Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Útoky na PC - ComboFix našel virus

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Mineya
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 01 kvě 2010 15:32

Útoky na PC - ComboFix našel virus

#1 Příspěvek od Mineya »

Dobrý den, potřebuji nutně poradit od zkušeného IT. Poslední dobou PC stále častěji "zamrzá" při běžných činnostech, třeba 10 minut nad ním úplně ztratím kontrolu, poté otevřu skoro "násilím" managera, a poté, co shodím rundll, CPU se ze sta procent změní na polovinu a poté se opět dostanu "na plochu". Jsou ovšem otevřeny aplikace a okna, která jsem neotvírala. Dokonce mi jednou při sledování filmu vyskočilo na monitoru okýnko "Nesprávné heslo", zkrátka někdo se mi asi nabourává na PC a do firewallu.

Dnes jsem to začala víc zkoumat, protože se seká už moc a ComboFix mi našel nějakou infekci. Potřebuji s ní nutně poradit - bude zákeřná, protože ji neobjevil ani Eset!!! Přikládám proto obsah RSIT i ComboFix. Moc děkuji za rady!!!

RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by PIII at 2010-05-01 16:48:08
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 348 MB (7%) free of 5 GB
Total RAM: 255 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:51, on 1.5.2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\explorer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PIII\Plocha\RSIT.exe
C:\Program Files\trend micro\PIII.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINNT\system32\OOD2000.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 2916 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINNT\system32\msdxm.ocx [2005-06-03 849168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MultiRes"=C:\Program Files\MultiRes\MultiRes.exe [2005-01-27 61952]
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2004-10-29 4620288]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINNT\system32\NvMcTray.dll [2004-10-29 86016]
"Synchronization Manager"=mobsync.exe /logon []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-31 2145000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-05-13 23:21:41 ----D---- C:\Documents and Settings\PIII\Data aplikací\Symantec
2010-05-13 23:20:41 ----AC---- C:\WINNT\system32\capicom.dll
2010-05-13 23:20:25 ----D---- C:\Documents and Settings\All Users.WINNT\Data aplikací\Symantec
2010-05-01 16:48:10 ----DC---- C:\Program Files\trend micro
2010-05-01 16:48:08 ----D---- C:\rsit
2010-05-01 16:19:00 ----DC---- C:\WINNT\temp
2010-05-01 16:18:57 ----A---- C:\ComboFix.txt
2010-05-01 15:59:16 ----AC---- C:\WINNT\zip.exe
2010-05-01 15:59:16 ----AC---- C:\WINNT\SWXCACLS.exe
2010-05-01 15:59:16 ----AC---- C:\WINNT\SWSC.exe
2010-05-01 15:59:16 ----AC---- C:\WINNT\SWREG.exe
2010-05-01 15:59:16 ----AC---- C:\WINNT\sed.exe
2010-05-01 15:59:16 ----AC---- C:\WINNT\PEV.exe
2010-05-01 15:59:16 ----AC---- C:\WINNT\NIRCMD.exe
2010-05-01 15:59:16 ----AC---- C:\WINNT\grep.exe
2010-05-01 15:59:04 ----DC---- C:\WINNT\ERDNT
2010-05-01 15:58:09 ----D---- C:\Qoobox
2010-04-29 19:03:50 ----DC---- C:\Program Files\Sunbelt Software
2010-04-29 16:40:05 ----DC---- C:\Program Files\ESET
2010-04-29 16:40:05 ----D---- C:\Documents and Settings\All Users.WINNT\Data aplikací\ESET
2010-04-29 16:03:41 ----AC---- C:\WINNT\system32\WININET.DLL
2010-04-29 16:03:40 ----AC---- C:\WINNT\system32\URLMON.DLL
2010-04-29 16:03:37 ----AC---- C:\WINNT\system32\SHLWAPI.DLL
2010-04-29 16:03:35 ----AC---- C:\WINNT\system32\SHDOCVW.DLL
2010-04-29 16:03:25 ----AC---- C:\WINNT\system32\MSHTML.DLL
2010-04-29 16:03:20 ----AC---- C:\WINNT\system32\IEPEERS.DLL
2010-04-29 16:03:19 ----AC---- C:\WINNT\system32\DXTRANS.DLL
2010-04-29 16:03:17 ----AC---- C:\WINNT\system32\DXTMSFT.DLL
2010-04-29 16:03:02 ----AC---- C:\WINNT\system32\BROWSEUI.DLL

======List of files/folders modified in the last 1 months======

2010-05-01 16:48:10 ----RADC---- C:\Program Files
2010-05-01 16:30:28 ----DC---- C:\Program Files\Mozilla Firefox
2010-05-01 16:19:00 ----ADC---- C:\WINNT
2010-05-01 16:18:54 ----ADC---- C:\WINNT\system32
2010-05-01 16:14:29 ----A---- C:\WINNT\system.ini
2010-05-01 16:10:23 ----ADC---- C:\WINNT\system32\drivers
2010-05-01 16:10:23 ----ADC---- C:\WINNT\AppPatch
2010-05-01 16:10:20 ----RADC---- C:\Program Files\Common Files
2010-05-01 16:01:44 ----A---- C:\WINNT\SchedLgU.Txt
2010-05-01 15:50:27 ----DC---- C:\WINNT\system32\NtmsData
2010-05-01 15:50:22 ----ADC---- C:\WINNT\Debug
2010-05-01 15:47:26 ----ADC---- C:\WINNT\security
2010-05-01 15:41:36 ----ADC---- C:\Documents and Settings
2010-04-29 19:04:54 ----AD---- C:\Config.Msi
2010-04-29 19:04:52 ----SHDC---- C:\WINNT\Installer
2010-04-29 19:04:22 ----HDC---- C:\WINNT\inf
2010-04-29 17:12:10 ----RASHDC---- C:\WINNT\system32\dllcache
2010-04-29 16:18:21 ----SHD---- C:\WINNT\CSC
2010-04-24 00:38:33 ----D---- C:\Documents and Settings\PIII\Data aplikací\dvdcss
2010-04-06 19:52:54 ----AC---- C:\WINNT\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINNT\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
R1 epfwtdir;epfwtdir; C:\WINNT\system32\DRIVERS\epfwtdir.sys [2010-03-31 95872]
R1 SbFw;SbFw; C:\WINNT\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINNT\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 eamon;eamon; C:\WINNT\system32\DRIVERS\eamon.sys [2010-03-31 140216]
R3 catchme;catchme; \??\C:\DOCUME~1\PIII\LOCALS~1\Temp\catchme.sys []
R3 nv;nv; C:\WINNT\system32\DRIVERS\nv4_mini.sys [2004-10-29 2826944]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINNT\System32\Drivers\RootMdm.sys [2001-06-14 6032]
R3 rtl8139;Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver; C:\WINNT\System32\DRIVERS\RTL8139.SYS [1999-09-25 18704]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINNT\system32\DRIVERS\sbfwim.sys [2008-06-21 65448]
R3 uhcd;Ovladač univerzálního hostitelského řadiče USB; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 ASFWHide;ASFWHide; \??\C:\DOCUME~1\PIII\LOCALS~1\Temp\ASFWHide []
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\PIII\LOCALS~1\Temp\esihdrv.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\PIII\LOCALS~1\Temp\mbr.sys []
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINNT\System32\drivers\ws2ifsl.sys [2001-06-14 12016]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
R2 NVSvc;NVIDIA Display Driver Service (Omega 1.6693) (Q); C:\WINNT\system32\nvsvc32.exe [2004-10-29 127043]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S2 OOD2000;O&O Defrag 2000; C:\WINNT\system32\OOD2000.exe [2001-04-06 238080]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-31 33560]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WmdmPmSN;Služba sériového čísla přenosného zařízení; C:\WINNT\System32\svchost.exe [2001-06-14 7952]
S4 Norman NJeeves;Norman NJeeves; C:\VIRUSfighter\bin\NJEEVES.EXE []
S4 Norman ZANDA;Norman ZANDA; C:\VIRUSfighter\Bin\Zanda.exe []

-----------------EOF-----------------

ComboFix:

ComboFix 10-04-30.03 - PIII 01.05.2010 16:04:23.11.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.420.1029.18.255.108 [GMT 2:00]
Spuštěný z: c:\documents and settings\PIII\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PIII\Dokumenty\cc_20100429_191855.reg
c:\program files\WindowsUpdate
c:\winnt\system32\_000009_.tmp.dll

c:\winnt\system32\comres.dll . . . je infikován!!

c:\winnt\system32\comres.dll . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-01 do 2010-05-01 )))))))))))))))))))))))))))))))
.

