
2009-11-30 17:37 . 2009-11-28 12:05 -------- d---a-w- c:\program files\lexikon
2009-11-30 17:28 . 2009-11-28 12:02 -------- d---a-r- c:\program files\GSpot
2009-11-30 17:04 . 2009-11-28 16:19 -------- d---a-w- c:\program files\FileZilla FTP Client
2009-11-30 17:03 . 2009-11-28 12:00 -------- d---a-w- c:\program files\EvilLyrics
2009-11-30 17:00 . 2009-11-28 12:00 -------- d-----w- c:\program files\DVDFab Decrypter 3
2009-11-30 16:59 . 2009-11-28 12:00 -------- d---a-w- c:\program files\DVD Decrypter
2009-11-30 16:48 . 2009-11-28 18:02 -------- d-----w- c:\program files\Internet Download Manager
2009-11-30 15:51 . 2009-11-30 15:51 2331008 ----a-w- c:\windows\system32\TUKernel.exe
2009-11-29 20:37 . 2009-11-28 11:57 -------- d-----w- c:\program files\Cedulky
2009-11-29 20:36 . 2009-11-28 16:11 -------- d-----w- c:\program files\Caricature Studio 3.0
2009-11-29 20:33 . 2009-11-29 20:33 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-11-29 20:33 . 2009-11-29 20:33 2944 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-11-29 20:33 . 2009-11-29 20:33 27776 ----a-w- c:\windows\system32\bbcap.dll
2009-11-29 20:29 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Avidemux 2.4
2009-11-29 20:28 . 2009-11-29 20:27 -------- d-----w- c:\program files\AutoGK
2009-11-29 20:27 . 2009-11-29 20:27 43602 ----a-w- c:\windows\system32\xvid-uninstall.exe
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\Gabest
2009-11-29 20:26 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Audacity
2009-11-29 19:46 . 2009-11-28 11:14 -------- d---a-w- c:\program files\DVD Shrink
2009-11-29 17:50 . 2009-11-29 17:50 -------- d-----w- c:\program files\Microsoft.NET
2009-11-29 14:54 . 2009-11-29 14:51 -------- d-----w- c:\program files\linguatec
2009-11-29 10:52 . 2009-11-29 10:52 -------- d-----w- c:\program files\MSXML 4.0
2009-11-29 10:30 . 2009-11-29 10:12 -------- d-----w- c:\program files\Zoner
2009-11-29 08:28 . 2009-11-29 08:23 -------- d-----w- c:\program files\ASUS
2009-11-29 08:14 . 2009-11-29 07:52 113335 ----a-w- c:\windows\hpoins07.dat
2009-11-29 08:10 . 2009-11-29 08:10 -------- d-----w- c:\program files\Common Files\HP
2009-11-29 08:10 . 2009-11-29 07:57 -------- d-----w- c:\program files\HP
2009-11-29 08:09 . 2009-11-29 08:09 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-29 08:07 . 2009-11-29 08:07 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-11-28 22:06 . 2009-11-28 21:59 -------- d-----w- c:\program files\Nero
2009-11-28 22:01 . 2009-11-28 21:59 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 20:10 . 2009-11-28 20:10 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-28 18:56 . 2009-11-28 18:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 16:19 . 2009-11-28 16:19 -------- d-----w- c:\program files\CardTest
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostscript
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostgum
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\DComSoft
2009-11-28 15:26 . 2009-11-28 15:23 -------- d-----w- c:\program files\OO Software
2009-11-28 14:48 . 2009-11-26 18:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 14:44 . 2009-11-28 14:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-28 14:15 . 2009-11-28 13:47 -------- d-----w- c:\program files\ICQ6.5
2009-11-28 13:46 . 2009-11-28 11:55 -------- d-----w- c:\program files\ICQ6
2009-11-28 13:30 . 2009-11-28 11:37 -------- d-----w- c:\program files\Symantec
2009-11-28 13:30 . 2009-11-28 11:37 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-28 13:30 . 2009-11-28 11:37 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-28 13:30 . 2009-11-28 11:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-28 13:30 . 2009-11-28 11:37 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-28 12:57 . 2009-11-28 12:57 491520 ----a-w- c:\windows\WebIE.dll
2009-11-28 12:20 . 2009-11-28 12:00 -------- d-----w- c:\program files\Diagnostika HDD
2009-11-28 12:16 . 2009-11-28 12:16 -------- d-----w- c:\program files\Smart PC Solutions
2009-11-28 11:57 . 2009-11-28 11:57 -------- d-----w- c:\program files\Calculator
2009-11-28 11:46 . 2009-11-28 11:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-28 11:36 . 2009-11-28 11:36 -------- d-----w- c:\program files\Norton Internet Security
.

