COMODO AV detekoval nákazu

[Kovas]

Dobrý večer prajem.
Poprosil by som Vás o pomoc. Obrátil sa na mňa kamarát a chcel aby som mu pozrel PC, ktoré používa jeho dcéra ( pred tým ho používal on). V podstate si všimol, že na PC je neplatný AV . Bol tam pôvodne NOT. Našťastie PC nebolo zapojené počas celú dobu na internete. Keď som pozeral tak licencia pre NOT vypršala 28.10.2010. Ja som NOT odinštaloval a nainštaloval som COMODO AV+FW. Pred tým som spustil v PC KASPERSKY RESCUE DISK10. Po stiahnutí aktualizácií pri scene nič nenašiel. Potom som spustil aj COMODO AV a ten detekoval 3 nákazy. Sú v karanténe. Neviem, či sú to len falošné poplachy, alebo skutočné nákazy.
Tu je log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Peter at 2012-03-16 19:18:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 44 GB (44%) free of 100 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:18:45, on 16.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Peter\Plocha\RSIT.exe
C:\Program Files\trend micro\Peter.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: ShopperReports - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.0.470.0\ShopperReports.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.0.470.0\ShopperReports.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.0.470.0\ShopperReports.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6318 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Peter\Data aplikací\Mozilla\Firefox\Profiles\nebkk0uf.default

prefs.js - "browser.startup.homepage" - "http://google.sk/"
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23"