2010-05-01 14:01 . 2010-05-01 14:01 16384 -c--atw- c:\winnt\system32\Perflib_Perfdata_2fc.dat
2010-04-30 20:13 . 2010-04-30 20:13 -------- dc----w- c:\documents and settings\Divertikulóza tlustého střeva - Ordinace.cz_soubory
2010-04-29 17:04 . 2008-06-21 02:54 65448 -c--a-r- c:\winnt\system32\drivers\SBFWIM.sys
2010-04-29 17:04 . 2008-10-31 05:09 270888 -c--a-r- c:\winnt\system32\drivers\SbFw.sys
2010-04-29 17:03 . 2010-04-29 17:03 -------- dc----w- c:\program files\Sunbelt Software
2010-04-29 14:40 . 2010-04-29 14:40 -------- dc----w- c:\program files\ESET
2010-04-29 14:03 . 2010-03-05 08:33 579072 -c--a-w- c:\winnt\system32\WININET.DLL
2010-04-14 00:20 . 2010-02-18 12:14 1736576 -c--a-w- c:\winnt\system32\dllcache\NTKRPAMP.EXE
2010-04-14 00:20 . 2010-02-18 12:14 1715264 -c--a-w- c:\winnt\system32\dllcache\NTKRNLMP.EXE
2010-04-12 11:11 . 2010-04-12 11:11 -------- dc----w- c:\documents and settings\Studnice - Co je pravda_soubory
2010-04-12 11:08 . 2010-04-12 11:08 -------- dc----w- c:\documents and settings\pravda_soubory
2010-04-12 11:08 . 2010-04-12 11:08 -------- dc----w- c:\documents and settings\pravda_soubory\ads_data
2010-04-12 01:51 . 2010-04-12 01:51 -------- dc----w- c:\documents and settings\maria-poselství_soubory
2010-04-12 01:37 . 2010-04-12 01:37 -------- dc----w- c:\documents and settings\nanebevzetí marie_soubory
2010-04-12 01:36 . 2010-04-12 01:36 -------- dc----w- c:\documents and settings\diskuzní fora_soubory
2010-04-07 01:30 . 2010-04-07 01:30 -------- dc----w- c:\documents and settings\Dráždivý tračník_soubory

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 06:23 . 2010-03-31 06:23 95872 -c--a-w- c:\winnt\system32\drivers\epfwtdir.sys
2010-03-31 06:22 . 2010-03-31 06:22 114984 -c--a-w- c:\winnt\system32\drivers\ehdrv.sys
2010-03-31 06:17 . 2010-03-31 06:17 140216 -c--a-w- c:\winnt\system32\drivers\eamon.sys
2010-03-24 10:20 . 2010-01-14 18:56 -------- dc--a-w- c:\program files\Plant Tycoon
2010-03-12 09:14 . 2002-02-26 13:58 401408 -c--a-w- c:\winnt\system32\vbscript.dll
2010-02-24 06:46 . 2001-06-14 00:00 416304 -c--a-w- c:\winnt\system32\drivers\mrxsmb.sys
2010-02-18 12:14 . 2001-06-14 00:00 1691648 -c--a-w- c:\winnt\system32\NTOSKRNL.EXE
2010-02-18 12:14 . 2001-04-14 06:32 1714368 -c--a-w- c:\winnt\system32\NTKRNLPA.EXE
2010-02-16 04:28 . 2001-06-14 00:00 170800 -c--a-w- c:\winnt\system32\drivers\rdbss.sys
2010-02-15 12:52 . 2010-02-15 12:52 167696 -c--a-w- c:\winnt\system32\WINTRUST.DLL
.

------- Sigcheck -------

[-] 2003-02-01 10:09 . 9E1381B2DE2A23F8E4C22E814D55F475 . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiRes"="c:\program files\MultiRes\MultiRes.exe" [2005-01-26 61952]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2004-10-29 86016]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]

R1 ehdrv;ehdrv;c:\winnt\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\winnt\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 SbFw;SbFw;c:\winnt\system32\drivers\SbFw.sys [29.4.2010 19:04 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\winnt\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\winnt\system32\drivers\ctlsb16.sys [13.4.2009 15:09 141904]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\winnt\system32\drivers\SBFWIM.sys [29.4.2010 19:04 65448]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S3 esihdrv;esihdrv;\??\c:\docume~1\PIII\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\PIII\LOCALS~1\Temp\esihdrv.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.com/
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PIII\Data aplikací\Mozilla\Firefox\Profiles\n3amsakj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=150911&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 16:14
Windows 5.0.2195 Service Pack 4 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\PIII\LOCALS~1\Temp\ASFWHide"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(184)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Celkový čas: 2010-05-01 16:18:55
ComboFix-quarantined-files.txt 2010-05-01 14:18

Před spuštěním: 347 405 312
Po spuštění: 405 323 264

- - End Of File - - 8363B2FC2A931D4099FED4FF3AD2E3FE
Nahoru
Mineya
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 01 kvě 2010 15:32

Re: Útoky na PC - ComboFix našel virus

#2 Příspěvek od Mineya »

Zdravím a děkuji:)

Při dokončování logu se mi počítač opět seknul a nešlo s ním hnout, musela jsem zresetovat, stál 30 min.
Jinak ten comres.dll v system 32 vůbec není, jako první složku s podobným názvem tam mám conrep.dll. Hledali jsme to doma všichni, dala jsem to za úkol i vyhledávači - nenalezen. Vypadá to, jako by tato položka v PC vůbec nebyla, aspoň se tak "tváří". Může být skrytá?

Log z ComboFix:

ComboFix 10-04-30.03 - PIII 01.05.2010 18:21:37.12.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.420.1029.18.255.98 [GMT 2:00]
Spuštěný z: c:\documents and settings\PIII\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PIII\Plocha\CFScript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\comres.dll . . . je infikován!!

c:\winnt\system32\comres.dll . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-01 do 2010-05-01 )))))))))))))))))))))))))))))))
.

2010-05-01 14:48 . 2010-05-01 16:09 -------- dc----w- c:\program files\trend micro
2010-05-01 14:48 . 2010-05-01 14:49 -------- d-----w- C:\rsit
2010-05-01 14:01 . 2010-05-01 14:01 16384 -c--atw- c:\winnt\system32\Perflib_Perfdata_2fc.dat
2010-04-30 20:13 . 2010-04-30 20:13 -------- dc----w- c:\documents and settings\Divertikulóza tlustého střeva - Ordinace.cz_soubory
2010-04-29 17:04 . 2008-06-21 02:54 65448 -c--a-r- c:\winnt\system32\drivers\SBFWIM.sys
2010-04-29 17:04 . 2008-10-31 05:09 270888 -c--a-r- c:\winnt\system32\drivers\SbFw.sys
2010-04-29 17:03 . 2010-04-29 17:03 -------- dc----w- c:\program files\Sunbelt Software
2010-04-29 14:40 . 2010-04-29 14:40 -------- dc----w- c:\program files\ESET
2010-04-29 14:03 . 2010-03-05 08:33 579072 -c--a-w- c:\winnt\system32\WININET.DLL
2010-04-14 00:20 . 2010-02-18 12:14 1736576 -c--a-w- c:\winnt\system32\dllcache\NTKRPAMP.EXE
2010-04-14 00:20 . 2010-02-18 12:14 1715264 -c--a-w- c:\winnt\system32\dllcache\NTKRNLMP.EXE
2010-04-12 11:11 . 2010-04-12 11:11 -------- dc----w- c:\documents and settings\Studnice - Co je pravda_soubory
2010-04-12 11:08 . 2010-04-12 11:08 -------- dc----w- c:\documents and settings\pravda_soubory
2010-04-12 11:08 . 2010-04-12 11:08 -------- dc----w- c:\documents and settings\pravda_soubory\ads_data
2010-04-12 01:51 . 2010-04-12 01:51 -------- dc----w- c:\documents and settings\maria-poselství_soubory
2010-04-12 01:37 . 2010-04-12 01:37 -------- dc----w- c:\documents and settings\nanebevzetí marie_soubory
2010-04-12 01:36 . 2010-04-12 01:36 -------- dc----w- c:\documents and settings\diskuzní fora_soubory
2010-04-07 01:30 . 2010-04-07 01:30 -------- dc----w- c:\documents and settings\Dráždivý tračník_soubory

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 06:23 . 2010-03-31 06:23 95872 -c--a-w- c:\winnt\system32\drivers\epfwtdir.sys
2010-03-31 06:22 . 2010-03-31 06:22 114984 -c--a-w- c:\winnt\system32\drivers\ehdrv.sys
2010-03-31 06:17 . 2010-03-31 06:17 140216 -c--a-w- c:\winnt\system32\drivers\eamon.sys
2010-03-24 10:20 . 2010-01-14 18:56 -------- dc--a-w- c:\program files\Plant Tycoon
2010-03-12 09:14 . 2002-02-26 13:58 401408 -c--a-w- c:\winnt\system32\vbscript.dll
2010-02-24 06:46 . 2001-06-14 00:00 416304 -c--a-w- c:\winnt\system32\drivers\mrxsmb.sys
2010-02-18 12:14 . 2001-06-14 00:00 1691648 -c--a-w- c:\winnt\system32\NTOSKRNL.EXE
2010-02-18 12:14 . 2001-04-14 06:32 1714368 -c--a-w- c:\winnt\system32\NTKRNLPA.EXE
2010-02-16 04:28 . 2001-06-14 00:00 170800 -c--a-w- c:\winnt\system32\drivers\rdbss.sys
2010-02-15 12:52 . 2010-02-15 12:52 167696 -c--a-w- c:\winnt\system32\WINTRUST.DLL
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2003-02-01 10:09 . 9E1381B2DE2A23F8E4C22E814D55F475 . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiRes"="c:\program files\MultiRes\MultiRes.exe" [2005-01-26 61952]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2004-10-29 86016]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]

R1 ehdrv;ehdrv;c:\winnt\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\winnt\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 SbFw;SbFw;c:\winnt\system32\drivers\SbFw.sys [29.4.2010 19:04 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\winnt\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\winnt\system32\drivers\ctlsb16.sys [13.4.2009 15:09 141904]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\winnt\system32\drivers\SBFWIM.sys [29.4.2010 19:04 65448]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S3 esihdrv;esihdrv;\??\c:\docume~1\PIII\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\PIII\LOCALS~1\Temp\esihdrv.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.com/
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PIII\Data aplikací\Mozilla\Firefox\Profiles\n3amsakj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=150911&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 18:31
Windows 5.0.2195 Service Pack 4 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\PIII\LOCALS~1\Temp\ASFWHide"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(184)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(756)
c:\winnt\system32\SHDOCVW.DLL
.
Celkový čas: 2010-05-01 18:36:10
ComboFix-quarantined-files.txt 2010-05-01 16:36
ComboFix2.txt 2010-05-01 14:18