((((((((((((((((((((((((((((( SnapShot@2010-01-03_12.51.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-09 17:04 . 2010-01-09 17:04 16384 c:\windows\Temp\Perflib_Perfdata_5d8.dat
+ 2010-01-09 15:04 . 2010-01-09 15:04 16384 c:\windows\Temp\Perflib_Perfdata_5c0.dat
+ 2010-01-09 14:47 . 2005-09-21 14:54 73728 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Oemdspif.dll
+ 2010-01-09 14:47 . 2001-11-09 03:01 24064 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativcoxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:04 17408 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atitvo32.dll
+ 2010-01-09 14:47 . 2005-09-21 14:52 53248 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDDC.DLL
+ 2010-01-09 14:47 . 2005-09-21 14:54 25088 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Ati2mdxx.exe
+ 2010-01-09 14:47 . 2005-09-21 14:54 46080 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:05 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2erec.dll
+ 2010-01-09 14:47 . 2005-09-21 14:54 39936 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2edxx.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 32768 c:\windows\system32\dllcache\ativtmxx.dll
- 2008-04-14 03:21 . 2008-04-14 03:21 32768 c:\windows\system32\ativtmxx.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 32768 c:\windows\system32\ativtmxx.dll
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut5_A0E145F55ACF4AF1A273244121F5A8BA.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut5_A0E145F55ACF4AF1A273244121F5A8BA.exe
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut3_D5D4D9CBC85D4CA8AA2EA6AA4F123F20.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut3_D5D4D9CBC85D4CA8AA2EA6AA4F123F20.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut1_08ED310EBCB045CE8C3E405A81A28F9C.exe
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut1_08ED310EBCB045CE8C3E405A81A28F9C.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\ARPPRODUCTICON.exe
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\ARPPRODUCTICON.exe
+ 2010-01-09 14:47 . 2005-09-21 14:40 600672 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativvaxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:54 106496 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atipdlxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:27 147456 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atikvmag.dll
+ 2010-01-09 14:47 . 2005-09-21 17:23 307200 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiiiexx.dll
+ 2010-01-09 14:47 . 2005-09-06 08:04 104373 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiicdxx.dat
+ 2010-01-09 14:47 . 2005-09-21 16:48 258048 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDEMGR.dll
+ 2010-01-09 14:47 . 2005-09-21 14:53 376832 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.exe
+ 2010-01-09 14:47 . 2005-09-21 14:59 238592 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2dvag.dll
+ 2010-01-09 14:47 . 2005-09-21 13:59 233472 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2cqag.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 870784 c:\windows\system32\dllcache\ati3d1ag.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 377984 c:\windows\system32\dllcache\ati2dvaa.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 870784 c:\windows\system32\ati3d1ag.dll
- 2008-04-14 03:21 . 2008-04-14 03:21 870784 c:\windows\system32\ati3d1ag.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 377984 c:\windows\system32\ati2dvaa.dll
- 2008-04-14 03:21 . 2008-04-14 03:21 377984 c:\windows\system32\ati2dvaa.dll
+ 2010-01-09 14:49 . 2010-01-09 14:49 923136 c:\windows\Installer\59364.msi
+ 2010-01-09 14:47 . 2005-09-21 15:13 4718592 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglxx.dll
+ 2010-01-09 14:47 . 2005-09-21 16:13 6684672 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglx1.dll
+ 2010-01-09 14:47 . 2005-09-21 14:45 2429984 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati3duag.dll
+ 2010-01-09 14:47 . 2005-09-21 14:59 1334784 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2mtag.sys
+ 2010-01-09 14:52 . 2010-01-09 14:52 15331840 c:\windows\Installer\59371.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\Load.exe [2005-9-22 36864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"OEXPRESS"=c:\windows\OETRN.EXE
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"ASUSTeKRCAppl"=c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe
"QIP2005"=c:\program files\QIP\qip .exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"OODefragTray"=c:\windows\system32\oodtray.exe
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"tsnpstd3"=c:\windows\tsnpstd3.exe
"Adobe_Reader"=c:\program files\internet explorer\wmpscfgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [28.11.2009 14:30 310320]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [29.11.2009 21:33 2944]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [28.11.2009 14:30 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [28.11.2009 14:30 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys [6.1.2010 16:46 329592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [28.11.2009 14:30 117640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [29.11.2009 9:23 2825088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.12.2009 21:31 102448]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
S3 pbfilter;pbfilter;\??\c:\program files\Peerblock\pbfilter.sys --> c:\program files\Peerblock\pbfilter.sys [?]
S3 TfBulk;TfBulk;c:\windows\system32\drivers\TfBulk.SYS [31.5.2007 21:11 13312]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.12.2009 16:25 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.12.2009 21:06 717296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-08 c:\windows\Tasks\Automatic maintenance.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2009-10-29 19:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-09 18:04
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1606980848-57989841-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="38D140A9C8AA2DD0A9B3839FED7894F6A768EFF07D5F3B942D0054CD2522FA393796A30010953ED4E27A0D380E36D63319A016A1CB7C6832CFE85949938D675858B4BE5FAC359C34BCC6513637B4C78CAD7DA39FAE5EC15F05523E12E301BD34CE3127A79DA68FBD6B9A705E3B1F0746BC9DDCB5685CDE7564151196E7A12FDA93C0D50C697C7E53E8A86CC76E93D8B8DDD1700240C27BE0C7C0C719788691EB6252A81498BAF8EBF1DA2BE12BA5224E711FEAF58051F820CE1839B171BEDC1EBA03E09C365EB09087CC78EA4F5CEE8618C0C15678BCD84A5C90A3C831CB2FB8E0A7A3D4D454FB61EFCE00F73CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DFEBC9E127BECC74C3B060D50980065913945AF4169ABFAC48E096D6F9E618E3074F761E2A2E07A02B0E13CA95E35C926D2876A746242FB75C17503C45B71A5641771062E51D9504ECA70EEA2C40B39CA312615CE0B5AD593C81BDB8F07452FFAD25932E7AD6989F3C226E61658015B277ACEC32E6BF61518557F014CC98C3F5F07AF85CD19885FEEC49CF8A4D7F7AA67C65421B43F851A818ECE133E7BDB3C8187193563AA125A3F73909033B6B3F83E262CEC45F8531BD00FD745EAAAA85CD11DDD09F12C47D967E2E2A8699DDF685D1970F6893B119F8BE78CDE1D17CE314704E8DC021E4C12EF1D1952336788F101975E28EF5FD784BC1A85BB63380E1ADD6B4A21E2302B08E31D5AB441A22060630958F8A97121FA709D7B498EB78A4E937836D929CA4E1853D6F4870793FAD3C4CE64F72AB2CA07B75C4E8D35F04AD6EAC18420AA0807EF512C5A98BDB2D2C06B372C48AC179703AAB6821DB177B991EA54322083360991F6781DC9DF2A45ED9F0B7E202C48AD1A61003CA4A21127AF9D2FDC1A1358EDD5DD87F8102FDAD3772D834B486BA197CD797D48E269B4C7B81248C9E07BA4B067A89AC974AF57634D65CDA921EFB3C4F2956B152CAC92B184DB85615E258533C2F6668E93A8E6BDB39C8D541B01C28532DAF7B466570BE04210C3AD0E3919393C73156FA0270511C12C57A73D2CC89108F1485F8D953433F2C854E08129336AFA49C333DE7AE2ECE2EFB5272244F0044689F06F315AD6EDEC28F8CCDB275954F82781472837E14757C8A777F65D9B5910D2FDE3F3DC70B7D94CEAEAD52A47E60542553CE9359A7B339C9DE10050DEF55F84EE5F0E16339CB6DFD6D63A6C6A76C25137C726115944DDD17E56913B021E00D6B4A849C4840BD50BDB4F6B6EE43B280F1542F0AB1C4593D5A465967E817E9409B92B07EA7D575DFC8DB95CF30DD1003C4E2874279682639ADB450E3F0FA38FDAD575B84EEC38C6E8749D96826F3AE81C3A1BED"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3804)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\oodag.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-01-09 18:07:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-09 17:07
ComboFix2.txt 2010-01-09 15:08
ComboFix3.txt 2010-01-09 10:05
ComboFix4.txt 2010-01-08 18:56
ComboFix5.txt 2010-01-09 16:57

Před spuštěním: Volných bajtů: 236 404 531 200
Po spuštění: Volných bajtů: 236 392 062 976

- - End Of File - - 1C89AC3DD6F78840C7483A6742F3789C
Nahoru
hoskinson
Návštěvník
Návštěvník
Příspěvky: 55
Registrován: 03 čer 2007 11:04

Re: Virů jak nastláno...

#35 Příspěvek od hoskinson »

Klid...we´ll kill´em all... :|
Nahoru
pitimir
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 479
Registrován: 18 čer 2008 17:54
Bydliště: Šutrovec
Kontaktovat uživatele:
Kontaktovat uživatele pitimir

Re: Virů jak nastláno...

#36 Příspěvek od pitimir »

Kuuurnik, skoda ze som tu vcera uz nebol...CF hlasi cisty stit...a podla tojej reakcie to uz tak nie je..alebo sa mylim? Opis mi prosim spravanie PC a ci este nechadzas nejake qip .exe subory :)
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém: :!:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Nahoru
hoskinson
Návštěvník
Návštěvník
Příspěvky: 55
Registrován: 03 čer 2007 11:04

Re: Virů jak nastláno...

#37 Příspěvek od hoskinson »

V Program Files vQIPu už jen jedno ...exe,ale bez ikony a po otevření se nespustí QIP ale opět
iexplore.exe ( 3x ),po jejich ukončení se zase obnoví... :boxed:
Nahoru
pitimir
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 479
Registrován: 18 čer 2008 17:54
Bydliště: Šutrovec
Kontaktovat uživatele:
Kontaktovat uživatele pitimir

Re: Virů jak nastláno...

#38 Příspěvek od pitimir »

Ten jeden hajzlik sa tam drzi..skusime to takto:

1) Stiahni Avenger. Spust ho a suhlas s podmienkami atd.
Do bieleho pola v strede programu vloz skript:

Kód: Vybrat vše

Files to delete:
c:\program files\internet explorer\wmpscfgs.exe

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run- | Adobe_Reader
Stlac "Execute" -> "Yes". Restart a vloz log.


2) Novy CFScript:

Kód: Vybrat vše

KillAll::
RenV::
c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe
c:\program files\QIP\qip .exe

File::
c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe
c:\program files\QIP\qip .exe
c:\program files\internet explorer\wmpscfgs.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ASUSTeKRCAppl"=-
"QIP2005"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe_Reader"=-
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém: :!:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Nahoru
hoskinson
Návštěvník
Návštěvník
Příspěvky: 55
Registrován: 03 čer 2007 11:04

Re: Virů jak nastláno...

#39 Příspěvek od hoskinson »

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\program files\internet explorer\wmpscfgs.exe" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-|Adobe_Reader" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.