"{2224E955-00E9-4613-A844-CE69FCCAAE91}"=C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF
"{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}"=C:\Program Files\Media Access Startup\1.5.0.850\FF
"ShopperReports@ShopperReports.com"=C:\Program Files\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar\extensions
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsILegitCheckPlugin.xpt
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npLegitCheckPlugin.dll
npnul32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
pricemania.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Peter\Data aplikací\Mozilla\Firefox\Profiles\nebkk0uf.default\searchplugins\
conduit.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47fd-81F3-EE91287F9465}]
ShopperReports - C:\Program Files\ShopperReports3\bin\3.0.470.0\ShopperReports.dll [2010-06-17 1118208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
Media Access Startup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_2.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_2.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2007-06-28 81920]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 6749512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.5\ICQ.exe [2011-08-01 124480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3
"Microsoft Office Groove Audit Service"=3
"ICQ Service"=2
"gusvc"=3
"gupdatem"=3
"gupdate"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Documents and Settings\Peter\Dokumenty\Downloads\SweetImSetup.exe"="C:\Documents and Settings\Peter\Dokumenty\Downloads\SweetImSetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=i420vfw.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.yv12"=yv12vfw.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2012-03-16 19:18:35 ----D---- C:\Program Files\trend micro
2012-03-16 19:18:33 ----D---- C:\rsit
2012-03-16 17:32:13 ----SHD---- C:\Config.Msi
2012-03-16 17:30:04 ----D---- C:\WINDOWS\system32\XPSViewer
2012-03-16 17:30:01 ----D---- C:\WINDOWS\system32\en-US
2012-03-16 17:29:56 ----D---- C:\Program Files\Reference Assemblies
2012-03-16 17:29:37 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2012-03-16 17:29:37 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2012-03-16 17:29:37 ----N---- C:\WINDOWS\system32\prntvpt.dll
2012-03-15 23:19:21 ----A---- C:\WINDOWS\ntbtlog.txt
2012-03-15 22:39:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2641653$
2012-03-15 22:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2621440$
2012-03-15 22:37:11 ----A---- C:\WINDOWS\imsins.BAK
2012-03-15 22:37:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2647518$
2012-03-15 22:32:20 ----AD---- C:\Kaspersky Rescue Disk 10.0
2012-03-15 20:14:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\CPA_VA
2012-03-15 20:12:41 ----A---- C:\WINDOWS\system32\drivers\sfi.dat
2012-03-15 20:10:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2012-03-15 20:10:29 ----D---- C:\Program Files\Comodo
2012-03-15 20:10:28 ----A---- C:\WINDOWS\system32\msvcr71.dll
2012-03-15 20:10:28 ----A---- C:\WINDOWS\system32\mfc71.dll
2012-03-15 20:10:27 ----A---- C:\WINDOWS\system32\gdiplus.dll
2012-03-15 20:09:15 ----D---- C:\Documents and Settings\Peter\Data aplikací\WinRAR
2012-03-15 20:04:30 ----D---- C:\totalcmd
2012-03-15 20:04:30 ----A---- C:\WINDOWS\UC.PIF
2012-03-15 20:04:30 ----A---- C:\WINDOWS\RAR.PIF
2012-03-15 20:04:30 ----A---- C:\WINDOWS\PKZIP.PIF
2012-03-15 20:04:30 ----A---- C:\WINDOWS\PKUNZIP.PIF
2012-03-15 20:04:30 ----A---- C:\WINDOWS\NOCLOSE.PIF
2012-03-15 20:04:30 ----A---- C:\WINDOWS\LHA.PIF
2012-03-15 20:04:30 ----A---- C:\WINDOWS\ARJ.PIF
2012-03-15 19:58:05 ----D---- C:\Program Files\CCleaner
2012-03-15 19:00:17 ----D---- C:\WINDOWS\system32\appmgmt
2012-03-15 18:39:02 ----A---- C:\WINDOWS\system32\drivers\revoflt.sys
2012-03-15 18:38:59 ----D---- C:\Program Files\VS Revo Group
2012-03-15 17:47:10 ----D---- C:\WINDOWS\pss
2012-03-14 16:53:23 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2012-03-14 16:53:22 ----D---- C:\Program Files\Microsoft WSE
2012-03-14 16:51:37 ----RSD---- C:\WINDOWS\assembly
2012-03-14 16:51:12 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-14 16:50:47 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2012-03-14 16:50:44 ----D---- C:\WINDOWS\Logs
2012-03-14 16:35:17 ----D---- C:\Program Files\Electronic Arts
2012-03-11 21:13:48 ----A---- C:\WINDOWS\system32\drivers\inspect.sys
2012-03-11 21:13:46 ----A---- C:\WINDOWS\system32\drivers\cmdhlp.sys
2012-03-11 21:13:46 ----A---- C:\WINDOWS\system32\drivers\cmdGuard.sys
2012-03-11 21:13:44 ----A---- C:\WINDOWS\system32\drivers\cmderd.sys
2012-03-11 21:13:20 ----A---- C:\WINDOWS\system32\guard32.dll
2012-03-11 21:13:20 ----A---- C:\WINDOWS\system32\cmdcsr.dll
2012-02-17 14:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-17 13:58:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$