Před spuštěním: 406 194 688
Po spuštění: 403 152 384

- - End Of File - - 469ED0C7217A745117D728803E827BA7
Nahoru
Mineya
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 01 kvě 2010 15:32

Re: Útoky na PC - ComboFix našel virus

#3 Příspěvek od Mineya »

Zdravím, měla jsem plno práce, dostala jsem se sem až nyní. Snad je vše tak jak mělo být.
Zde přikládám logy:

OTL logfile created on: 2.5.2010 15:33:44 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\PIII\Plocha
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

255,00 Mb Total Physical Memory | 121,00 Mb Available Physical Memory | 47,00% Memory free
704,00 Mb Paging File | 435,00 Mb Available in Paging File | 62,00% Paging File free
Paging file location(s): C:\pagefile.sys 470 470 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 4,60 Gb Total Space | 0,38 Gb Free Space | 8,34% Space Free | Partition Type: NTFS
Drive D: | 14,53 Gb Total Space | 13,73 Gb Free Space | 94,55% Space Free | Partition Type: FAT32
Drive E: | 7,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 30,97 Mb Total Space | 16,28 Mb Free Space | 52,56% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VER-G4IY6NCV23F
Current User Name: PIII
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.02 15:29:39 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PIII\Plocha\OTL.exe
PRC - [2010.03.31 08:23:00 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010.03.31 08:22:20 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009.07.15 23:16:44 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008.10.31 07:24:26 | 001,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2008.04.30 08:58:34 | 000,188,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Příslušenství\wordpad.exe
PRC - [2005.06.03 14:14:02 | 000,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
PRC - [2005.01.27 00:40:48 | 000,061,952 | ---- | M] (EnTech Taiwan) -- C:\Program Files\MultiRes\MultiRes.exe
PRC - [2003.08.06 21:24:20 | 012,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2003.06.19 12:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003.06.19 12:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe
PRC - [2003.06.19 12:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe


========== Modules (SafeList) ==========

MOD - [2010.05.02 15:29:39 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PIII\Plocha\OTL.exe
MOD - [2003.06.19 12:05:04 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx
MOD - [2003.06.19 12:05:04 | 000,023,824 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
MOD - [2003.06.19 12:05:04 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll
MOD - [2001.06.14 02:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Norman ZANDA)
SRV - File not found [Disabled | Stopped] -- -- (Norman NJeeves)
SRV - [2010.03.31 08:27:24 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.03.31 08:23:00 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008.10.31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008.10.31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2005.06.03 14:14:02 | 000,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003.06.19 12:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)
SRV - [2003.06.19 12:05:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003.06.19 12:05:04 | 000,096,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)
SRV - [2003.06.19 12:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003.06.19 12:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2001.04.06 13:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINNT\System32\OOD2000.exe -- (OOD2000)


========== Driver Services (SafeList) ==========

DRV - [2010.03.31 08:23:56 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINNT\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010.03.31 08:22:32 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINNT\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.03.31 08:17:48 | 000,140,216 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.10.31 07:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.06.21 04:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008.06.21 04:54:54 | 000,065,448 | R--- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SBFWIM.sys -- (SBFWIMCL)
DRV - [2004.10.29 22:50:00 | 002,826,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.07.09 02:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2003.06.19 12:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003.06.19 12:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio)
DRV - [2003.06.19 12:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003.06.19 12:05:04 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd)
DRV - [2003.06.19 12:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\system32\drivers\efs.sys -- (EFS)
DRV - [2003.06.19 12:05:04 | 000,009,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003.06.19 12:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003.06.19 12:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2001.06.14 02:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [2001.06.14 02:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [1999.10.23 22:10:34 | 000,141,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM)
DRV - [1999.09.25 04:17:18 | 000,018,704 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-688789844-839522115-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-343818398-688789844-839522115-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-343818398-688789844-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=150911"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=green ... =150911&p="
FF - prefs.js..network.proxy.no_proxies_on: "plimus.com,regnow.com"

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 0
FF - user.js..network.proxy.ssl: ""
FF - user.js..network.proxy.ssl_port: 0
FF - user.js..network.proxy.ftp: ""
FF - user.js..network.proxy.ftp_port: 0
FF - user.js..network.proxy.gopher: ""
FF - user.js..network.proxy.gopher_port: 0
FF - user.js..network.proxy.socks_version: 5
FF - user.js..network.proxy.socks: ""
FF - user.js..network.proxy.socks_port: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.10 02:55:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.18 15:31:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.04.29 16:40:08 | 000,000,000 | ---D | M]

[2009.04.13 14:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Mozilla\Extensions
[2010.01.18 15:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Mozilla\Firefox\Profiles\n3amsakj.default\extensions
[2009.12.19 22:04:04 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\PIII\Data aplikací\Mozilla\Firefox\Profiles\n3amsakj.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.05.31 01:00:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PIII\Data aplikací\Mozilla\Firefox\Profiles\n3amsakj.default\extensions\{e3aaf71e-b295-4156-ae11-777237a1db3c}
[2009.07.01 14:22:12 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\PIII\Data aplikací\Mozilla\Firefox\Profiles\n3amsakj.default\searchplugins\conduit.xml
[2009.10.13 22:37:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2009.07.15 20:42:42 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.07.15 20:42:42 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.07.15 20:42:42 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.07.15 20:42:42 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.07.15 20:42:42 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.06.08 19:51:37 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Rádio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKU\S-1-5-21-343818398-688789844-839522115-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe (EnTech Taiwan)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-688789844-839522115-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-688789844-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-688789844-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-688789844-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O18 - Protocol\Filter\text/xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINNT\Web\Wallpaper\Gold Petals.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.08 18:59:38 | 000,000,194 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINNT\system32\ias [2009.04.13 16:50:40 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found

Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux1 - File not found
Drivers32: aux2 - File not found
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi2 - File not found
Drivers32: midi3 - File not found
Drivers32: midi4 - File not found
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: mixer1 - File not found
Drivers32: mixer2 - File not found
Drivers32: mixer3 - File not found
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: msacm.ac3acm - C:\WINNT\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINNT\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\WINNT\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINNT\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINNT\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINNT\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINNT\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINNT\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINNT\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINNT\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINNT\System32\xvidvfw.dll ()
Drivers32: wave1 - File not found
Drivers32: wave2 - File not found
Drivers32: wave3 - File not found
Drivers32: wave4 - File not found
Drivers32: wave5 - File not found
Drivers32: wave6 - File not found
Drivers32: wave7 - File not found
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found
SystemRestore not available.