ComboFix 10-01-02.04 - me 10.01.2010 17:19:14.10.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.512 [GMT 1:00]
Spuštěný z: c:\documents and settings\me\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\me\Plocha\CFScript.txt.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe"
"c:\program files\internet explorer\wmpscfgs.exe"
"c:\program files\QIP\qip .exe"
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-09 14:49 . 2010-01-09 14:49 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-01-09 14:47 . 2005-09-21 20:15 516096 ------w- c:\windows\system32\ati2sgag.exe
2010-01-09 14:47 . 2005-09-21 17:23 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2010-01-09 14:46 . 2010-01-09 14:50 -------- d-----w- c:\program files\ATI Technologies
2010-01-09 14:43 . 2005-09-06 08:04 104373 ----a-r- c:\windows\system32\atiicdxx.dat
2010-01-09 13:32 . 2010-01-09 15:02 -------- d-----w- c:\program files\WEB ELEMENTS Deluxe Website Design Graphics Collection
2010-01-03 19:11 . 2010-01-03 19:11 -------- d-----w- C:\My Website
2010-01-03 17:43 . 2010-01-03 17:43 -------- d-sh--w- c:\windows\ftpcache
2010-01-03 17:42 . 2010-01-03 17:46 -------- d-----w- c:\program files\HTMLPad 2008
2010-01-03 12:11 . 2010-01-03 12:11 -------- d-----w- c:\program files\CCleaner
2010-01-02 17:45 . 2010-01-02 18:13 -------- d-----w- c:\documents and settings\me\DoctorWeb
2010-01-01 20:28 . 2010-01-03 19:16 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution
2010-01-01 20:00 . 2010-01-01 19:59 737280 ----a-w- c:\windows\iun6002.exe
2010-01-01 13:36 . 2010-01-01 14:10 -------- d-----w- C:\MyWebSite
2009-12-31 16:34 . 2009-12-31 16:34 -------- d-----w- c:\program files\kompozer-0.7.10-win32
2009-12-29 20:49 . 2009-12-29 20:49 -------- d-----w- c:\program files\WinPcap
2009-12-29 20:48 . 2009-12-29 20:49 -------- d-----w- c:\program files\Wireshark
2009-12-29 11:06 . 2009-12-29 11:07 -------- d-----w- c:\program files\tcpview
2009-12-28 21:55 . 2009-12-28 21:56 -------- d-----w- c:\program files\Seznam DVD 2008
2009-12-28 21:13 . 2009-12-28 21:13 -------- d-----w- c:\documents and settings\me\Seznam DVD
2009-12-26 16:13 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-17 15:40 . 2009-12-17 15:40 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-17 15:40 . 2009-12-17 15:40 -------- d-----w- c:\program files\Western Digital
2009-12-17 15:25 . 2009-02-13 11:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2009-12-15 16:13 . 2009-12-15 16:53 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\MSBuild
2009-12-13 09:45 . 2009-12-15 16:15 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\Reference Assemblies
2009-12-13 09:45 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-13 09:44 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-12 19:51 . 2010-01-09 09:54 -------- d-----w- c:\program files\HDD Health
2009-12-12 19:27 . 2009-11-13 11:23 32824 ----a-w- c:\windows\system32\rrMon.sys
2009-12-12 18:42 . 2005-02-11 09:24 6144 ----a-r- c:\windows\system32\drivers\k750cm.sys
2009-12-12 18:41 . 2005-02-11 09:19 5744 ----a-r- c:\windows\system32\drivers\k750wh.sys
2009-12-12 18:34 . 2009-12-12 19:35 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-12-12 18:30 . 2009-12-12 18:30 -------- d-----w- c:\windows\Downloaded Installations
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\me\data aplikac?­
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\All Users\data aplikac?­