======List of files/folders modified in the last 1 month======

2012-03-16 19:18:35 ----RD---- C:\Program Files
2012-03-16 19:18:28 ----A---- C:\WINDOWS\WINCMD.INI
2012-03-16 19:12:07 ----D---- C:\Program Files\Mozilla Firefox
2012-03-16 18:11:58 ----D---- C:\WINDOWS\Prefetch
2012-03-16 18:11:49 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-16 17:37:31 ----D---- C:\WINDOWS\Temp
2012-03-16 17:37:31 ----D---- C:\WINDOWS
2012-03-16 17:34:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-16 17:34:13 ----SHD---- C:\WINDOWS\Installer
2012-03-16 17:33:16 ----D---- C:\WINDOWS\system32
2012-03-16 17:33:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-16 17:32:56 ----D---- C:\WINDOWS\WinSxS
2012-03-16 17:30:00 ----RSD---- C:\WINDOWS\Fonts
2012-03-16 17:29:46 ----HD---- C:\WINDOWS\inf
2012-03-16 17:29:44 ----D---- C:\WINDOWS\system32\spool
2012-03-16 17:29:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-16 17:27:48 ----D---- C:\Program Files\Internet Explorer
2012-03-15 22:39:21 ----HD---- C:\WINDOWS\$hf_mig$
2012-03-15 22:37:29 ----D---- C:\WINDOWS\Debug
2012-03-15 22:37:27 ----A---- C:\WINDOWS\system32\MRT.exe
2012-03-15 22:37:17 ----D---- C:\WINDOWS\system32\drivers
2012-03-15 22:36:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-03-15 22:36:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-03-15 20:08:55 ----D---- C:\Program Files\Winrar
2012-03-15 20:06:18 ----A---- C:\WINDOWS\NeroDigital.ini
2012-03-15 20:02:32 ----D---- C:\WINDOWS\system32\Restore
2012-03-15 20:00:26 ----D---- C:\Documents and Settings\Peter\Data aplikací\Skype
2012-03-15 20:00:17 ----D---- C:\WINDOWS\Minidump
2012-03-15 19:46:29 ----RD---- C:\Program Files\Skype
2012-03-15 19:45:19 ----D---- C:\Program Files\Google
2012-03-15 19:45:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2012-03-15 17:50:53 ----RASH---- C:\boot.ini
2012-03-15 17:50:53 ----A---- C:\WINDOWS\win.ini
2012-03-15 17:50:53 ----A---- C:\WINDOWS\system.ini
2012-03-14 16:50:49 ----D---- C:\WINDOWS\system32\DirectX
2012-03-14 16:35:12 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-14 16:32:51 ----D---- C:\Program Files\Microsoft Office
2012-03-12 08:43:40 ----D---- C:\WINDOWS\network diagnostic
2012-02-17 14:06:35 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2012-03-11 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-03-11 494968]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 1983232]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2007-06-28 155716]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Zdravím!
Poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Kovas]

Dobrý večer,
mám jeden dotaz. Ak si známy nespomenie na administrátorské heslo môžem to spustiť ako užívateľ?

[Rudy]

CF (a většina dalších čisticích utilit) musí být spuštěna v profilu s admin. právy.

[Kovas]

Dobrý deň,
no to heslo pre Administrátora sa mi nepodarilo zohnať. Známy ho nevie. Ja som skúšal to heslo cez Ophcrack LiveCD XP a to mi ukázalo, že jednak heslo administrátora ako aj užívateľa je prázdne. Keď ale chcem spustiť program ako administrátor a idem bez hesla vyhodí mi to chybu. Tak neviem. Súsiť Combofix spustiť v nádzovom režime? Stiahol som si aj inštalačku konzoly pre zotavenie a mám ju na ploche.

[Rudy]

Znovu opakuji, že CF musí být spuštěn v profilu s admin. právy. Jinak nefunguje. Pokud nemáte heslo, máte smůlu.

[Kovas]

No trocha som sa potrápil, aspoň som sa niečomu priučil. Nakoniec som to heslo administrátora resetol.