========== Files/Folders - Created Within 7 Days ==========

[2010.05.24 13:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PIII\Dokumenty\bublifuk_soubory
[2010.05.20 00:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PIII\Dokumenty\Déjà vu zkrat v mozku_soubory
[2010.05.18 15:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PIII\Dokumenty\nokia 6300_soubory
[2010.05.18 13:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PIII\Dokumenty\Hosteky-spěchá!_soubory
[2010.05.18 13:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PIII\Dokumenty\psaní komerč.článků_soubory
[2010.05.13 23:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PIII\Data aplikací\Symantec
[2010.05.13 23:20:41 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\capicom.dll
[2010.05.13 23:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Data aplikací\Symantec
[2010.05.02 15:28:21 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PIII\Plocha\OTL.exe
[2010.05.01 19:05:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.05.01 18:36:16 | 000,000,000 | ---D | C] -- C:\WINNT\temp
[2010.05.01 18:10:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.05.01 16:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.01 16:48:08 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.01 15:59:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2010.05.01 15:59:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2010.05.01 15:59:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2010.05.01 15:59:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2010.05.01 15:59:04 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2010.05.01 15:58:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.29 19:04:34 | 000,065,448 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINNT\System32\drivers\SBFWIM.sys
[2010.04.29 19:04:17 | 000,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINNT\System32\drivers\SbFw.sys
[2010.04.29 19:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010.04.29 16:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.04.29 16:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Data aplikací\ESET
[2010.04.29 16:03:20 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\IEPEERS.DLL
[2010.04.29 16:03:19 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\DXTRANS.DLL
[2010.04.29 16:03:17 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\DXTMSFT.DLL
[2 C:\Documents and Settings\PIII\Plocha\*.tmp files -> C:\Documents and Settings\PIII\Plocha\*.tmp -> ]
[1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.06.02 14:35:09 | 000,000,222 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\filmy.rtf
[2010.06.02 13:13:35 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\vlastní web-zdarma.rtf
[2010.05.24 13:59:40 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\focení-model.rtf
[2010.05.24 13:30:44 | 000,067,562 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\bublifuk.htm
[2010.05.23 21:59:08 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\google.rtf
[2010.05.20 22:15:37 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\peach.rtf
[2010.05.20 00:39:51 | 000,004,048 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\knihovna!!!.rtf
[2010.05.20 00:38:49 | 000,067,752 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\Déjà vu zkrat v mozku.htm
[2010.05.18 15:27:17 | 000,036,757 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\nokia 6300.htm
[2010.05.18 14:36:11 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\výstava - armáda-líbímse.rtf
[2010.05.18 14:18:57 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\ipsos-financni.rtf
[2010.05.18 13:33:01 | 000,009,527 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\psaní komerč.článků.htm
[2010.05.16 20:16:29 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\mireille.rtf
[2010.05.15 22:06:38 | 000,022,076 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\myška.jpg
[2010.05.15 22:03:14 | 000,024,462 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\zralok_domaci.jpg
[2010.05.15 22:02:19 | 000,069,227 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\afro_duck.jpg
[2010.05.15 22:01:24 | 000,051,839 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\jaksepoznazamilovanazebra.jpg
[2010.05.13 22:38:25 | 003,234,472 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\Lepota_oblakov.pps.zip
[2010.05.13 22:38:10 | 000,305,397 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\hory.zip
[2010.05.13 22:35:10 | 004,089,006 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\nadherna_stvoreni.pps.zip
[2010.05.02 15:39:48 | 006,246,400 | -H-- | M] () -- C:\Documents and Settings\PIII\NTUSER.DAT
[2010.05.02 15:29:39 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PIII\Plocha\OTL.exe
[2010.05.02 15:29:23 | 000,004,387 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\testy.rtf
[2010.05.02 15:28:06 | 000,009,217 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\rady.rtf
[2010.05.02 15:27:55 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\PIII\Plocha\~$rady.rtf
[2010.05.02 15:08:33 | 000,017,145 | ---- | M] () -- C:\WINNT\System32\nvapps.xml
[2010.05.02 15:07:05 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010.05.02 15:04:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\PIII\ntuser.ini
[2010.05.02 14:48:12 | 000,176,640 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\Baludin_korektury_dokonceni_17_-18-19_kapitola.doc
[2010.05.01 20:08:19 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_444.dat
[2010.05.01 19:22:38 | 000,027,457 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\poradenstvi PC.rtf
[2010.05.01 19:06:21 | 000,004,308 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\cc_20100501_190614.reg
[2010.05.01 18:31:26 | 000,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2010.05.01 16:47:18 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\RSIT.exe
[2010.05.01 16:01:41 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2fc.dat
[2010.05.01 15:42:57 | 003,924,810 | R--- | M] () -- C:\Documents and Settings\PIII\Plocha\ComboFix.exe
[2010.04.30 00:19:24 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\levné rastaurant sushi.rtf
[2010.04.29 18:21:30 | 000,021,589 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\profi pěna.JPG
[2010.04.29 18:20:59 | 000,026,782 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\profi šampon.JPG
[2010.04.29 17:46:23 | 001,577,984 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\Manuál_Granko_final.ppt
[2010.04.28 00:01:42 | 000,004,825 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\biskupove - koho volit.rtf
[2010.04.27 21:48:41 | 000,042,924 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\minisady.JPG
[2010.04.27 21:31:50 | 000,046,005 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\sobici.JPG
[2010.04.27 21:05:48 | 000,031,335 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\infailible+další.JPG
[2010.04.27 20:37:28 | 000,043,552 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\matt-morph.JPG
[2010.04.27 14:04:35 | 000,009,228 | ---- | M] () -- C:\Documents and Settings\PIII\Dokumenty\levné zájezdy.rtf
[2010.04.26 16:53:45 | 000,000,260 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\práce ve mzdové účt..rtf
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINNT\PEV.exe
[2010.04.26 15:05:07 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\Evidenční_list - VA.doc
[2010.04.26 14:42:04 | 000,006,525 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\foto1.jpg
[2010.04.26 14:40:18 | 000,006,110 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\foto2.jpg
[2010.04.26 14:37:51 | 000,012,421 | ---- | M] () -- C:\Documents and Settings\PIII\Plocha\foto-profil.JPG
[2 C:\Documents and Settings\PIII\Plocha\*.tmp files -> C:\Documents and Settings\PIII\Plocha\*.tmp -> ]
[1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.02 14:35:09 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\filmy.rtf
[2010.06.02 13:13:34 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\vlastní web-zdarma.rtf
[2010.05.24 13:59:35 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\focení-model.rtf
[2010.05.24 13:30:41 | 000,067,562 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\bublifuk.htm
[2010.05.23 21:59:08 | 000,000,962 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\google.rtf
[2010.05.20 22:15:37 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\peach.rtf
[2010.05.20 00:39:51 | 000,004,048 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\knihovna!!!.rtf
[2010.05.20 00:38:48 | 000,067,752 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\Déjà vu zkrat v mozku.htm
[2010.05.18 15:27:16 | 000,036,757 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\nokia 6300.htm
[2010.05.18 14:36:11 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\výstava - armáda-líbímse.rtf
[2010.05.18 14:18:57 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\ipsos-financni.rtf
[2010.05.18 13:33:00 | 000,009,527 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\psaní komerč.článků.htm
[2010.05.16 20:16:29 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\mireille.rtf
[2010.05.15 22:06:38 | 000,022,076 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\myška.jpg
[2010.05.15 22:03:13 | 000,024,462 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\zralok_domaci.jpg
[2010.05.15 22:02:18 | 000,069,227 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\afro_duck.jpg
[2010.05.15 22:01:23 | 000,051,839 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\jaksepoznazamilovanazebra.jpg
[2010.05.15 21:28:27 | 005,420,113 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\mail_a_telefon-_dnešní_doba.doc.zip
[2010.05.13 22:38:21 | 003,234,472 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\Lepota_oblakov.pps.zip
[2010.05.13 22:38:11 | 000,305,397 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\hory.zip
[2010.05.13 22:36:17 | 003,411,890 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\Beaches.pps.zip
[2010.05.13 22:35:03 | 004,089,006 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\nadherna_stvoreni.pps.zip
[2010.05.02 15:29:23 | 000,004,387 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\testy.rtf
[2010.05.02 15:27:55 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\PIII\Plocha\~$rady.rtf
[2010.05.02 15:01:55 | 000,009,217 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\rady.rtf
[2010.05.02 14:48:11 | 000,176,640 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\Baludin_korektury_dokonceni_17_-18-19_kapitola.doc
[2010.05.01 20:08:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_444.dat
[2010.05.01 19:06:19 | 000,004,308 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\cc_20100501_190614.reg
[2010.05.01 18:03:56 | 000,027,457 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\poradenstvi PC.rtf
[2010.05.01 16:47:01 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\RSIT.exe
[2010.05.01 16:01:41 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2fc.dat
[2010.05.01 15:59:16 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
[2010.05.01 15:59:16 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2010.05.01 15:59:16 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2010.05.01 15:59:16 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2010.05.01 15:42:14 | 003,924,810 | R--- | C] () -- C:\Documents and Settings\PIII\Plocha\ComboFix.exe
[2010.04.30 00:19:24 | 000,000,263 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\levné rastaurant sushi.rtf
[2010.04.29 18:21:30 | 000,021,589 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\profi pěna.JPG
[2010.04.29 18:20:59 | 000,026,782 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\profi šampon.JPG
[2010.04.29 17:46:23 | 001,577,984 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\Manuál_Granko_final.ppt
[2010.04.27 21:48:16 | 000,042,924 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\minisady.JPG
[2010.04.27 21:31:50 | 000,046,005 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\sobici.JPG
[2010.04.27 21:05:48 | 000,031,335 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\infailible+další.JPG
[2010.04.27 20:34:41 | 000,043,552 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\matt-morph.JPG
[2010.04.27 17:14:20 | 000,004,825 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\biskupove - koho volit.rtf
[2010.04.27 13:49:38 | 000,009,228 | ---- | C] () -- C:\Documents and Settings\PIII\Dokumenty\levné zájezdy.rtf
[2010.04.26 16:53:45 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\práce ve mzdové účt..rtf
[2010.04.26 15:03:56 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\Evidenční_list - VA.doc
[2010.04.26 14:42:04 | 000,006,525 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\foto1.jpg
[2010.04.26 14:40:15 | 000,006,110 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\foto2.jpg
[2010.04.26 14:33:27 | 000,012,421 | ---- | C] () -- C:\Documents and Settings\PIII\Plocha\foto-profil.JPG
[2009.12.25 20:35:01 | 000,000,000 | ---- | C] () -- C:\WINNT\Orion 2009.ini
[2009.11.17 21:59:44 | 000,178,176 | ---- | C] () -- C:\WINNT\System32\unrar.dll
[2009.11.08 17:06:21 | 000,000,000 | ---- | C] () -- C:\WINNT\Orion 2009 spořič obrazovky.ini
[2009.10.12 22:18:08 | 000,139,264 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2009.10.12 22:18:07 | 000,524,288 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2009.08.09 00:32:45 | 000,000,014 | ---- | C] () -- C:\WINNT\System32\SysInfo.dll
[2009.08.02 21:22:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\ood2kmsg.dll
[2009.08.02 21:22:17 | 000,024,576 | ---- | C] () -- C:\WINNT\System32\OODCSPRO.dll
[2009.06.30 16:30:01 | 000,000,014 | ---- | C] () -- C:\WINNT\System32\SysEngineDrive1.sys
[2009.04.14 20:19:27 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2009.04.14 18:18:13 | 000,000,646 | ---- | C] () -- C:\WINNT\ODBC.INI
[2009.04.14 18:10:52 | 000,156,160 | ---- | C] () -- C:\WINNT\System32\ztvunrar3.dll
[2009.04.14 18:10:52 | 000,075,264 | ---- | C] () -- C:\WINNT\System32\ztvunacev2.dll
[2009.04.14 18:10:48 | 000,178,176 | ---- | C] () -- C:\WINNT\System32\7-zip32.dll
[2009.04.13 15:07:35 | 000,303,354 | ---- | C] () -- C:\WINNT\System32\PerfStringBackup_001.INI
[2001.06.14 02:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2001.06.14 02:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2001.06.14 02:00:00 | 000,013,155 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2001.06.14 02:00:00 | 000,003,028 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2001.06.14 02:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[1999.09.25 20:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999.09.25 20:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys

========== LOP Check ==========

[2009.04.08 22:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WinZip
[2010.04.29 16:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Data aplikací\ESET
[2009.07.31 14:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Data aplikací\F-Secure
[2009.06.30 16:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Data aplikací\Firefly Studios
[2009.11.21 23:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Data aplikací\iWin Games
[2009.07.23 01:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Data aplikací\n7-89-o9-3r-4t-r9
[2010.01.27 15:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Data aplikací\PlayFirst
[2010.01.27 16:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Data aplikací\TEMP
[2009.08.29 15:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Data aplikací\UClick
[2010.01.10 02:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Data aplikací\Zylom
[2009.07.12 19:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Data aplikací\{51FC4C90-DF10-4D41-963E-DB3050C1267C}
[2009.07.13 02:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Anabel
[2009.07.28 23:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Be a King
[2009.08.18 19:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\BSplayer Pro
[2009.04.13 19:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\ESET
[2010.01.27 19:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\GameHouse
[2009.07.03 13:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Haihaisoft PDF Reader
[2009.07.23 01:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Hide IP NG
[2009.07.17 00:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Nvu
[2009.08.28 15:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Peace Craft
[2010.01.27 15:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\PlayFirst
[2009.12.29 02:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\QuickScan
[2009.04.13 15:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\SoftPerfect Personal Firewall
[2009.08.29 15:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\UClick
[2010.01.10 02:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Zylom

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.05.07 15:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Adobe
[2009.07.13 02:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Anabel
[2009.11.11 02:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\AVS4YOU
[2009.07.28 23:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Be a King
[2009.08.18 19:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\BSplayer Pro
[2010.04.24 00:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\dvdcss
[2009.04.13 19:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\ESET
[2010.01.27 19:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\GameHouse
[2009.07.03 13:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Haihaisoft PDF Reader
[2009.07.23 01:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Hide IP NG
[2010.01.10 02:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Identities
[2009.04.13 14:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Macromedia
[2009.04.14 18:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Malwarebytes
[2009.11.17 22:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Media Player Classic
[2010.02.04 22:05:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\PIII\Data aplikací\Microsoft
[2009.04.13 14:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Mozilla
[2009.07.17 00:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Nvu
[2009.08.28 15:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Peace Craft
[2010.01.27 15:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\PlayFirst
[2009.07.20 00:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\PSpad
[2009.12.29 02:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\QuickScan
[2009.04.13 15:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\SoftPerfect Personal Firewall
[2009.05.10 22:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Sun
[2010.05.14 10:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Symantec
[2009.08.29 15:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\UClick
[2009.07.11 14:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\vlc
[2010.01.10 02:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIII\Data aplikací\Zylom

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2003.06.19 12:05:04 | 006,579,059 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:AGP440.sys
[2003.06.19 12:05:04 | 006,579,059 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:AGP440.sys
[2003.06.19 12:05:04 | 000,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\WINNT\ServicePackFiles\i386\agp440.sys

< MD5 for: ATAPI.SYS >
[2001.06.14 02:00:00 | 005,216,915 | ---- | M] () .cab file -- C:\WINNT\$NtServicePackUninstall$\sp2.cab:atapi.sys
[2003.06.19 12:05:04 | 006,579,059 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:atapi.sys
[2003.06.19 12:05:04 | 006,579,059 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:atapi.sys
[2001.06.14 02:00:00 | 000,085,264 | ---- | M] (Microsoft Corporation) MD5=7E91972F4CF3EA0B0C804F005BF42C7A -- C:\WINNT\$NtServicePackUninstall$\atapi.sys
[2003.06.19 12:05:04 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\ERDNT\cache\atapi.sys
[2003.06.19 12:05:04 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2003.06.19 12:05:04 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\system32\dllcache\atapi.sys
[2003.06.19 12:05:04 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\system32\drivers\atapi.sys

< MD5 for: CAPICOM.DLL >
[2004.07.19 17:26:26 | 000,466,944 | ---- | M] (Microsoft Corporation) MD5=1B6E2050ABBDA860F4F9F245D1E150A5 -- C:\WINNT\system32\capicom.dll

< MD5 for: CDROM.SYS >
[2003.06.19 12:05:04 | 006,579,059 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:cdrom.sys
[2003.06.19 12:05:04 | 006,579,059 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:cdrom.sys
[2001.06.14 02:00:00 | 000,027,376 | ---- | M] (Microsoft Corporation) MD5=43D40EE132E19C9101773D0EB4936B40 -- C:\WINNT\$NtServicePackUninstall$\cdrom.sys
[2003.06.19 12:05:04 | 000,027,984 | ---- | M] (Microsoft Corporation) MD5=4B86A90A7F0095D514D22A9083826488 -- C:\WINNT\ServicePackFiles\i386\cdrom.sys
[2003.06.19 12:05:04 | 000,027,984 | ---- | M] (Microsoft Corporation) MD5=4B86A90A7F0095D514D22A9083826488 -- C:\WINNT\system32\dllcache\cdrom.sys
[2003.06.19 12:05:04 | 000,027,984 | ---- | M] (Microsoft Corporation) MD5=4B86A90A7F0095D514D22A9083826488 -- C:\WINNT\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2001.06.14 02:00:00 | 000,063,248 | ---- | M] (Microsoft Corporation) MD5=2AD14BD5978593DCAD5030221EF33679 -- C:\WINNT\$NtServicePackUninstall$\cryptsvc.dll
[2003.06.19 12:05:04 | 000,076,048 | ---- | M] (Microsoft Corporation) MD5=9A5F18DA2577FBC16ECDBBE0AE82EAD0 -- C:\WINNT\$NtUpdateRollupPackUninstall$\cryptsvc.dll
[2003.06.19 12:05:04 | 000,076,048 | ---- | M] (Microsoft Corporation) MD5=9A5F18DA2577FBC16ECDBBE0AE82EAD0 -- C:\WINNT\ServicePackFiles\i386\cryptsvc.dll
[2005.06.03 16:19:50 | 000,078,096 | ---- | M] (Microsoft Corporation) MD5=E5E3B1729164ABECB79C1309F2234EB9 -- C:\WINNT\ERDNT\cache\cryptsvc.dll
[2005.06.03 16:19:50 | 000,078,096 | ---- | M] (Microsoft Corporation) MD5=E5E3B1729164ABECB79C1309F2234EB9 -- C:\WINNT\system32\cryptsvc.dll
[2005.06.03 16:19:50 | 000,078,096 | ---- | M] (Microsoft Corporation) MD5=E5E3B1729164ABECB79C1309F2234EB9 -- C:\WINNT\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2005.06.03 16:19:50 | 000,049,424 | ---- | M] (Microsoft Corporation) MD5=C94C99D9E6034A1611F3A3635075D759 -- C:\WINNT\ERDNT\cache\EVENTLOG.DLL
[2005.06.03 16:19:50 | 000,049,424 | ---- | M] (Microsoft Corporation) MD5=C94C99D9E6034A1611F3A3635075D759 -- C:\WINNT\system32\dllcache\EVENTLOG.DLL
[2005.06.03 16:19:50 | 000,049,424 | ---- | M] (Microsoft Corporation) MD5=C94C99D9E6034A1611F3A3635075D759 -- C:\WINNT\system32\EVENTLOG.DLL
[2003.06.19 12:05:04 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=ED40E3855879006A782BBCDFDD128701 -- C:\WINNT\$NtUpdateRollupPackUninstall$\eventlog.dll
[2003.06.19 12:05:04 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=ED40E3855879006A782BBCDFDD128701 -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2001.06.14 02:00:00 | 000,044,816 | ---- | M] (Microsoft Corporation) MD5=F8156F89260C46D7B953C9BE35E4C5E0 -- C:\WINNT\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2001.06.14 02:00:00 | 000,242,960 | ---- | M] (Microsoft Corporation) MD5=A54283C32F153ABDBE80E87F4B80EDAB -- C:\WINNT\$NtServicePackUninstall$\explorer.exe
[2003.06.19 12:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) MD5=E2529E57032B96C42D7E2F25CF0B7653 -- C:\WINNT\ERDNT\cache\explorer.exe
[2003.06.19 12:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) MD5=E2529E57032B96C42D7E2F25CF0B7653 -- C:\WINNT\explorer.exe
[2003.06.19 12:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) MD5=E2529E57032B96C42D7E2F25CF0B7653 -- C:\WINNT\ServicePackFiles\i386\explorer.exe

< MD5 for: HAL.DLL >
[2003.06.19 12:05:04 | 006,579,059 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:hal.dll
[2003.06.19 12:05:04 | 006,579,059 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:hal.dll
[2003.06.19 12:05:04 | 000,095,456 | ---- | M] (Microsoft Corporation) MD5=080F25698CA3B833F397216B3C79EFBA -- C:\WINNT\ServicePackFiles\i386\hal.dll
[2001.06.14 02:00:00 | 000,066,656 | ---- | M] (Microsoft Corporation) MD5=5218A02FD48C5C578138F3134C67D498 -- C:\WINNT\$NtServicePackUninstall$\hal.dll
[2003.06.19 12:05:04 | 000,066,848 | ---- | M] (Microsoft Corporation) MD5=BB9B5B4C00F0438288FA66A90970CED9 -- C:\WINNT\system32\HAL.DLL