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 16:58 . 2009-11-28 11:55 -------- d-----w- c:\program files\QIP
2010-01-09 14:47 . 2009-11-26 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-09 09:54 . 2009-11-28 12:10 -------- d---a-w- c:\program files\NetMeter
2010-01-09 09:54 . 2009-11-28 12:08 -------- d---a-w- c:\program files\MemInfo
2010-01-03 17:10 . 2009-12-06 11:57 -------- d-----w- c:\program files\AAALOGO2009.1
2010-01-01 12:36 . 2009-12-01 20:31 -------- d-----w- c:\program files\Nvu
2009-12-30 19:52 . 2009-11-28 12:05 -------- d---a-w- c:\program files\LFS
2009-12-29 12:10 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-12-29 12:10 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2009-12-28 20:08 . 2009-11-29 09:00 -------- d-----w- c:\program files\DiskBase
2009-12-24 13:06 . 2009-11-28 16:34 -------- d-----w- c:\program files\DreamCom
2009-12-16 19:39 . 2009-11-28 18:20 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-12-12 18:34 . 2009-11-28 16:09 -------- d-----w- c:\program files\Sony Ericsson
2009-12-12 18:16 . 2009-11-29 19:49 -------- d-----w- c:\program files\Google
2009-12-12 14:42 . 2009-11-30 18:49 -------- d-----w- c:\program files\MyPhoneExplorer
2009-12-10 17:49 . 2009-11-28 20:13 -------- d-----w- c:\program files\The KMPlayer
2009-12-08 19:47 . 2009-11-28 16:27 -------- d-----w- c:\program files\AMP Font Viewer
2009-12-08 07:55 . 2009-12-08 07:55 -------- d-----w- c:\program files\FreeRapid-0.83
2009-12-08 06:53 . 2009-12-06 12:13 -------- d-----w- c:\program files\Common Files\BinarySense
2009-12-07 13:49 . 2009-12-07 13:46 -------- d-----w- c:\program files\VB Colour Picker
2009-12-06 13:41 . 2009-11-28 16:13 -------- d-----w- c:\program files\Opera USB
2009-12-03 20:06 . 2009-12-03 20:06 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-03 13:19 . 2009-12-03 13:17 -------- d-----w- c:\program files\UltraISO
2009-12-03 13:17 . 2009-12-03 13:17 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-02 20:12 . 2009-11-29 08:33 -------- d-----w- c:\program files\MSI
2009-12-02 20:09 . 2009-12-02 20:09 -------- d-----w- c:\program files\Common Files\snpstd3
2009-12-02 19:29 . 2009-12-02 19:23 -------- d-----w- c:\program files\TechSmith
2009-12-02 17:16 . 2009-11-28 12:57 294912 ----a-w- c:\windows\TrnWord.dll
2009-12-02 17:16 . 2009-11-28 12:57 356352 ----a-w- c:\windows\TrnOutl.dll
2009-12-02 17:16 . 2009-11-28 12:57 45056 ----a-w- c:\windows\TRNOEH.DLL
2009-12-02 17:16 . 2009-11-28 12:57 26624 ----a-w- c:\windows\OETRN.EXE
2009-12-02 17:16 . 2009-11-28 12:57 200704 ----a-w- c:\windows\TRNOET.DLL
2009-12-02 17:16 . 2009-11-29 11:05 -------- d-----w- c:\program files\PC Translator
2009-12-02 17:06 . 2009-11-28 13:01 -------- d-----w- c:\program files\Topfield
2009-11-30 20:18 . 2009-11-30 20:14 -------- d-----w- c:\program files\Womble Multimedia
2009-11-30 19:25 . 2009-11-30 19:25 -------- d-----w- c:\program files\Avanquest
2009-11-30 18:14 . 2009-11-28 12:18 -------- d---a-w- c:\program files\The Ultimate File Splitter 1.0
2009-11-30 18:13 . 2009-11-30 18:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-30 18:13 . 2009-11-28 11:17 -------- d-----w- c:\program files\Java
2009-11-30 18:06 . 2009-11-28 12:16 -------- d---a-w- c:\program files\ShellExView
2009-11-30 18:04 . 2009-11-30 18:04 -------- d-----w- c:\program files\Skype
2009-11-30 18:00 . 2009-11-30 18:00 -------- d-----w- c:\program files\Samsung
2009-11-30 17:59 . 2009-11-28 16:20 -------- d---a-w- c:\program files\RealDrawPRO4
2009-11-30 17:53 . 2009-11-28 16:20 -------- d-----w- c:\program files\pravitko
2009-11-30 17:41 . 2009-11-28 12:08 -------- d-----w- c:\program files\MediaCoder
2009-11-30 17:38 . 2009-11-28 16:19 -------- d---a-w- c:\program files\LiknoWebButtonMakerFree
2009-11-30 17:37 . 2009-11-28 12:05 -------- d---a-w- c:\program files\lexikon
2009-11-30 17:28 . 2009-11-28 12:02 -------- d---a-r- c:\program files\GSpot
2009-11-30 17:04 . 2009-11-28 16:19 -------- d---a-w- c:\program files\FileZilla FTP Client
2009-11-30 17:03 . 2009-11-28 12:00 -------- d---a-w- c:\program files\EvilLyrics
2009-11-30 17:00 . 2009-11-28 12:00 -------- d-----w- c:\program files\DVDFab Decrypter 3
2009-11-30 16:59 . 2009-11-28 12:00 -------- d---a-w- c:\program files\DVD Decrypter
2009-11-30 16:48 . 2009-11-28 18:02 -------- d-----w- c:\program files\Internet Download Manager
2009-11-30 15:51 . 2009-11-30 15:51 2331008 ----a-w- c:\windows\system32\TUKernel.exe
2009-11-29 20:37 . 2009-11-28 11:57 -------- d-----w- c:\program files\Cedulky
2009-11-29 20:36 . 2009-11-28 16:11 -------- d-----w- c:\program files\Caricature Studio 3.0
2009-11-29 20:33 . 2009-11-29 20:33 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-11-29 20:33 . 2009-11-29 20:33 2944 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-11-29 20:33 . 2009-11-29 20:33 27776 ----a-w- c:\windows\system32\bbcap.dll
2009-11-29 20:29 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Avidemux 2.4
2009-11-29 20:28 . 2009-11-29 20:27 -------- d-----w- c:\program files\AutoGK
2009-11-29 20:27 . 2009-11-29 20:27 43602 ----a-w- c:\windows\system32\xvid-uninstall.exe
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\Gabest
2009-11-29 20:26 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Audacity
2009-11-29 19:46 . 2009-11-28 11:14 -------- d---a-w- c:\program files\DVD Shrink
2009-11-29 17:50 . 2009-11-29 17:50 -------- d-----w- c:\program files\Microsoft.NET
2009-11-29 14:54 . 2009-11-29 14:51 -------- d-----w- c:\program files\linguatec
2009-11-29 10:52 . 2009-11-29 10:52 -------- d-----w- c:\program files\MSXML 4.0
2009-11-29 10:30 . 2009-11-29 10:12 -------- d-----w- c:\program files\Zoner
2009-11-29 08:28 . 2009-11-29 08:23 -------- d-----w- c:\program files\ASUS
2009-11-29 08:14 . 2009-11-29 07:52 113335 ----a-w- c:\windows\hpoins07.dat
2009-11-29 08:10 . 2009-11-29 08:10 -------- d-----w- c:\program files\Common Files\HP
2009-11-29 08:10 . 2009-11-29 07:57 -------- d-----w- c:\program files\HP
2009-11-29 08:09 . 2009-11-29 08:09 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-29 08:07 . 2009-11-29 08:07 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-11-28 22:06 . 2009-11-28 21:59 -------- d-----w- c:\program files\Nero
2009-11-28 22:01 . 2009-11-28 21:59 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 20:10 . 2009-11-28 20:10 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-28 18:56 . 2009-11-28 18:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 16:19 . 2009-11-28 16:19 -------- d-----w- c:\program files\CardTest
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostscript
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostgum
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\DComSoft
2009-11-28 15:26 . 2009-11-28 15:23 -------- d-----w- c:\program files\OO Software
2009-11-28 14:48 . 2009-11-26 18:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 14:44 . 2009-11-28 14:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-28 14:15 . 2009-11-28 13:47 -------- d-----w- c:\program files\ICQ6.5
2009-11-28 13:46 . 2009-11-28 11:55 -------- d-----w- c:\program files\ICQ6
2009-11-28 13:30 . 2009-11-28 11:37 -------- d-----w- c:\program files\Symantec
2009-11-28 13:30 . 2009-11-28 11:37 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-28 13:30 . 2009-11-28 11:37 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-28 13:30 . 2009-11-28 11:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-28 13:30 . 2009-11-28 11:37 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-28 12:57 . 2009-11-28 12:57 491520 ----a-w- c:\windows\WebIE.dll
2009-11-28 12:20 . 2009-11-28 12:00 -------- d-----w- c:\program files\Diagnostika HDD
2009-11-28 12:16 . 2009-11-28 12:16 -------- d-----w- c:\program files\Smart PC Solutions
2009-11-28 11:57 . 2009-11-28 11:57 -------- d-----w- c:\program files\Calculator
2009-11-28 11:46 . 2009-11-28 11:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-28 11:36 . 2009-11-28 11:36 -------- d-----w- c:\program files\Norton Internet Security
.