Tu je log z COMBOFIXU

ComboFix 12-03-16.03 - Administrator 17.03.2012 17:27:43.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.591 [GMT 1:00]
Spuštěný z: c:\documents and settings\Peter\Plocha\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dokumenty\~WRL0003.tmp
c:\documents and settings\All Users\Dokumenty\~WRL0004.tmp
c:\documents and settings\Peter\Dokumenty\~WRL3119.tmp
c:\documents and settings\Peter\WINDOWS
c:\program files\DoubleD
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\program files\ShopperReports3
c:\program files\ShopperReports3\bin\3.0.470.0\BRNStie.dll
c:\program files\ShopperReports3\bin\3.0.470.0\CmndFF.dll
c:\program files\ShopperReports3\bin\3.0.470.0\CntntCntr.dll
c:\program files\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
c:\program files\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt
c:\program files\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar\extensions\chrome.manifest
c:\program files\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar
c:\program files\ShopperReports3\bin\3.0.470.0\firefox\firefoxtoolbar\extensions\install.rdf
c:\program files\ShopperReports3\bin\3.0.470.0\link.ico
c:\program files\ShopperReports3\bin\3.0.470.0\mozillaps.dll
c:\program files\ShopperReports3\bin\3.0.470.0\Pltfrm.dll
c:\program files\ShopperReports3\bin\3.0.470.0\ShopperReports.dll
c:\program files\ShopperReports3\bin\3.0.470.0\ShopperReportsUninstaller.exe
c:\program files\System Search Dispatcher
c:\program files\System Search Dispatcher\1.2.0.750\Data\eacore.mx
c:\program files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx
c:\program files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx
c:\program files\System Search Dispatcher\1.2.0.750\unins000.dat
c:\program files\System Search Dispatcher\1.2.0.750\unins000.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\SET9B0D.tmp
c:\windows\system32\SET9B11.tmp
c:\windows\system32\SET9B19.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-17 do 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 16:20 . 2012-03-17 16:20 -------- d-----w- c:\documents and settings\Administrator
2012-03-17 11:11 . 2012-03-17 11:11 -------- d-----w- c:\program files\WinPcap
2012-03-17 11:11 . 2012-03-17 11:25 -------- d-----w- c:\program files\Cain
2012-03-16 20:54 . 2012-03-16 20:54 -------- d-----w- C:\VritualRoot
2012-03-16 18:18 . 2012-03-16 18:18 -------- d-----w- c:\program files\trend micro
2012-03-16 18:18 . 2012-03-16 18:18 -------- d-----w- C:\rsit
2012-03-16 16:30 . 2012-03-16 16:30 -------- d-----w- c:\windows\system32\XPSViewer
2012-03-16 16:29 . 2012-03-16 16:29 -------- d-----w- c:\program files\Reference Assemblies
2012-03-16 16:29 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-03-16 16:29 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-03-16 16:29 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-03-16 16:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-03-16 16:29 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-03-16 16:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-03-16 16:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-03-16 16:29 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-03-16 16:29 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-03-15 21:32 . 2012-03-15 22:32 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-03-15 20:17 . 2012-03-15 20:17 -------- d-----w- c:\documents and settings\Peter\Local Settings\Data aplikací\Comodo
2012-03-15 19:14 . 2012-03-15 19:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CPA_VA
2012-03-15 19:12 . 2012-03-17 16:22 204992 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-03-15 19:10 . 2012-03-15 19:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo
2012-03-15 19:10 . 2012-03-16 16:24 -------- d-----w- c:\program files\Comodo
