po smazani virtumonde PC blbne,snad ještě další vir?

Zpráva

#16 Příspěvek od **Rudy** » 04 pro 2010 16:44

Chybí začátek logu (hlavička a ostatní výmazy - pokud v nich něco bylo). Jinak pokud nemáte, přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Driver::
Akamai

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

Obrázek

milan.g · #17 Příspěvek od **milan.g** » 04 pro 2010 22:02

Omlouvám se a doplňuju začátek logu z CF:
ComboFix 10-12-03.01 - Milan 03.12.2010 23:40:58.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1403 [GMT 1:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-03 do 2010-12-03 )))))))))))))))))))))))))))))))
.

2010-12-03 21:40 . 2010-12-03 21:52 -------- d-----w- c:\program files\trend micro
2010-12-03 21:40 . 2010-12-03 21:40 -------- d-----w- C:\rsit
2010-12-03 20:27 . 2010-12-03 20:28 -------- dc-h--w- c:\windows\ie8
2010-12-02 21:01 . 2008-04-14 04:22 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-12-02 21:01 . 2001-10-24 11:25 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-12-02 20:59 . 2001-10-24 11:25 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2010-12-02 20:58 . 2004-08-03 21:06 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2010-12-02 20:57 . 2001-08-23 12:00 5120 -c--a-w- c:\windows\system32\dllcache\kbdarmw.dll
2010-12-02 20:56 . 2001-10-24 11:25 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2010-12-02 20:55 . 2001-10-24 10:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-12-02 20:32 . 2010-09-10 05:52 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-02 20:32 . 2010-09-10 05:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-02 20:32 . 2010-09-10 05:52 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-12-02 20:32 . 2010-09-10 05:52 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-12-02 20:32 . 2009-03-08 03:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2010-12-02 20:32 . 2009-03-08 03:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2010-12-02 20:32 . 2009-02-06 20:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2010-12-02 20:30 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-12-02 20:30 . 2010-09-10 05:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-02 20:30 . 2010-09-10 05:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-02 20:30 . 2010-09-10 05:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-30 19:23 . 2010-11-30 19:23 -------- d-----w- c:\program files\HD Tune
2010-11-29 21:08 . 2010-11-29 21:08 -------- d-----w- c:\program files\Yamicsoft
2010-11-28 20:40 . 2010-11-28 20:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2010-11-28 20:37 . 2010-10-27 03:02 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-11-28 20:37 . 2010-10-27 02:50 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-28 20:37 . 2010-11-28 20:38 -------- d-----w- c:\program files\ATI Technologies
2010-11-28 20:33 . 2010-11-28 20:38 -------- d-----w- c:\program files\ATI
2010-11-28 10:47 . 2010-11-28 10:47 -------- d-----w- C:\Games
2010-11-22 19:48 . 2010-11-22 19:52 -------- d-----w- c:\windows\$regcmp$
2010-11-20 19:00 . 2010-11-20 19:00 -------- d-----w- C:\VundoFix Backups
2010-11-19 16:04 . 2010-11-19 16:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Electronic Arts
2010-11-19 16:04 . 2010-11-19 16:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EA Core
2010-11-19 15:40 . 2010-11-19 15:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Solidshield
2010-11-18 19:38 . 2010-11-18 19:38 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\SKIDROW
2010-11-16 15:09 . 2010-11-16 15:09 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\Treyarch
2010-11-13 17:36 . 2010-11-18 12:39 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\GameTracker
2010-11-13 15:56 . 2010-11-13 15:56 -------- d-----w- c:\program files\Mplayer
2010-11-10 09:32 . 2010-11-10 09:32 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\Saved Games
2010-11-10 09:29 . 2010-11-10 09:29 -------- d-----w- c:\documents and settings\Milan\Data aplikací\Microsoft Games
2010-11-09 17:08 . 2010-11-09 17:08 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\Activision
2010-11-07 18:33 . 2010-11-07 18:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alawar Stargaze
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-06 08:03 . 2010-11-06 08:03 -------- d-----w- c:\program files\Common Files\Skype
2010-11-06 08:03 . 2010-11-06 08:03 -------- d-----r- c:\program files\Skype

milan.g · #18 Příspěvek od **milan.g** » 04 pro 2010 22:17

Tak tady je log z nového SF:
ComboFix 10-12-03.01 - Milan 04.12.2010 22:06:29.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1298 [GMT 1:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Milan\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Milan\Dokumenty\cc_20101204_162542.reg

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AKAMAI
-------\Service_Akamai