Kód: Vybrat vše

<pre>
c:\program files\Internet Explorer\wmpscfgs .exe
</pre>
((((((((((((((((((((((((((((( SnapShot@2010-01-03_12.51.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-10 16:25 . 2010-01-10 16:25 16384 c:\windows\Temp\Perflib_Perfdata_7d4.dat
+ 2010-01-10 16:14 . 2010-01-10 16:14 16384 c:\windows\Temp\Perflib_Perfdata_1c0.dat
+ 2010-01-09 14:47 . 2005-09-21 14:54 73728 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Oemdspif.dll
+ 2010-01-09 14:47 . 2001-11-09 03:01 24064 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativcoxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:04 17408 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atitvo32.dll
+ 2010-01-09 14:47 . 2005-09-21 14:52 53248 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDDC.DLL
+ 2010-01-09 14:47 . 2005-09-21 14:54 25088 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Ati2mdxx.exe
+ 2010-01-09 14:47 . 2005-09-21 14:54 46080 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:05 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2erec.dll
+ 2010-01-09 14:47 . 2005-09-21 14:54 39936 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2edxx.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 32768 c:\windows\system32\dllcache\ativtmxx.dll
- 2008-04-14 03:21 . 2008-04-14 03:21 32768 c:\windows\system32\ativtmxx.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 32768 c:\windows\system32\ativtmxx.dll
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut5_A0E145F55ACF4AF1A273244121F5A8BA.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut5_A0E145F55ACF4AF1A273244121F5A8BA.exe
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut3_D5D4D9CBC85D4CA8AA2EA6AA4F123F20.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut3_D5D4D9CBC85D4CA8AA2EA6AA4F123F20.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut1_08ED310EBCB045CE8C3E405A81A28F9C.exe
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut1_08ED310EBCB045CE8C3E405A81A28F9C.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\ARPPRODUCTICON.exe
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\ARPPRODUCTICON.exe
+ 2010-01-09 14:47 . 2005-09-21 14:40 600672 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativvaxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:54 106496 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atipdlxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:27 147456 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atikvmag.dll
+ 2010-01-09 14:47 . 2005-09-21 17:23 307200 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiiiexx.dll
+ 2010-01-09 14:47 . 2005-09-06 08:04 104373 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiicdxx.dat
+ 2010-01-09 14:47 . 2005-09-21 16:48 258048 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDEMGR.dll
+ 2010-01-09 14:47 . 2005-09-21 14:53 376832 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.exe
+ 2010-01-09 14:47 . 2005-09-21 14:59 238592 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2dvag.dll
+ 2010-01-09 14:47 . 2005-09-21 13:59 233472 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2cqag.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 870784 c:\windows\system32\dllcache\ati3d1ag.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 377984 c:\windows\system32\dllcache\ati2dvaa.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 870784 c:\windows\system32\ati3d1ag.dll
- 2008-04-14 03:21 . 2008-04-14 03:21 870784 c:\windows\system32\ati3d1ag.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 377984 c:\windows\system32\ati2dvaa.dll
- 2008-04-14 03:21 . 2008-04-14 03:21 377984 c:\windows\system32\ati2dvaa.dll
+ 2010-01-09 14:49 . 2010-01-09 14:49 923136 c:\windows\Installer\59364.msi
+ 2010-01-09 14:47 . 2005-09-21 15:13 4718592 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglxx.dll
+ 2010-01-09 14:47 . 2005-09-21 16:13 6684672 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglx1.dll
+ 2010-01-09 14:47 . 2005-09-21 14:45 2429984 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati3duag.dll
+ 2010-01-09 14:47 . 2005-09-21 14:59 1334784 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2mtag.sys
+ 2010-01-09 14:52 . 2010-01-09 14:52 15331840 c:\windows\Installer\59371.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\Load.exe [2005-9-22 36864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"OEXPRESS"=c:\windows\OETRN.EXE
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"OODefragTray"=c:\windows\system32\oodtray.exe
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"tsnpstd3"=c:\windows\tsnpstd3.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [28.11.2009 14:30 310320]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [29.11.2009 21:33 2944]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [28.11.2009 14:30 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [28.11.2009 14:30 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys [6.1.2010 16:46 329592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [28.11.2009 14:30 117640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [29.11.2009 9:23 2825088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.12.2009 21:31 102448]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
S3 pbfilter;pbfilter;\??\c:\program files\Peerblock\pbfilter.sys --> c:\program files\Peerblock\pbfilter.sys [?]
S3 TfBulk;TfBulk;c:\windows\system32\drivers\TfBulk.SYS [31.5.2007 21:11 13312]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.12.2009 16:25 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.12.2009 21:06 717296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-08 c:\windows\Tasks\Automatic maintenance.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2009-10-29 19:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 17:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1606980848-57989841-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="38D140A9C8AA2DD0A9B3839FED7894F6A768EFF07D5F3B942D0054CD2522FA393796A30010953ED4E27A0D380E36D63319A016A1CB7C6832CFE85949938D675858B4BE5FAC359C34BCC6513637B4C78CAD7DA39FAE5EC15F05523E12E301BD34CE3127A79DA68FBD6B9A705E3B1F0746BC9DDCB5685CDE7564151196E7A12FDA93C0D50C697C7E53E8A86CC76E93D8B8DDD1700240C27BE0C7C0C719788691EB6252A81498BAF8EBF1DA2BE12BA5224E711FEAF58051F820CE1839B171BEDC1EBA03E09C365EB09087CC78EA4F5CEE8618C0C15678BCD84A5C90A3C831CB2FB8E0A7A3D4D454FB61EFCE00F73CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DFEBC9E127BECC74C3B060D50980065913945AF4169ABFAC48E096D6F9E618E3074F761E2A2E07A02B0E13CA95E35C926D2876A746242FB75C17503C45B71A5641771062E51D9504ECA70EEA2C40B39CA312615CE0B5AD593C81BDB8F07452FFAD25932E7AD6989F3C226E61658015B277ACEC32E6BF61518557F014CC98C3F5F07AF85CD19885FEEC49CF8A4D7F7AA67C65421B43F851A818ECE133E7BDB3C8187193563AA125A3F73909033B6B3F83E262CEC45F8531BD00FD745EAAAA85CD11DDD09F12C47D967E2E2A8699DDF685D1970F6893B119F8BE78CDE1D17CE314704E8DC021E4C12EF1D1952336788F101975E28EF5FD784BC1A85BB63380E1ADD6B4A21E2302B08E31D5AB441A22060630958F8A97121FA709D7B498EB78A4E937836D929CA4E1853D6F4870793FAD3C4CE64F72AB2CA07B75C4E8D35F04AD6EAC18420AA0807EF512C5A98BDB2D2C06B372C48AC179703AAB6821DB177B991EA54322083360991F6781DC9DF2A45ED9F0B7E202C48AD1A61003CA4A21127AF9D2FDC1A1358EDD5DD87F8102FDAD3772D834B486BA197CD797D48E269B4C7B81248C9E07BA4B067A89AC974AF57634D65CDA921EFB3C4F2956B152CAC92B184DB85615E258533C2F6668E93A8E6BDB39C8D541B01C28532DAF7B466570BE04210C3AD0E3919393C73156FA0270511C12C57A73D2CC89108F1485F8D953433F2C854E08129336AFA49C333DE7AE2ECE2EFB5272244F0044689F06F315AD6EDEC28F8CCDB275954F82781472837E14757C8A777F65D9B5910D2FDE3F3DC70B7D94CEAEAD52A47E60542553CE9359A7B339C9DE10050DEF55F84EE5F0E16339CB6DFD6D63A6C6A76C25137C726115944DDD17E56913B021E00D6B4A849C4840BD50BDB4F6B6EE43B280F1542F0AB1C4593D5A465967E817E9409B92B07EA7D575DFC8DB95CF30DD1003C4E2874279682639ADB450E3F0FA38FDAD575B84EEC38C6E8749D96826F3AE81C3A1BED"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2492)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\oodag.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-10 17:28:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-10 16:28
ComboFix2.txt 2010-01-09 17:07
ComboFix3.txt 2010-01-09 15:08
ComboFix4.txt 2010-01-09 10:05
ComboFix5.txt 2010-01-10 16:18

Před spuštěním: Volných bajtů: 236 370 010 112
Po spuštění: Volných bajtů: 236 342 788 096

- - End Of File - - 53620FAA7EE3753F1BA9E3142A094941
Nahoru
pitimir
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 479
Registrován: 18 čer 2008 17:54
Bydliště: Šutrovec
Kontaktovat uživatele:
Kontaktovat uživatele pitimir

Re: Virů jak nastláno...

#40 Příspěvek od pitimir »

Novy CF skript:

Kód: Vybrat vše

KillALL:
File::
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\internet explorer\wmpscfgs.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe_Reader"=-
Tlacime ho, smejda ;)


EDIT: VYDRZ ESTE MMNTIK PROSIM :)
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém: :!:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Nahoru
pitimir
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 479
Registrován: 18 čer 2008 17:54
Bydliště: Šutrovec
Kontaktovat uživatele:
Kontaktovat uživatele pitimir

Re: Virů jak nastláno...

#41 Příspěvek od pitimir »

OK, uz mozes pouzit horeuvedeny skript :)
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém: :!:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Nahoru
hoskinson
Návštěvník
Návštěvník
Příspěvky: 55
Registrován: 03 čer 2007 11:04

Re: Virů jak nastláno...

#42 Příspěvek od hoskinson »