< MD5 for: ISAPNP.SYS >
[2001.06.14 02:00:00 | 005,216,915 | ---- | M] () .cab file -- C:\WINNT\$NtServicePackUninstall$\sp2.cab:isapnp.sys
[2003.06.19 12:05:04 | 006,579,059 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:isapnp.sys
[2003.06.19 12:05:04 | 006,579,059 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:isapnp.sys
[2003.06.19 12:05:04 | 000,046,992 | ---- | M] (Microsoft Corporation) MD5=0510A047B899113265EFF8B15B1E3CFE -- C:\WINNT\ServicePackFiles\i386\isapnp.sys
[2003.06.19 12:05:04 | 000,046,992 | ---- | M] (Microsoft Corporation) MD5=0510A047B899113265EFF8B15B1E3CFE -- C:\WINNT\system32\dllcache\isapnp.sys
[2003.06.19 12:05:04 | 000,046,992 | ---- | M] (Microsoft Corporation) MD5=0510A047B899113265EFF8B15B1E3CFE -- C:\WINNT\system32\drivers\isapnp.sys
[2001.06.14 02:00:00 | 000,046,992 | ---- | M] (Microsoft Corporation) MD5=5AB66CFA1EBA35196CF3B94B89EE6854 -- C:\WINNT\$NtServicePackUninstall$\isapnp.sys

< MD5 for: LSASS.EXE >
[2005.06.03 14:13:42 | 000,033,552 | ---- | M] (Microsoft Corporation) MD5=30308C6F60CF67D29DAA08B826A95437 -- C:\WINNT\ERDNT\cache\LSASS.EXE
[2005.06.03 14:13:42 | 000,033,552 | ---- | M] (Microsoft Corporation) MD5=30308C6F60CF67D29DAA08B826A95437 -- C:\WINNT\system32\dllcache\lsass.exe
[2005.06.03 14:13:42 | 000,033,552 | ---- | M] (Microsoft Corporation) MD5=30308C6F60CF67D29DAA08B826A95437 -- C:\WINNT\system32\LSASS.EXE
[2003.06.19 12:05:04 | 000,033,552 | ---- | M] (Microsoft Corporation) MD5=3603B21637FF38ACC939743A15B2DB6D -- C:\WINNT\$NtUpdateRollupPackUninstall$\lsass.exe
[2003.06.19 12:05:04 | 000,033,552 | ---- | M] (Microsoft Corporation) MD5=3603B21637FF38ACC939743A15B2DB6D -- C:\WINNT\ServicePackFiles\i386\lsass.exe
[2001.06.14 02:00:00 | 000,033,552 | ---- | M] (Microsoft Corporation) MD5=403D5941C0D108340569802E30F6EB2A -- C:\WINNT\$NtServicePackUninstall$\lsass.exe

< MD5 for: MSPMSNSV.DLL >
[2003.02.01 12:09:14 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=9E1381B2DE2A23F8E4C22E814D55F475 -- C:\WINNT\system32\mspmsnsv.dll

< MD5 for: NDIS.SYS >
[2001.06.14 02:00:00 | 000,163,120 | ---- | M] (Microsoft Corporation) MD5=46A5D4A87160521C25EB18691BA2D7F8 -- C:\WINNT\$NtServicePackUninstall$\ndis.sys
[2003.06.19 12:05:04 | 000,170,928 | ---- | M] (Microsoft Corporation) MD5=FB4F2D0595BD3546A4DD915E4A9B4809 -- C:\WINNT\ERDNT\cache\ndis.sys
[2003.06.19 12:05:04 | 000,170,928 | ---- | M] (Microsoft Corporation) MD5=FB4F2D0595BD3546A4DD915E4A9B4809 -- C:\WINNT\ServicePackFiles\i386\ndis.sys
[2003.06.19 12:05:04 | 000,170,928 | ---- | M] (Microsoft Corporation) MD5=FB4F2D0595BD3546A4DD915E4A9B4809 -- C:\WINNT\system32\dllcache\ndis.sys
[2003.06.19 12:05:04 | 000,170,928 | ---- | M] (Microsoft Corporation) MD5=FB4F2D0595BD3546A4DD915E4A9B4809 -- C:\WINNT\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2003.06.19 12:05:04 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=050D078AA3B50557CF2FE4EC3D1BDC73 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2001.06.14 02:00:00 | 000,366,352 | ---- | M] (Microsoft Corporation) MD5=97D78586552601B881056AEB420C381D -- C:\WINNT\$NtServicePackUninstall$\netlogon.dll
[2005.06.03 03:49:52 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=F81941C78D871DCCA1A96C07FF45D6D0 -- C:\WINNT\ERDNT\cache\netlogon.dll
[2005.06.03 03:49:52 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=F81941C78D871DCCA1A96C07FF45D6D0 -- C:\WINNT\system32\dllcache\NETLOGON.DLL
[2005.06.03 03:49:52 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=F81941C78D871DCCA1A96C07FF45D6D0 -- C:\WINNT\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2003.06.19 12:05:04 | 000,117,008 | ---- | M] (Microsoft Corporation) MD5=3A088007040AB63BABC69A3E736BC67A -- C:\WINNT\$NtUpdateRollupPackUninstall$\scecli.dll
[2003.06.19 12:05:04 | 000,117,008 | ---- | M] (Microsoft Corporation) MD5=3A088007040AB63BABC69A3E736BC67A -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2001.06.14 02:00:00 | 000,110,352 | ---- | M] (Microsoft Corporation) MD5=5183BBBD1EC6FD57A8C25EC2C7612310 -- C:\WINNT\$NtServicePackUninstall$\scecli.dll
[2005.06.03 16:19:52 | 000,117,008 | ---- | M] (Microsoft Corporation) MD5=62D3E719A2194815D97B69998BBC1579 -- C:\WINNT\ERDNT\cache\scecli.dll
[2005.06.03 16:19:52 | 000,117,008 | ---- | M] (Microsoft Corporation) MD5=62D3E719A2194815D97B69998BBC1579 -- C:\WINNT\system32\dllcache\scecli.dll
[2005.06.03 16:19:52 | 000,117,008 | ---- | M] (Microsoft Corporation) MD5=62D3E719A2194815D97B69998BBC1579 -- C:\WINNT\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2001.06.14 02:00:00 | 000,045,328 | ---- | M] (Microsoft Corporation) MD5=710A72D400D94F242E4AB473479AC593 -- C:\WINNT\$NtServicePackUninstall$\smss.exe
[2003.06.19 12:05:04 | 000,045,840 | ---- | M] (Microsoft Corporation) MD5=F550719A55976A04511850B30FD9F0CD -- C:\WINNT\ServicePackFiles\i386\smss.exe
[2003.06.19 12:05:04 | 000,045,840 | ---- | M] (Microsoft Corporation) MD5=F550719A55976A04511850B30FD9F0CD -- C:\WINNT\system32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2001.06.14 02:00:00 | 000,007,952 | ---- | M] (Microsoft Corporation) MD5=9E64AD53CFD9DA2D22E8A924F8C6E62C -- C:\WINNT\ERDNT\cache\svchost.exe
[2001.06.14 02:00:00 | 000,007,952 | ---- | M] (Microsoft Corporation) MD5=9E64AD53CFD9DA2D22E8A924F8C6E62C -- C:\WINNT\system32\dllcache\svchost.exe
[2001.06.14 02:00:00 | 000,007,952 | ---- | M] (Microsoft Corporation) MD5=9E64AD53CFD9DA2D22E8A924F8C6E62C -- C:\WINNT\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.18 12:05:06 | 000,320,528 | ---- | M] (Microsoft Corporation) MD5=02FAE418BD28E185A4909E5869497DE5 -- C:\WINNT\ERDNT\cache\tcpip.sys
[2008.06.18 12:05:06 | 000,320,528 | ---- | M] (Microsoft Corporation) MD5=02FAE418BD28E185A4909E5869497DE5 -- C:\WINNT\system32\dllcache\tcpip.sys
[2008.06.18 12:05:06 | 000,320,528 | ---- | M] (Microsoft Corporation) MD5=02FAE418BD28E185A4909E5869497DE5 -- C:\WINNT\system32\drivers\tcpip.sys
[2003.06.19 12:05:04 | 000,332,144 | ---- | M] (Microsoft Corporation) MD5=5F1BE742B1F2196663255991AE7ACC83 -- C:\WINNT\ServicePackFiles\i386\tcpip.sys
[2001.06.14 02:00:00 | 000,323,408 | ---- | M] (Microsoft Corporation) MD5=F1FB884809BF73D90368709B5A9A893F -- C:\WINNT\$NtServicePackUninstall$\tcpip.sys

< MD5 for: USERINIT.EXE >
[2003.06.19 12:05:04 | 000,017,680 | ---- | M] (Microsoft Corporation) MD5=B248042D011CDD1F47C1563A5DA636ED -- C:\WINNT\ERDNT\cache\USERINIT.EXE
[2003.06.19 12:05:04 | 000,017,680 | ---- | M] (Microsoft Corporation) MD5=B248042D011CDD1F47C1563A5DA636ED -- C:\WINNT\ServicePackFiles\i386\userinit.exe
[2003.06.19 12:05:04 | 000,017,680 | ---- | M] (Microsoft Corporation) MD5=B248042D011CDD1F47C1563A5DA636ED -- C:\WINNT\system32\dllcache\userinit.exe
[2003.06.19 12:05:04 | 000,017,680 | ---- | M] (Microsoft Corporation) MD5=B248042D011CDD1F47C1563A5DA636ED -- C:\WINNT\system32\USERINIT.EXE
[2001.06.14 02:00:00 | 000,017,680 | ---- | M] (Microsoft Corporation) MD5=E14CA602B1271082FBAEECF1FD377A36 -- C:\WINNT\$NtServicePackUninstall$\userinit.exe
Přílohy
gmer-log.zip
(88.77 KiB) Staženo 35 x
log gmer.2.zip
(72.19 KiB) Staženo 53 x
Extras.zip
(22 bajtů) Staženo 31 x
Nahoru
Mineya
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 01 kvě 2010 15:32