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-04 do 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-12-04 19:38 . 2007-03-07 16:44 2321288 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-12-04 19:38 . 2010-11-16 11:01 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{EB8A7A7B-4CDB-46FD-93BE-8D7836FDE740}\mpengine.dll
2010-12-04 19:38 . 2010-10-19 09:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-04 19:37 . 2010-12-04 19:37 -------- d-----w- c:\program files\Windows Defender
2010-12-04 19:31 . 2010-12-04 19:31 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\PCHealth
2010-12-04 19:24 . 2010-12-04 19:24 -------- d-----w- c:\windows\system32\winrm
2010-12-04 19:24 . 2010-12-04 19:24 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-12-04 18:05 . 2010-12-04 18:05 -------- d-----w- c:\program files\Common Files\Scanner
2010-12-04 18:04 . 2010-12-04 18:07 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2010-12-04 18:02 . 2010-12-04 18:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Yahoo! Companion
2010-12-04 18:02 . 2010-12-04 18:02 -------- d-----w- c:\documents and settings\Milan\Data aplikací\Yahoo!
2010-12-03 21:40 . 2010-12-04 10:31 -------- d-----w- c:\program files\trend micro
2010-12-03 21:40 . 2010-12-03 21:40 -------- d-----w- C:\rsit
2010-12-03 20:27 . 2010-12-03 20:28 -------- dc-h--w- c:\windows\ie8
2010-12-02 21:01 . 2008-04-14 04:22 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-12-02 21:01 . 2001-10-24 11:25 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-12-02 20:59 . 2001-10-24 11:25 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2010-12-02 20:58 . 2004-08-03 21:06 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2010-12-02 20:57 . 2001-08-23 12:00 5120 -c--a-w- c:\windows\system32\dllcache\kbdarmw.dll
2010-12-02 20:56 . 2001-10-24 11:25 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2010-12-02 20:55 . 2001-10-24 10:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-12-02 20:32 . 2010-09-10 05:52 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-02 20:32 . 2010-09-10 05:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-02 20:32 . 2010-09-10 05:52 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-12-02 20:32 . 2010-09-10 05:52 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-12-02 20:32 . 2009-03-08 03:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2010-12-02 20:32 . 2009-03-08 03:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2010-12-02 20:32 . 2009-02-06 20:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2010-12-02 20:30 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-12-02 20:30 . 2010-09-10 05:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-02 20:30 . 2010-09-10 05:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-02 20:30 . 2010-09-10 05:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-30 19:23 . 2010-11-30 19:23 -------- d-----w- c:\program files\HD Tune
2010-11-29 21:08 . 2010-11-29 21:08 -------- d-----w- c:\program files\Yamicsoft
2010-11-28 20:40 . 2010-11-28 20:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2010-11-28 20:37 . 2010-10-27 03:02 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-11-28 20:37 . 2010-10-27 02:50 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-28 20:37 . 2010-11-28 20:38 -------- d-----w- c:\program files\ATI Technologies
2010-11-28 20:33 . 2010-11-28 20:38 -------- d-----w- c:\program files\ATI
2010-11-28 10:47 . 2010-11-28 10:47 -------- d-----w- C:\Games
2010-11-22 19:48 . 2010-11-22 19:52 -------- d-----w- c:\windows\$regcmp$
2010-11-19 16:04 . 2010-11-19 16:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Electronic Arts
2010-11-19 16:04 . 2010-11-19 16:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EA Core
2010-11-19 15:40 . 2010-11-19 15:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Solidshield
2010-11-18 19:38 . 2010-11-18 19:38 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\SKIDROW
2010-11-16 15:09 . 2010-11-16 15:09 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\Treyarch
2010-11-13 17:36 . 2010-11-18 12:39 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\GameTracker
2010-11-13 15:56 . 2010-11-13 15:56 -------- d-----w- c:\program files\Mplayer
2010-11-10 09:32 . 2010-11-10 09:32 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\Saved Games
2010-11-10 09:29 . 2010-11-10 09:29 -------- d-----w- c:\documents and settings\Milan\Data aplikací\Microsoft Games
2010-11-09 17:08 . 2010-11-09 17:08 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\Activision
2010-11-07 18:33 . 2010-11-07 18:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alawar Stargaze
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-06 08:03 . 2010-11-06 08:03 -------- d-----w- c:\program files\Common Files\Skype
2010-11-06 08:03 . 2010-11-06 08:03 -------- d-----r- c:\program files\Skype
2010-11-05 14:41 . 2010-11-05 14:41 -------- d-----w- c:\documents and settings\Milan\Local Settings\Data aplikací\LAG
2010-11-05 14:41 . 2010-11-05 14:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LAG