2012-03-15 19:10 . 2012-03-15 19:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-15 19:10 . 2012-03-15 19:10 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-03-15 19:10 . 2012-03-15 19:10 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-03-15 19:08 . 2012-03-15 19:08 -------- d-----w- c:\documents and settings\Peter\Local Settings\Data aplikací\GHISLER
2012-03-15 19:04 . 2012-03-15 19:07 -------- d-----w- C:\totalcmd
2012-03-15 19:04 . 2010-11-29 06:56 545 ----a-w- c:\windows\UC.PIF
2012-03-15 19:04 . 2010-11-29 06:56 545 ----a-w- c:\windows\RAR.PIF
2012-03-15 19:04 . 2010-11-29 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-03-15 19:04 . 2010-11-29 06:56 545 ----a-w- c:\windows\LHA.PIF
2012-03-15 19:04 . 2010-11-29 06:56 545 ----a-w- c:\windows\ARJ.PIF
2012-03-15 18:58 . 2012-03-15 18:58 -------- d-----w- c:\program files\CCleaner
2012-03-15 17:39 . 2012-03-15 17:39 -------- d-----w- c:\documents and settings\Peter\Local Settings\Data aplikací\VS Revo Group
2012-03-15 17:39 . 2009-12-30 11:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-03-15 17:38 . 2012-03-15 17:38 -------- d-----w- c:\program files\VS Revo Group
2012-03-14 15:53 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2012-03-14 15:53 . 2012-03-14 15:53 -------- d-----w- c:\program files\Microsoft WSE
2012-03-14 15:50 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-03-14 15:50 . 2012-03-15 19:00 -------- d-----w- c:\windows\Logs
2012-03-14 15:35 . 2012-03-14 15:35 -------- d-----w- c:\program files\Electronic Arts
2012-03-11 20:13 . 2012-03-11 20:13 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 20:13 . 2012-03-11 20:13 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 20:13 . 2012-03-11 20:13 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 20:13 . 2012-03-11 20:13 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 20:13 . 2012-03-11 20:13 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\system32\guard32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:57 . 2002-09-20 17:41 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-16 11:20 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2007-11-02 06:07 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Peter^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Peter\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2012-03-11 20:13 6749512 ----a-w- c:\program files\Comodo\COMODO Internet Security\cfp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-08-01 08:28 124480 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"ICQ Service"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"cmdAgent"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Documents and Settings\\Peter\\Dokumenty\\Downloads\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [11.3.2012 21:13 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11.3.2012 21:13 494968]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2.11.2007 7:31 38656]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 18:07 35088]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [15.3.2012 18:39 27064]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 12:44 135664]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31.1.2010 12:44 135664]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:44]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:44]
.
.
------- Doplňkový sken -------
.
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 217.119.113.244 172.18.100.15
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.0.850\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
AddRemove-{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 - c:\program files\System Search Dispatcher\1.2.0.750\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-17 17:31
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(672)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2012-03-17 17:32:48
ComboFix-quarantined-files.txt 2012-03-17 16:32
.
Před spuštěním: Volných bajtů: 46 125 113 344
Po spuštění: Volných bajtů: 46 338 347 008
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 26344F3626CEEF5D357101E1F52F1C7F