ComboFix 10-01-02.04 - me 10.01.2010 17:37:59.11.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.452 [GMT 1:00]
Spuštěný z: c:\documents and settings\me\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\me\Plocha\CFScript.txt.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\program files\Internet Explorer\wmpscfgs .exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\wmpscfgs .exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-09 14:49 . 2010-01-09 14:49 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-01-09 14:47 . 2005-09-21 20:15 516096 ------w- c:\windows\system32\ati2sgag.exe
2010-01-09 14:47 . 2005-09-21 17:23 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2010-01-09 14:46 . 2010-01-09 14:50 -------- d-----w- c:\program files\ATI Technologies
2010-01-09 14:43 . 2005-09-06 08:04 104373 ----a-r- c:\windows\system32\atiicdxx.dat
2010-01-09 13:32 . 2010-01-09 15:02 -------- d-----w- c:\program files\WEB ELEMENTS Deluxe Website Design Graphics Collection
2010-01-03 19:11 . 2010-01-03 19:11 -------- d-----w- C:\My Website
2010-01-03 17:43 . 2010-01-03 17:43 -------- d-sh--w- c:\windows\ftpcache
2010-01-03 17:42 . 2010-01-03 17:46 -------- d-----w- c:\program files\HTMLPad 2008
2010-01-03 12:11 . 2010-01-03 12:11 -------- d-----w- c:\program files\CCleaner
2010-01-02 17:45 . 2010-01-02 18:13 -------- d-----w- c:\documents and settings\me\DoctorWeb
2010-01-01 20:28 . 2010-01-03 19:16 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution
2010-01-01 20:00 . 2010-01-01 19:59 737280 ----a-w- c:\windows\iun6002.exe
2010-01-01 13:36 . 2010-01-01 14:10 -------- d-----w- C:\MyWebSite
2009-12-31 16:34 . 2009-12-31 16:34 -------- d-----w- c:\program files\kompozer-0.7.10-win32
2009-12-29 20:49 . 2009-12-29 20:49 -------- d-----w- c:\program files\WinPcap
2009-12-29 20:48 . 2009-12-29 20:49 -------- d-----w- c:\program files\Wireshark
2009-12-29 11:06 . 2009-12-29 11:07 -------- d-----w- c:\program files\tcpview
2009-12-28 21:55 . 2009-12-28 21:56 -------- d-----w- c:\program files\Seznam DVD 2008
2009-12-28 21:13 . 2009-12-28 21:13 -------- d-----w- c:\documents and settings\me\Seznam DVD
2009-12-26 16:13 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-17 15:40 . 2009-12-17 15:40 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-17 15:40 . 2009-12-17 15:40 -------- d-----w- c:\program files\Western Digital
2009-12-17 15:25 . 2009-02-13 11:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2009-12-15 16:13 . 2009-12-15 16:53 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\MSBuild
2009-12-13 09:45 . 2009-12-15 16:15 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\Reference Assemblies
2009-12-13 09:45 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-13 09:44 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-12 19:51 . 2010-01-09 09:54 -------- d-----w- c:\program files\HDD Health
2009-12-12 19:27 . 2009-11-13 11:23 32824 ----a-w- c:\windows\system32\rrMon.sys
2009-12-12 18:42 . 2005-02-11 09:24 6144 ----a-r- c:\windows\system32\drivers\k750cm.sys
2009-12-12 18:41 . 2005-02-11 09:19 5744 ----a-r- c:\windows\system32\drivers\k750wh.sys
2009-12-12 18:34 . 2009-12-12 19:35 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-12-12 18:30 . 2009-12-12 18:30 -------- d-----w- c:\windows\Downloaded Installations
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\me\data aplikac?­
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\All Users\data aplikac?­

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 16:58 . 2009-11-28 11:55 -------- d-----w- c:\program files\QIP
2010-01-09 14:47 . 2009-11-26 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-09 09:54 . 2009-11-28 12:10 -------- d---a-w- c:\program files\NetMeter
2010-01-09 09:54 . 2009-11-28 12:08 -------- d---a-w- c:\program files\MemInfo
2010-01-03 17:10 . 2009-12-06 11:57 -------- d-----w- c:\program files\AAALOGO2009.1
2010-01-01 12:36 . 2009-12-01 20:31 -------- d-----w- c:\program files\Nvu
2009-12-30 19:52 . 2009-11-28 12:05 -------- d---a-w- c:\program files\LFS
2009-12-29 12:10 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-12-29 12:10 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2009-12-28 20:08 . 2009-11-29 09:00 -------- d-----w- c:\program files\DiskBase
2009-12-24 13:06 . 2009-11-28 16:34 -------- d-----w- c:\program files\DreamCom
2009-12-16 19:39 . 2009-11-28 18:20 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-12-12 18:34 . 2009-11-28 16:09 -------- d-----w- c:\program files\Sony Ericsson
2009-12-12 18:16 . 2009-11-29 19:49 -------- d-----w- c:\program files\Google
2009-12-12 14:42 . 2009-11-30 18:49 -------- d-----w- c:\program files\MyPhoneExplorer
2009-12-10 17:49 . 2009-11-28 20:13 -------- d-----w- c:\program files\The KMPlayer
2009-12-08 19:47 . 2009-11-28 16:27 -------- d-----w- c:\program files\AMP Font Viewer
2009-12-08 07:55 . 2009-12-08 07:55 -------- d-----w- c:\program files\FreeRapid-0.83
2009-12-08 06:53 . 2009-12-06 12:13 -------- d-----w- c:\program files\Common Files\BinarySense
2009-12-07 13:49 . 2009-12-07 13:46 -------- d-----w- c:\program files\VB Colour Picker
2009-12-06 13:41 . 2009-11-28 16:13 -------- d-----w- c:\program files\Opera USB
2009-12-03 20:06 . 2009-12-03 20:06 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-03 13:19 . 2009-12-03 13:17 -------- d-----w- c:\program files\UltraISO
2009-12-03 13:17 . 2009-12-03 13:17 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-02 20:12 . 2009-11-29 08:33 -------- d-----w- c:\program files\MSI
2009-12-02 20:09 . 2009-12-02 20:09 -------- d-----w- c:\program files\Common Files\snpstd3
2009-12-02 19:29 . 2009-12-02 19:23 -------- d-----w- c:\program files\TechSmith
2009-12-02 17:16 . 2009-11-28 12:57 294912 ----a-w- c:\windows\TrnWord.dll
2009-12-02 17:16 . 2009-11-28 12:57 356352 ----a-w- c:\windows\TrnOutl.dll
2009-12-02 17:16 . 2009-11-28 12:57 45056 ----a-w- c:\windows\TRNOEH.DLL
2009-12-02 17:16 . 2009-11-28 12:57 26624 ----a-w- c:\windows\OETRN.EXE
2009-12-02 17:16 . 2009-11-28 12:57 200704 ----a-w- c:\windows\TRNOET.DLL
2009-12-02 17:16 . 2009-11-29 11:05 -------- d-----w- c:\program files\PC Translator
2009-12-02 17:06 . 2009-11-28 13:01 -------- d-----w- c:\program files\Topfield
2009-11-30 20:18 . 2009-11-30 20:14 -------- d-----w- c:\program files\Womble Multimedia
2009-11-30 19:25 . 2009-11-30 19:25 -------- d-----w- c:\program files\Avanquest
2009-11-30 18:14 . 2009-11-28 12:18 -------- d---a-w- c:\program files\The Ultimate File Splitter 1.0
2009-11-30 18:13 . 2009-11-30 18:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-30 18:13 . 2009-11-28 11:17 -------- d-----w- c:\program files\Java
2009-11-30 18:06 . 2009-11-28 12:16 -------- d---a-w- c:\program files\ShellExView
2009-11-30 18:04 . 2009-11-30 18:04 -------- d-----w- c:\program files\Skype
2009-11-30 18:00 . 2009-11-30 18:00 -------- d-----w- c:\program files\Samsung
2009-11-30 17:59 . 2009-11-28 16:20 -------- d---a-w- c:\program files\RealDrawPRO4
2009-11-30 17:53 . 2009-11-28 16:20 -------- d-----w- c:\program files\pravitko
2009-11-30 17:41 . 2009-11-28 12:08 -------- d-----w- c:\program files\MediaCoder
2009-11-30 17:38 . 2009-11-28 16:19 -------- d---a-w- c:\program files\LiknoWebButtonMakerFree
2009-11-30 17:37 . 2009-11-28 12:05 -------- d---a-w- c:\program files\lexikon
2009-11-30 17:28 . 2009-11-28 12:02 -------- d---a-r- c:\program files\GSpot
2009-11-30 17:04 . 2009-11-28 16:19 -------- d---a-w- c:\program files\FileZilla FTP Client
2009-11-30 17:03 . 2009-11-28 12:00 -------- d---a-w- c:\program files\EvilLyrics
2009-11-30 17:00 . 2009-11-28 12:00 -------- d-----w- c:\program files\DVDFab Decrypter 3
2009-11-30 16:59 . 2009-11-28 12:00 -------- d---a-w- c:\program files\DVD Decrypter
2009-11-30 16:48 . 2009-11-28 18:02 -------- d-----w- c:\program files\Internet Download Manager
2009-11-30 15:51 . 2009-11-30 15:51 2331008 ----a-w- c:\windows\system32\TUKernel.exe
2009-11-29 20:37 . 2009-11-28 11:57 -------- d-----w- c:\program files\Cedulky
2009-11-29 20:36 . 2009-11-28 16:11 -------- d-----w- c:\program files\Caricature Studio 3.0
2009-11-29 20:33 . 2009-11-29 20:33 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-11-29 20:33 . 2009-11-29 20:33 2944 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-11-29 20:33 . 2009-11-29 20:33 27776 ----a-w- c:\windows\system32\bbcap.dll
2009-11-29 20:29 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Avidemux 2.4
2009-11-29 20:28 . 2009-11-29 20:27 -------- d-----w- c:\program files\AutoGK
2009-11-29 20:27 . 2009-11-29 20:27 43602 ----a-w- c:\windows\system32\xvid-uninstall.exe
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\Gabest
2009-11-29 20:26 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Audacity
2009-11-29 19:46 . 2009-11-28 11:14 -------- d---a-w- c:\program files\DVD Shrink
2009-11-29 17:50 . 2009-11-29 17:50 -------- d-----w- c:\program files\Microsoft.NET
2009-11-29 14:54 . 2009-11-29 14:51 -------- d-----w- c:\program files\linguatec
2009-11-29 10:52 . 2009-11-29 10:52 -------- d-----w- c:\program files\MSXML 4.0
2009-11-29 10:30 . 2009-11-29 10:12 -------- d-----w- c:\program files\Zoner
2009-11-29 08:28 . 2009-11-29 08:23 -------- d-----w- c:\program files\ASUS
2009-11-29 08:14 . 2009-11-29 07:52 113335 ----a-w- c:\windows\hpoins07.dat
2009-11-29 08:10 . 2009-11-29 08:10 -------- d-----w- c:\program files\Common Files\HP
2009-11-29 08:10 . 2009-11-29 07:57 -------- d-----w- c:\program files\HP
2009-11-29 08:09 . 2009-11-29 08:09 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-29 08:07 . 2009-11-29 08:07 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-11-28 22:06 . 2009-11-28 21:59 -------- d-----w- c:\program files\Nero
2009-11-28 22:01 . 2009-11-28 21:59 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 20:10 . 2009-11-28 20:10 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-28 18:56 . 2009-11-28 18:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 16:19 . 2009-11-28 16:19 -------- d-----w- c:\program files\CardTest
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostscript
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostgum
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\DComSoft
2009-11-28 15:26 . 2009-11-28 15:23 -------- d-----w- c:\program files\OO Software
2009-11-28 14:48 . 2009-11-26 18:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 14:44 . 2009-11-28 14:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-28 14:15 . 2009-11-28 13:47 -------- d-----w- c:\program files\ICQ6.5
2009-11-28 13:46 . 2009-11-28 11:55 -------- d-----w- c:\program files\ICQ6
2009-11-28 13:30 . 2009-11-28 11:37 -------- d-----w- c:\program files\Symantec
2009-11-28 13:30 . 2009-11-28 11:37 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-28 13:30 . 2009-11-28 11:37 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-28 13:30 . 2009-11-28 11:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-28 13:30 . 2009-11-28 11:37 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-28 12:57 . 2009-11-28 12:57 491520 ----a-w- c:\windows\WebIE.dll
2009-11-28 12:20 . 2009-11-28 12:00 -------- d-----w- c:\program files\Diagnostika HDD
2009-11-28 12:16 . 2009-11-28 12:16 -------- d-----w- c:\program files\Smart PC Solutions
2009-11-28 11:57 . 2009-11-28 11:57 -------- d-----w- c:\program files\Calculator
2009-11-28 11:46 . 2009-11-28 11:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-28 11:36 . 2009-11-28 11:36 -------- d-----w- c:\program files\Norton Internet Security
.