2010-11-05 14:41 . 2010-11-05 14:41 -------- d-----w- c:\windows\11AE680750D24F5982B32C3E695E94C2.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:42 . 2010-04-11 11:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2010-04-11 11:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-27 03:55 . 2008-07-04 06:33 5524480 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-10-27 03:17 . 2010-05-27 14:03 16330752 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 03:10 . 2010-05-27 14:03 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 03:10 . 2010-05-27 14:03 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 03:09 . 2010-05-27 14:03 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 02:51 . 2008-07-04 03:00 3958784 ----a-w- c:\windows\system32\ati3duag.dll
2010-10-27 02:49 . 2008-07-04 03:23 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-10-27 02:48 . 2010-05-27 14:03 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-10-27 02:36 . 2008-07-04 02:49 2671744 ----a-w- c:\windows\system32\ativvaxx.dll
2010-10-27 02:30 . 2010-05-27 14:03 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 02:30 . 2010-05-27 14:03 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 02:30 . 2010-05-27 14:03 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-10-27 02:30 . 2010-05-27 14:03 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 02:30 . 2010-05-27 14:03 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-10-27 02:28 . 2010-05-27 14:03 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-10-27 02:27 . 2010-05-27 14:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-10-27 02:26 . 2010-05-27 14:03 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 02:22 . 2010-05-27 14:03 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-10-27 02:20 . 2010-05-27 14:03 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 02:20 . 2010-05-27 14:03 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-10-27 02:20 . 2010-05-27 14:03 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 02:20 . 2010-05-27 14:03 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-10-27 02:19 . 2010-05-27 14:03 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 02:14 . 2008-07-04 02:22 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-10-07 20:25 . 2008-08-14 22:30 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-07 20:25 . 2008-08-14 22:30 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-04 07:33 . 2008-10-05 17:05 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-04 07:32 . 2010-01-05 12:09 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-04 07:32 . 2008-10-05 17:05 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-04 07:27 . 2010-01-03 14:12 138056 ----a-w- c:\documents and settings\Milan\Data aplikací\PnkBstrK.sys
2010-10-04 07:26 . 2008-10-05 17:05 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-04 07:26 . 2010-01-03 14:12 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-09-18 10:23 . 2004-08-17 13:49 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-17 13:49 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:50 . 2010-04-24 05:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2008-08-14 21:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:52 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:52 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-12-03_22.44.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-04 21:11 . 2010-12-04 21:11 16384 c:\windows\temp\Perflib_Perfdata_7cc.dat
+ 2009-10-09 13:56 . 2009-10-09 13:56 14848 c:\windows\system32\wsmprovhost.exe
+ 2009-10-09 13:56 . 2009-10-09 13:56 12288 c:\windows\system32\wsmplpxy.dll
+ 2009-10-09 13:56 . 2009-10-09 13:56 12288 c:\windows\system32\winrssrv.dll
+ 2009-10-09 13:56 . 2009-10-09 13:56 22528 c:\windows\system32\winrshost.exe
+ 2009-10-09 15:16 . 2009-10-09 15:16 71168 c:\windows\system32\winrs.exe
+ 2009-10-09 13:56 . 2009-10-09 13:56 25088 c:\windows\system32\winrmprov.dll
+ 2009-10-09 13:56 . 2009-10-09 13:56 24064 c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll
+ 2009-10-09 15:16 . 2009-10-09 15:16 42496 c:\windows\system32\pwrshplugin.dll
+ 2002-09-23 12:00 . 2009-10-08 13:57 22528 c:\windows\system32\oleaccrc.dll
+ 2004-08-17 13:49 . 2008-05-19 05:33 18944 c:\windows\system32\msisip.dll
+ 2002-09-23 12:00 . 2009-10-08 13:57 22528 c:\windows\system32\dllcache\oleaccrc.dll
+ 2004-08-17 13:49 . 2008-05-19 05:33 18944 c:\windows\system32\dllcache\msisip.dll
+ 2008-04-14 03:21 . 2008-04-14 03:21 81920 c:\windows\system32\dllcache\ieencode.dll
- 2008-08-13 12:16 . 2010-12-03 19:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-13 12:16 . 2010-12-04 15:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-12-04 19:19 . 2010-12-04 15:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-12-02 15:36 . 2010-12-03 19:29 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-24 18:59 . 2010-12-04 09:23 97360 c:\windows\Installer\{36FBEB71-CE94-419B-9F4D-C953B7459C77}\egui.exe
- 2009-11-24 18:59 . 2009-11-24 18:59 97360 c:\windows\Installer\{36FBEB71-CE94-419B-9F4D-C953B7459C77}\egui.exe
- 2009-11-24 18:59 . 2009-11-24 18:59 10134 c:\windows\Installer\{36FBEB71-CE94-419B-9F4D-C953B7459C77}\callmsi.exe
+ 2009-11-24 18:59 . 2010-12-04 09:23 10134 c:\windows\Installer\{36FBEB71-CE94-419B-9F4D-C953B7459C77}\callmsi.exe
+ 2010-12-04 19:28 . 2010-12-04 19:28 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\34fe99136a2a52306499615d9d0d0e74\Microsoft.WSMan.Runtime.ni.dll