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\program files\BS_Player\prxtbBS_2.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Google\Update

Driver::
gupdate
gupdatem

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Kovas]

Zbehlo to a tu je log z COMBOFiXU :

ComboFix 12-03-16.03 - Peter 17.03.2012 19:18:16.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.593 [GMT 1:00]
Spuštěný z: c:\documents and settings\Peter\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Peter\Plocha\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.
file zipped: c:\program files\BS_Player\prxtbBS_2.dll
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BS_Player\prxtbBS_2.dll
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.99\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.99\goopdate.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.99\psmachine.dll
c:\program files\Google\Update\1.3.21.99\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.99\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\17.0.963.79\chrome_updater.exe
c:\program files\Google\Update\Download\{855CC996-4199-4C2A-8937-07534E5692F9}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.3.2614.234\GoogleToolbarInstaller_updater_signed.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_GUPDATEM
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-17 do 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 16:20 . 2012-03-17 16:20 -------- d-----w- c:\documents and settings\Administrator
2012-03-17 11:11 . 2012-03-17 11:11 -------- d-----w- c:\program files\WinPcap
2012-03-17 11:11 . 2012-03-17 11:25 -------- d-----w- c:\program files\Cain
2012-03-16 20:54 . 2012-03-16 20:54 -------- d-----w- C:\VritualRoot
2012-03-16 18:18 . 2012-03-16 18:18 -------- d-----w- c:\program files\trend micro
2012-03-16 18:18 . 2012-03-16 18:18 -------- d-----w- C:\rsit
2012-03-16 16:30 . 2012-03-16 16:30 -------- d-----w- c:\windows\system32\XPSViewer
2012-03-16 16:29 . 2012-03-16 16:29 -------- d-----w- c:\program files\Reference Assemblies
2012-03-16 16:29 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-03-16 16:29 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-03-16 16:29 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-03-16 16:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-03-16 16:29 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-03-16 16:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-03-16 16:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-03-16 16:29 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-03-16 16:29 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-03-15 21:32 . 2012-03-15 22:32 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-03-15 20:17 . 2012-03-15 20:17 -------- d-----w- c:\documents and settings\Peter\Local Settings\Data aplikací\Comodo
2012-03-15 19:14 . 2012-03-15 19:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CPA_VA
2012-03-15 19:12 . 2012-03-17 18:23 204992 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-03-15 19:10 . 2012-03-15 19:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo
2012-03-15 19:10 . 2012-03-16 16:24 -------- d-----w- c:\program files\Comodo
2012-03-15 19:10 . 2012-03-15 19:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-15 19:10 . 2012-03-15 19:10 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-03-15 19:10 . 2012-03-15 19:10 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-03-15 19:08 . 2012-03-15 19:08 -------- d-----w- c:\documents and settings\Peter\Local Settings\Data aplikací\GHISLER
2012-03-15 19:04 . 2012-03-15 19:07 -------- d-----w- C:\totalcmd
2012-03-15 19:04 . 2010-11-29 06:56 545 ----a-w- c:\windows\UC.PIF
2012-03-15 19:04 . 2010-11-29 06:56 545 ----a-w- c:\windows\RAR.PIF
2012-03-15 19:04 . 2010-11-29 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-03-15 19:04 . 2010-11-29 06:56 545 ----a-w- c:\windows\LHA.PIF
2012-03-15 19:04 . 2010-11-29 06:56 545 ----a-w- c:\windows\ARJ.PIF
2012-03-15 18:58 . 2012-03-15 18:58 -------- d-----w- c:\program files\CCleaner
2012-03-15 17:39 . 2012-03-15 17:39 -------- d-----w- c:\documents and settings\Peter\Local Settings\Data aplikací\VS Revo Group
2012-03-15 17:39 . 2009-12-30 11:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-03-15 17:38 . 2012-03-15 17:38 -------- d-----w- c:\program files\VS Revo Group
2012-03-14 15:53 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2012-03-14 15:53 . 2012-03-14 15:53 -------- d-----w- c:\program files\Microsoft WSE
2012-03-14 15:50 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-03-14 15:50 . 2012-03-15 19:00 -------- d-----w- c:\windows\Logs
2012-03-14 15:35 . 2012-03-14 15:35 -------- d-----w- c:\program files\Electronic Arts
2012-03-11 20:13 . 2012-03-11 20:13 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 20:13 . 2012-03-11 20:13 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 20:13 . 2012-03-11 20:13 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 20:13 . 2012-03-11 20:13 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 20:13 . 2012-03-11 20:13 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\system32\guard32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:57 . 2002-09-20 17:41 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-16 11:20 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2007-11-02 06:07 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-17_16.31.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-17 16:40 . 2012-03-17 16:40 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2012-03-17 16:38 . 2012-03-17 16:38 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-03-17 16:40 . 2012-03-17 16:40 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-03-17 16:38 . 2012-03-17 16:38 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-03-17 16:38 . 2012-03-17 16:38 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-03-17 16:38 . 2012-03-17 16:38 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-03-17 16:38 . 2012-03-17 16:38 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-03-17 16:39 . 2012-03-17 16:39 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-03-17 16:40 . 2012-03-17 16:40 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-03-17 16:38 . 2012-03-17 16:38 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Peter^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Peter\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2012-03-11 20:13 6749512 ----a-w- c:\program files\Comodo\COMODO Internet Security\cfp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-08-01 08:28 124480 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"ICQ Service"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"cmdAgent"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Documents and Settings\\Peter\\Dokumenty\\Downloads\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [11.3.2012 21:13 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11.3.2012 21:13 494968]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2.11.2007 7:31 38656]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\Peter\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Peter\LOCALS~1\Temp\CFcatchme.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 18:07 35088]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [15.3.2012 18:39 27064]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 217.119.113.244 172.18.100.15
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Peter\Data aplikací\Mozilla\Firefox\Profiles\nebkk0uf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://google.sk/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-17 19:34
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3992)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(728)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2012-03-17 19:37:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-17 18:37
ComboFix2.txt 2012-03-17 16:32
.
Před spuštěním: Volných bajtů: 46 340 481 024
Po spuštění: Volných bajtů: 46 236 557 312
.
- - End Of File - - 325D95386AD88F8BC2144FFA702D564D
Nahr nˇ probŘhlo ŁspŘçnŘ

[Rudy]

Smazáno, log již vypadá čistý.

[Kovas]

Vďaka, môžem teda zmazať Combofix ?

[Rudy]

Ano. Start>spustit>(napsat) combofix /uninstall>OK

[Kovas]

Ešte raz, vďaka za pomoc

[Rudy]

Nemáte zač!