((((((((((((((((((((((((((((( SnapShot@2010-01-03_12.51.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-10 16:25 . 2010-01-10 16:25 16384 c:\windows\Temp\Perflib_Perfdata_7d4.dat
+ 2010-01-10 16:43 . 2010-01-10 16:43 16384 c:\windows\Temp\Perflib_Perfdata_3fc.dat
+ 2010-01-09 14:47 . 2005-09-21 14:54 73728 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Oemdspif.dll
+ 2010-01-09 14:47 . 2001-11-09 03:01 24064 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativcoxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:04 17408 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atitvo32.dll
+ 2010-01-09 14:47 . 2005-09-21 14:52 53248 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDDC.DLL
+ 2010-01-09 14:47 . 2005-09-21 14:54 25088 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Ati2mdxx.exe
+ 2010-01-09 14:47 . 2005-09-21 14:54 46080 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:05 40960 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2erec.dll
+ 2010-01-09 14:47 . 2005-09-21 14:54 39936 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2edxx.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 32768 c:\windows\system32\dllcache\ativtmxx.dll
- 2008-04-14 03:21 . 2008-04-14 03:21 32768 c:\windows\system32\ativtmxx.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 32768 c:\windows\system32\ativtmxx.dll
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut5_A0E145F55ACF4AF1A273244121F5A8BA.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut5_A0E145F55ACF4AF1A273244121F5A8BA.exe
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut3_D5D4D9CBC85D4CA8AA2EA6AA4F123F20.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut3_D5D4D9CBC85D4CA8AA2EA6AA4F123F20.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut1_08ED310EBCB045CE8C3E405A81A28F9C.exe
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\NewShortcut1_08ED310EBCB045CE8C3E405A81A28F9C.exe
+ 2010-01-09 14:52 . 2010-01-09 14:52 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\ARPPRODUCTICON.exe
- 2009-11-28 14:58 . 2009-11-28 14:58 9158 c:\windows\Installer\{62288F64-6017-4154-A27C-BA26FECF723A}\ARPPRODUCTICON.exe
+ 2010-01-09 14:47 . 2005-09-21 14:40 600672 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativvaxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:54 106496 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atipdlxx.dll
+ 2010-01-09 14:47 . 2005-09-21 14:27 147456 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atikvmag.dll
+ 2010-01-09 14:47 . 2005-09-21 17:23 307200 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiiiexx.dll
+ 2010-01-09 14:47 . 2005-09-06 08:04 104373 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiicdxx.dat
+ 2010-01-09 14:47 . 2005-09-21 16:48 258048 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDEMGR.dll
+ 2010-01-09 14:47 . 2005-09-21 14:53 376832 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.exe
+ 2010-01-09 14:47 . 2005-09-21 14:59 238592 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2dvag.dll
+ 2010-01-09 14:47 . 2005-09-21 13:59 233472 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2cqag.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 870784 c:\windows\system32\dllcache\ati3d1ag.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 377984 c:\windows\system32\dllcache\ati2dvaa.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 870784 c:\windows\system32\ati3d1ag.dll
- 2008-04-14 03:21 . 2008-04-14 03:21 870784 c:\windows\system32\ati3d1ag.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 377984 c:\windows\system32\ati2dvaa.dll
- 2008-04-14 03:21 . 2008-04-14 03:21 377984 c:\windows\system32\ati2dvaa.dll
+ 2010-01-09 14:49 . 2010-01-09 14:49 923136 c:\windows\Installer\59364.msi
+ 2010-01-09 14:47 . 2005-09-21 15:13 4718592 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglxx.dll
+ 2010-01-09 14:47 . 2005-09-21 16:13 6684672 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglx1.dll
+ 2010-01-09 14:47 . 2005-09-21 14:45 2429984 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati3duag.dll
+ 2010-01-09 14:47 . 2005-09-21 14:59 1334784 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2mtag.sys
+ 2010-01-09 14:52 . 2010-01-09 14:52 15331840 c:\windows\Installer\59371.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\Load.exe [2005-9-22 36864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"OEXPRESS"=c:\windows\OETRN.EXE
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"OODefragTray"=c:\windows\system32\oodtray.exe
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"tsnpstd3"=c:\windows\tsnpstd3.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [28.11.2009 14:30 310320]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [29.11.2009 21:33 2944]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [28.11.2009 14:30 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [28.11.2009 14:30 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys [6.1.2010 16:46 329592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [28.11.2009 14:30 117640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [29.11.2009 9:23 2825088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.12.2009 21:31 102448]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
S3 pbfilter;pbfilter;\??\c:\program files\Peerblock\pbfilter.sys --> c:\program files\Peerblock\pbfilter.sys [?]
S3 TfBulk;TfBulk;c:\windows\system32\drivers\TfBulk.SYS [31.5.2007 21:11 13312]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.12.2009 16:25 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.12.2009 21:06 717296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-08 c:\windows\Tasks\Automatic maintenance.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2009-10-29 19:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Adobe_Reader - c:\program files\internet explorer\wmpscfgs.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 17:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1606980848-57989841-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="38D140A9C8AA2DD0A9B3839FED7894F6A768EFF07D5F3B942D0054CD2522FA393796A30010953ED4E27A0D380E36D63319A016A1CB7C6832CFE85949938D675858B4BE5FAC359C34BCC6513637B4C78CAD7DA39FAE5EC15F05523E12E301BD34CE3127A79DA68FBD6B9A705E3B1F0746BC9DDCB5685CDE7564151196E7A12FDA93C0D50C697C7E53E8A86CC76E93D8B8DDD1700240C27BE0C7C0C719788691EB6252A81498BAF8EBF1DA2BE12BA5224E711FEAF58051F820CE1839B171BEDC1EBA03E09C365EB09087CC78EA4F5CEE8618C0C15678BCD84A5C90A3C831CB2FB8E0A7A3D4D454FB61EFCE00F73CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DFEBC9E127BECC74C3B060D50980065913945AF4169ABFAC48E096D6F9E618E3074F761E2A2E07A02B0E13CA95E35C926D2876A746242FB75C17503C45B71A5641771062E51D9504ECA70EEA2C40B39CA312615CE0B5AD593C81BDB8F07452FFAD25932E7AD6989F3C226E61658015B277ACEC32E6BF61518557F014CC98C3F5F07AF85CD19885FEEC49CF8A4D7F7AA67C65421B43F851A818ECE133E7BDB3C8187193563AA125A3F73909033B6B3F83E262CEC45F8531BD00FD745EAAAA85CD11DDD09F12C47D967E2E2A8699DDF685D1970F6893B119F8BE78CDE1D17CE314704E8DC021E4C12EF1D1952336788F101975E28EF5FD784BC1A85BB63380E1ADD6B4A21E2302B08E31D5AB441A22060630958F8A97121FA709D7B498EB78A4E937836D929CA4E1853D6F4870793FAD3C4CE64F72AB2CA07B75C4E8D35F04AD6EAC18420AA0807EF512C5A98BDB2D2C06B372C48AC179703AAB6821DB177B991EA54322083360991F6781DC9DF2A45ED9F0B7E202C48AD1A61003CA4A21127AF9D2FDC1A1358EDD5DD87F8102FDAD3772D834B486BA197CD797D48E269B4C7B81248C9E07BA4B067A89AC974AF57634D65CDA921EFB3C4F2956B152CAC92B184DB85615E258533C2F6668E93A8E6BDB39C8D541B01C28532DAF7B466570BE04210C3AD0E3919393C73156FA0270511C12C57A73D2CC89108F1485F8D953433F2C854E08129336AFA49C333DE7AE2ECE2EFB5272244F0044689F06F315AD6EDEC28F8CCDB275954F82781472837E14757C8A777F65D9B5910D2FDE3F3DC70B7D94CEAEAD52A47E60542553CE9359A7B339C9DE10050DEF55F84EE5F0E16339CB6DFD6D63A6C6A76C25137C726115944DDD17E56913B021E00D6B4A849C4840BD50BDB4F6B6EE43B280F1542F0AB1C4593D5A465967E817E9409B92B07EA7D575DFC8DB95CF30DD1003C4E2874279682639ADB450E3F0FA38FDAD575B84EEC38C6E8749D96826F3AE81C3A1BED"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3548)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\oodag.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-01-10 17:45:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-10 16:45
ComboFix2.txt 2010-01-10 16:28
ComboFix3.txt 2010-01-09 17:07
ComboFix4.txt 2010-01-09 15:08
ComboFix5.txt 2010-01-10 16:37