Re: 2.část

#4 Příspěvek od Mineya »

Stejně se nevešlo i přes zazipování, takže druhá část:)

< MD5 for: WINLOGON.EXE >
[2001.06.14 02:00:00 | 000,177,936 | ---- | M] (Microsoft Corporation) MD5=083FACAC754FD1363B659AA3FAB2BF55 -- C:\WINNT\$NtServicePackUninstall$\winlogon.exe
[2003.06.19 12:05:04 | 000,181,008 | ---- | M] (Microsoft Corporation) MD5=16B12059BC9B5BF09CA3C53E69ECA64A -- C:\WINNT\$NtUpdateRollupPackUninstall$\winlogon.exe
[2003.06.19 12:05:04 | 000,181,008 | ---- | M] (Microsoft Corporation) MD5=16B12059BC9B5BF09CA3C53E69ECA64A -- C:\WINNT\ServicePackFiles\i386\winlogon.exe
[2005.06.03 14:14:42 | 000,186,640 | ---- | M] (Microsoft Corporation) MD5=90CEDEC0F8E686BEE71056BC476B0579 -- C:\WINNT\ERDNT\cache\WINLOGON.EXE
[2005.06.03 14:14:42 | 000,186,640 | ---- | M] (Microsoft Corporation) MD5=90CEDEC0F8E686BEE71056BC476B0579 -- C:\WINNT\system32\dllcache\WINLOGON.EXE
[2005.06.03 14:14:42 | 000,186,640 | ---- | M] (Microsoft Corporation) MD5=90CEDEC0F8E686BEE71056BC476B0579 -- C:\WINNT\system32\WINLOGON.EXE

< MD5 for: WS2_32.DLL >
[2003.06.19 12:05:04 | 000,069,904 | ---- | M] (Microsoft Corporation) MD5=8C0665538632305A626365CE5669DC71 -- C:\WINNT\ERDNT\cache\ws2_32.dll
[2003.06.19 12:05:04 | 000,069,904 | ---- | M] (Microsoft Corporation) MD5=8C0665538632305A626365CE5669DC71 -- C:\WINNT\ServicePackFiles\i386\ws2_32.dll
[2003.06.19 12:05:04 | 000,069,904 | ---- | M] (Microsoft Corporation) MD5=8C0665538632305A626365CE5669DC71 -- C:\WINNT\system32\ws2_32.dll
[2001.06.14 02:00:00 | 000,069,392 | ---- | M] (Microsoft Corporation) MD5=A5187AC13FCD5F0710F73D2D73807592 -- C:\WINNT\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.04.13 16:05:44 | 000,081,920 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2009.04.13 16:05:43 | 000,548,864 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2009.04.13 16:05:43 | 000,360,448 | ---- | M] () -- C:\WINNT\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.05.02 15:08:33 | 000,017,145 | ---- | M] () -- C:\WINNT\system32\nvapps.xml
[2010.05.01 16:01:41 | 000,016,384 | ---- | M] () -- C:\WINNT\system32\Perflib_Perfdata_2fc.dat
[2010.05.01 20:08:19 | 000,016,384 | ---- | M] () -- C:\WINNT\system32\Perflib_Perfdata_444.dat
[2010.04.29 19:04:52 | 000,008,185 | ---- | M] () -- C:\WINNT\system32\sdkinst.log

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users.WINNT\Data aplikací\TEMP:CC81AA95
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINNT\Data aplikací\TEMP:D2397415
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINNT\Data aplikací\TEMP:9AB56A06
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINNT\Data aplikací\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINNT\Data aplikací\TEMP:453190EC
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINNT\Data aplikací\TEMP:241FA548
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINNT\Data aplikací\TEMP:971DCCE2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINNT\Data aplikací\TEMP:E5F8E280
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users.WINNT\Data aplikací\TEMP:A00BCDEF
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users.WINNT\Data aplikací\TEMP:80ED6380
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINNT\Data aplikací\TEMP:9F50A55A
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINNT\Data aplikací\TEMP:C9FD258B
< End of report >

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4090

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106
11.5.2010 18:27:40
mbam-log-2010-05-11 (18-27-40).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 170397
Uplynulý čas: 39 minuta(y), 33 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Děkuji!!
Nahoru
Mineya
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 01 kvě 2010 15:32

Re: Útoky na PC - ComboFix našel virus

#5 Příspěvek od Mineya »

Zdravím, ještě jednou zkusím přiložit ty soubory - jinak jeden z nich našel rootkit....:( Tak nevím co s ním....Combofix ještě dodám...
Přílohy
log gmer.2.zip
(4.48 KiB) Staženo 38 x
gmer-log.zip
(5.16 KiB) Staženo 56 x
Extras.zip
(4.26 KiB) Staženo 34 x
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: Útoky na PC - ComboFix našel virus

#6 Příspěvek od Caroprd111 »

Dobrý den,
zaskočím za kolegu.

Počkám na nový log z ComboFixu.
Obrázek
Nahoru
Mineya
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 01 kvě 2010 15:32

Re: Útoky na PC - ComboFix našel virus

#7 Příspěvek od Mineya »

Tak jsem se sem konečně dostala :)

Přikládám log. PC je ale i přes navýšení rychlosti velmi zpomalený, nestabilní, přetížený - čím ví bůh - často padá i internet a nemohu se k němu připojit i když je s modemem a nastavením vše ok. Mohl by to způsobovat ten rootkit? Čím to může být?

Log:

ComboFix 10-05-24.07 - PIII 25.05.2010 16:44:15.13.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.420.1029.18.255.107 [GMT 2:00]
Spuštěný z: c:\documents and settings\PIII.VER-G4IY6NCV23F\Dokumenty\Stažené soubory\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system\WINSPOOL.DRV

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-25 do 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-11 19:58 . 2010-05-11 20:08 58904 -c--a-w- c:\winnt\system32\sysfolderazipcnt.dll
2010-05-11 19:58 . 2010-05-11 20:08 58904 -c--a-w- c:\winnt\system32\azipcontmn.dll
2010-05-11 15:37 . 2010-04-29 13:39 38224 -c--a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-05-11 15:37 . 2010-04-29 13:39 19288 -c--a-w- c:\winnt\system32\drivers\mbam.sys
2010-05-11 15:37 . 2010-05-11 15:37 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 17:57 . 2010-05-20 13:22 -------- dc--a-w- c:\program files\Sallys Spa
2010-05-08 17:55 . 2010-05-08 17:55 -------- dc----w- c:\program files\ReflexiveArcade
2010-05-02 19:24 . 2010-05-02 19:24 0 -c--a-w- c:\winnt\nsreg.dat
2010-05-02 14:35 . 2010-05-02 14:35 77312 ----a-w- C:\mbr.exe
2010-05-01 14:48 . 2010-05-01 16:09 -------- dc----w- c:\program files\trend micro
2010-05-01 14:48 . 2010-05-01 14:49 -------- d-----w- C:\rsit
2010-04-30 20:13 . 2010-04-30 20:13 -------- dc----w- c:\documents and settings\Divertikulóza tlustého střeva - Ordinace.cz_soubory
2010-04-29 17:04 . 2008-06-21 02:54 65448 -c--a-r- c:\winnt\system32\drivers\SBFWIM.sys
2010-04-29 17:04 . 2008-10-31 05:09 270888 -c--a-r- c:\winnt\system32\drivers\SbFw.sys
2010-04-29 17:03 . 2010-04-29 17:03 -------- dc----w- c:\program files\Sunbelt Software
2010-04-29 14:40 . 2010-04-29 14:40 -------- dc----w- c:\program files\ESET
2010-04-29 14:03 . 2010-03-05 08:33 579072 -c--a-w- c:\winnt\system32\WININET.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 06:23 . 2010-03-31 06:23 95872 -c--a-w- c:\winnt\system32\drivers\epfwtdir.sys
2010-03-31 06:22 . 2010-03-31 06:22 114984 -c--a-w- c:\winnt\system32\drivers\ehdrv.sys
2010-03-31 06:17 . 2010-03-31 06:17 140216 -c--a-w- c:\winnt\system32\drivers\eamon.sys
2010-03-12 09:14 . 2002-02-26 13:58 401408 -c--a-w- c:\winnt\system32\vbscript.dll
.