Před spuštěním: Volných bajtů: 236 346 286 080
Po spuštění: Volných bajtů: 236 310 831 104

- - End Of File - - 93907D767C1CCE9699CE5AB69BC51C77
Nahoru
pitimir
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 479
Registrován: 18 čer 2008 17:54
Bydliště: Šutrovec
Kontaktovat uživatele:
Kontaktovat uživatele pitimir

Re: Virů jak nastláno...

#43 Příspěvek od pitimir »

A este to prekukneme Kasperskym:

Pojdes >>sem<< a das si spravit scan. Tu je navod (by sundavis):
Obrázek
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém: :!:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Nahoru
hoskinson
Návštěvník
Návštěvník
Příspěvky: 55
Registrován: 03 čer 2007 11:04

Re: Virů jak nastláno...

#44 Příspěvek od hoskinson »

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, January 10, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, January 10, 2010 17:30:31
Records in database: 3296341
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 80491
Threats found: 2
Infected objects found: 29
Suspicious objects found: 0
Scan duration: 01:57:26


File name / Threat / Threats count
C:\Program Files\Internet Explorer\wmpscfgs.exe.delme1982 Infected: Trojan.Win32.Cosmu.joh 1
C:\Program Files\QIP\qip.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\RECYCLER\S-1-5-21-1606980848-57989841-839522115-1004\Dc2\Quarantine\C\Program Files\Internet Explorer\wmpscfgs .exe.vir Infected: Trojan.Win32.Cosmu.joh 1
C:\RECYCLER\S-1-5-21-1606980848-57989841-839522115-1004\Dc2\Quarantine\C\Program Files\QIP\qip.exe.vir Infected: Trojan.Win32.Cosmu.joh 1
C:\RECYCLER\S-1-5-21-1606980848-57989841-839522115-1004\Dc2\Quarantine\C\WINDOWS\system32\dxdllreg.exe.vir Infected: Trojan.Win32.Cosmu.joh 1
C:\RECYCLER\S-1-5-21-1606980848-57989841-839522115-1004\Dc2\Quarantine\C\WINDOWS\system32\sshnas.dll.vir Infected: Trojan.Win32.FraudPack.ajpq 1
C:\RECYCLER\S-1-5-21-1606980848-57989841-839522115-1004\Dc2\Quarantine\C\WINDOWS\vsnpstd3.exe.vir Infected: Trojan.Win32.Cosmu.joh 1
C:\RECYCLER\S-1-5-21-1606980848-57989841-839522115-1004\Dc2\Quarantine\[4]-Submit_2010-01-09_17.58.13.zip Infected: Trojan.Win32.Cosmu.joh 5
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP93\A0029249.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP93\A0029289.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP96\A0029311.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP96\A0029312.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP96\A0029633.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP96\A0029657.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP96\A0029665.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP96\A0029668.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP96\A0029682.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP96\A0029801.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP96\A0029824.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP96\A0029830.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP96\A0029832.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP96\A0029833.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP97\A0029977.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\System Volume Information\_restore{5F4AF070-E886-4B5D-AD2A-7467546650A0}\RP97\A0030136.exe Infected: Trojan.Win32.Cosmu.joh 1
C:\WINDOWS\vsnpstd3.exe.delme88 Infected: Trojan.Win32.Cosmu.joh 1

Selected area has been scanned.
Nahoru
pitimir
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 479
Registrován: 18 čer 2008 17:54
Bydliště: Šutrovec
Kontaktovat uživatele:
Kontaktovat uživatele pitimir

Re: Virů jak nastláno...

#45 Příspěvek od pitimir »

Ako to vyzera s PC teraz?
Ja som skromný, mám len dve veci do podpisu...

1) Chcete pomôcť fóru? Podporte ho_!!

2) Prosím všetkých, ktorí majú problém: :!:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“