------- Sigcheck -------

[-] 2003-02-01 10:09 . 9E1381B2DE2A23F8E4C22E814D55F475 . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-01_14.14.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-30 16:04 . 2010-05-09 23:49 85173 c:\winnt\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 23040 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-04-14 16:17 . 2010-05-03 09:20 23040 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 61440 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 61440 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 27136 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 27136 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 11264 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 11264 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 86016 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 86016 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 12288 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 12288 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 4096 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 4096 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\winnt\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 409600 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 409600 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 286720 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 286720 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 249856 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 249856 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-04-14 16:17 . 2010-05-03 09:20 794624 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 794624 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 135168 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 135168 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 593920 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 593920 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\winnt\system32\Macromed\Flash\NPSWF32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiRes"="c:\program files\MultiRes\MultiRes.exe" [2005-01-26 61952]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2004-10-29 86016]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]

R1 ehdrv;ehdrv;c:\winnt\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\winnt\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 SbFw;SbFw;c:\winnt\system32\drivers\SbFw.sys [29.4.2010 19:04 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\winnt\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\winnt\system32\drivers\ctlsb16.sys [13.4.2009 15:09 141904]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\winnt\system32\drivers\SBFWIM.sys [29.4.2010 19:04 65448]
S3 esihdrv;esihdrv;\??\c:\docume~1\PIII\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\PIII\LOCALS~1\Temp\esihdrv.sys [?]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PIII.VER-G4IY6NCV23F\Data aplikací\Mozilla\Firefox\Profiles\rgaoxuef.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 18:56
Windows 5.0.2195 Service Pack 4 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\PIII\LOCALS~1\Temp\ASFWHide"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(160)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(1632)
c:\winnt\system32\SHDOCVW.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\regsvc.exe
c:\winnt\system32\MSTask.exe
c:\winnt\System32\WBEM\WinMgmt.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\winnt\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2010-05-25 19:02:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-25 17:02
ComboFix2.txt 2010-05-01 16:36
ComboFix3.txt 2010-05-01 14:18

Před spuštěním: 442 493 952
Po spuštění: 440 431 616

- - End Of File - - D07D79C52A8367FADFAA37028B2ACA73

Děkuji!!
Nahoru
Mineya
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 01 kvě 2010 15:32

Re: Útoky na PC - ComboFix našel virus

#8 Příspěvek od Mineya »

Jojo, trochu času si najdu, ale spíš po večerech, nicméně se na to už chci taky vrhnout a vyřešit to :) Udělala jsem to v Combofixu dle návodu, přikládám výsledek a ten zip:

ComboFix 10-05-24.07 - PIII 29.05.2010 17:14:20.14.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.420.1029.18.255.47 [GMT 2:00]
Spuštěný z: c:\documents and settings\PIII.VER-G4IY6NCV23F\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PIII.VER-G4IY6NCV23F\Plocha\CFScript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\winnt\system32\azipcontmn.dll"
"c:\winnt\system32\sysfolderazipcnt.dll"

file zipped: c:\winnt\system32\mspmsnsv.dll
file zipped: c:\winnt\system32\mstask.exe
file zipped: c:\winnt\system32\WININET.DLL
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\azipcontmn.dll
c:\winnt\system32\sysfolderazipcnt.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-28 do 2010-05-29 )))))))))))))))))))))))))))))))
.

2010-05-29 15:12 . 2010-05-29 15:12 16384 -c--atw- c:\winnt\system32\Perflib_Perfdata_304.dat
2010-05-25 20:18 . 2010-05-25 23:48 -------- dc----w- c:\program files\The KMPlayer
2010-05-25 18:19 . 2010-05-25 18:19 -------- d-----w- C:\rei
2010-05-25 18:18 . 2010-05-25 18:18 -------- dc----w- c:\program files\Reimage
2010-05-11 15:37 . 2010-04-29 13:39 38224 -c--a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-05-11 15:37 . 2010-04-29 13:39 19288 -c--a-w- c:\winnt\system32\drivers\mbam.sys
2010-05-11 15:37 . 2010-05-11 15:37 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-11 14:02 . 2010-05-11 14:02 352513 -c--a-w- c:\winnt\system32\savapi3.dll
2010-05-11 14:02 . 2010-05-11 14:02 1380403 -c--a-w- c:\winnt\system32\avgsdk.dll
2010-05-08 17:57 . 2010-05-20 13:22 -------- dc--a-w- c:\program files\Sallys Spa
2010-05-08 17:55 . 2010-05-08 17:55 -------- dc----w- c:\program files\ReflexiveArcade
2010-05-02 19:24 . 2010-05-02 19:24 0 -c--a-w- c:\winnt\nsreg.dat
2010-05-02 14:35 . 2010-05-02 14:35 77312 ----a-w- C:\mbr.exe
2010-05-01 14:48 . 2010-05-01 16:09 -------- dc----w- c:\program files\trend micro
2010-05-01 14:48 . 2010-05-01 14:49 -------- d-----w- C:\rsit
2010-04-30 20:13 . 2010-04-30 20:13 -------- dc----w- c:\documents and settings\Divertikulóza tlustého střeva - Ordinace.cz_soubory
2010-04-29 17:04 . 2008-06-21 02:54 65448 -c--a-r- c:\winnt\system32\drivers\SBFWIM.sys
2010-04-29 17:04 . 2008-10-31 05:09 270888 -c--a-r- c:\winnt\system32\drivers\SbFw.sys
2010-04-29 17:03 . 2010-04-29 17:03 -------- dc----w- c:\program files\Sunbelt Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 14:40 . 2010-04-29 14:40 -------- dc----w- c:\program files\ESET
2010-03-31 06:23 . 2010-03-31 06:23 95872 -c--a-w- c:\winnt\system32\drivers\epfwtdir.sys
2010-03-31 06:22 . 2010-03-31 06:22 114984 -c--a-w- c:\winnt\system32\drivers\ehdrv.sys
2010-03-31 06:17 . 2010-03-31 06:17 140216 -c--a-w- c:\winnt\system32\drivers\eamon.sys
2010-03-12 09:14 . 2002-02-26 13:58 401408 -c--a-w- c:\winnt\system32\vbscript.dll
2010-03-05 08:33 . 2010-04-29 14:03 579072 -c--a-w- c:\winnt\system32\WININET.DLL
.

------- Sigcheck -------

[-] 2003-02-01 10:09 . 9E1381B2DE2A23F8E4C22E814D55F475 . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-01_14.14.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-30 16:04 . 2010-05-09 23:49 85173 c:\winnt\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 23040 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-04-14 16:17 . 2010-05-03 09:20 23040 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 61440 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 61440 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 27136 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 27136 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 11264 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 11264 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 86016 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 86016 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 12288 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 12288 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 4096 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 4096 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\winnt\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 409600 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 409600 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 286720 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 286720 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 249856 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 249856 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-04-14 16:17 . 2010-05-03 09:20 794624 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 794624 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 135168 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 135168 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-04-14 16:17 . 2009-04-14 16:17 593920 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19 593920 c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\winnt\system32\Macromed\Flash\NPSWF32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiRes"="c:\program files\MultiRes\MultiRes.exe" [2005-01-26 61952]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2004-10-29 86016]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]

R1 ehdrv;ehdrv;c:\winnt\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\winnt\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 SbFw;SbFw;c:\winnt\system32\drivers\SbFw.sys [29.4.2010 19:04 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\winnt\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\winnt\system32\drivers\ctlsb16.sys [13.4.2009 15:09 141904]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\winnt\system32\drivers\SBFWIM.sys [29.4.2010 19:04 65448]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S3 esihdrv;esihdrv;\??\c:\docume~1\PIII\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\PIII\LOCALS~1\Temp\esihdrv.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PIII.VER-G4IY6NCV23F\Data aplikací\Mozilla\Firefox\Profiles\rgaoxuef.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 17:23
Windows 5.0.2195 Service Pack 4 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\PIII\LOCALS~1\Temp\ASFWHide"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(184)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Celkový čas: 2010-05-29 17:28:01
ComboFix-quarantined-files.txt 2010-05-29 15:27
ComboFix2.txt 2010-05-25 17:02
ComboFix3.txt 2010-05-01 16:36
ComboFix4.txt 2010-05-01 14:18

Před spuštěním: 383 325 184
Po spuštění: 385 243 136

- - End Of File - - 4F4FFA7144420142098E51A84B6CF546
Nahr nˇ probŘhlo ŁspŘçnŘ
Nahoru
Mineya
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 01 kvě 2010 15:32

Re: Útoky na PC - ComboFix našel virus

#9 Příspěvek od Mineya »

Bohužel byla celá složka příliš velká na přiložení sem, protože zde systém akceptuje pouze zprávy do 1 MB, takže jsem to musela rozdělit na více částí. Jeden soubor ve WINNT - SYTEM 32 sem ale bohužel stejně nemohu umístit, sám o sobě má 1,81 MB, nevím, jak bych jej sem přiložila. Tak přikládám jen ty, které šly uložit a poslat zvlášť.
Přílohy
Qoobox.zip
(82.87 KiB) Staženo 38 x
BackEnv.zip
(6.27 KiB) Staženo 31 x
Nahoru
Mineya
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 01 kvě 2010 15:32

Re: Útoky na PC - ComboFix našel virus

#10 Příspěvek od Mineya »

Další...
Přílohy
Documents and Settings.zip
(1.48 KiB) Staženo 34 x
[4]-Submit_2010-05-29_17.13.57.zip
(402.61 KiB) Staženo 31 x
Quarantine.zip
(404.42 KiB) Staženo 34 x
Nahoru
Mineya
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 01 kvě 2010 15:32

Re: Útoky na PC - ComboFix našel virus

#11 Příspěvek od Mineya »

A poslední....nakonec se mi system 32 podařilo trochu zmenšit :) Takže je tu taky!
Přílohy
system32.zip
(989.54 KiB) Staženo 43 x
system.zip
(52.8 KiB) Staženo 51 x
Nahoru
Mineya
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 01 kvě 2010 15:32

Re: Útoky na PC - ComboFix našel virus

#12 Příspěvek od Mineya »

Ahoj, máš pravdu, asi to budu muset udělat...sice jsem to brala jako poslední možnost, protože po instalaci nemůžu vytvořit instalační cd propříště (pc nemá vypalovačku), ale nic jiného asi nezbyde. Myslíš, že po čerstvé instalaci lze udělat zálohu systému např. na jedné disketě? (Neumím moc formátovat). Vejde se to tam?
Nahoru
Mineya
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 01 kvě 2010 15:32

Re: Útoky na PC - ComboFix našel virus

#13 Příspěvek od Mineya »

Obyčejná data zálohuji normálně, ale ten systém právě moc neumím, ale zkusím to, cos mi poradil. Na disketě jsem právě měla kdysi zálohu celého systému pro Windows Millenia, ale formátoval to tata, takze ani nevím jak to udelal....a je pravdou že Millenia a Win 2000 se taky dost liší...Takže zkusím Acronis a budu se trénovat :)
A moc dík!
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“