+ 2010-12-04 19:28 . 2010-12-04 19:28 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\4072a4ac504836fc3f94d6ac181d9c37\Microsoft.WSMan.Management.resources.ni.dll
+ 2010-12-04 19:28 . 2010-12-04 19:28 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\cf7852ecb1e636c1a6c852b80a863c37\Microsoft.PowerShell.GPowerShell.resources.ni.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 31744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b12fbbd6b5a652ecfbf48e831e2cefb0\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 45568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\79fdb573edefa4ada72d8d5e605a122b\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 38912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\68c32e923f8808e72b816e8bdbc409f2\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-12-04 19:28 . 2010-12-04 19:28 24576 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5c30c21f740b63438bc76855f44b0418\Microsoft.PowerShell.GraphicalHost.resources.ni.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 18432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\52669f8b102a955409eb59b8e19d61c9\Microsoft.PowerShell.Commands.Diagnostics.resources.ni.dll
+ 2010-12-04 19:28 . 2010-12-04 19:28 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5247681549dcf75169dbc6409d1e69ea\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-12-04 19:27 . 2010-12-04 19:27 67072 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4e180b8bb6d2d3ac411d09a92a8bf10f\Microsoft.PowerShell.Editor.resources.ni.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 14848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\dc66c6205f218eabe07ac0d8e796e92b\Microsoft.BackgroundIntelligentTransfer.Management.resources.ni.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\86190801f195b014ec18234ad4816432\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 13824 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.resources\1.0.0.0_cs_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 16896 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.resources\1.0.0.0_cs_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.resources.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.resources\1.0.0.0_cs_31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.resources.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.resources\1.0.0.0_cs_31bf3856ad364e35\Microsoft.PowerShell.Editor.resources.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_cs_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 49152 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_cs_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_cs_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 10752 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.resources\1.0.0.0_cs_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 57344 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
+ 2009-10-09 13:57 . 2009-10-09 13:57 20480 c:\windows\$968930Uinstall_KB968930$\PSCustomSetupUtil.exe
+ 2009-10-09 13:56 . 2009-10-09 13:56 2048 c:\windows\system32\winrsmgr.dll
+ 2009-10-09 15:16 . 2009-10-09 15:16 4608 c:\windows\system32\WindowsPowerShell\v1.0\pwrshmsg.dll
+ 2009-10-09 15:16 . 2009-10-09 15:16 4096 c:\windows\system32\WindowsPowerShell\v1.0\cs\powershell_ise.resources.dll
+ 2010-12-04 19:22 . 2010-12-04 19:25 7494 c:\windows\SoftwareDistribution\EventCache\{34716B3B-1E8F-4BC9-A769-6DE81814D248}.bin
+ 2010-12-04 19:24 . 2010-12-04 19:24 7168 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 9216 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_cs_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 7168 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.resources\1.0.0.0_cs_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
+ 2009-10-09 13:56 . 2009-10-09 13:56 9216 c:\windows\$968930Uinstall_KB968930$\PSSetupNativeUtils.exe
+ 2009-10-09 13:56 . 2009-10-09 13:56 209408 c:\windows\system32\WsmWmiPl.dll
+ 2009-10-09 15:16 . 2009-10-09 15:16 363520 c:\windows\system32\WsmRes.dll
+ 2009-10-09 13:56 . 2009-10-09 13:56 139776 c:\windows\system32\WsmAuto.dll
+ 2009-10-09 13:56 . 2009-10-09 13:56 225280 c:\windows\system32\wsmanhttpconfig.exe
+ 2009-10-09 13:56 . 2009-10-09 13:56 233984 c:\windows\system32\winrscmd.dll
+ 2009-07-31 22:27 . 2009-07-31 22:27 201184 c:\windows\system32\winrm.vbs
+ 2009-10-09 15:16 . 2009-10-09 15:16 148480 c:\windows\system32\WindowsPowerShell\v1.0\pspluginwkr.dll
+ 2009-10-09 13:57 . 2009-10-09 13:57 204800 c:\windows\system32\WindowsPowerShell\v1.0\powershell_ise.exe
+ 2009-10-09 13:56 . 2009-10-09 13:56 448000 c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
+ 2009-10-09 13:57 . 2009-10-09 13:57 112640 c:\windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\microsoft.backgroundintelligenttransfer.management.interop.dll
+ 2009-07-16 09:22 . 2009-07-16 09:22 126976 c:\windows\system32\WindowsPowerShell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
+ 2009-10-09 15:16 . 2009-10-09 15:16 178176 c:\windows\system32\wevtfwd.dll
+ 2008-07-29 18:59 . 2009-10-08 13:57 613376 c:\windows\system32\uiautomationcore.dll
+ 2002-09-23 12:00 . 2009-10-08 13:57 220160 c:\windows\system32\oleacc.dll
+ 2004-08-17 13:49 . 2008-05-19 05:33 332800 c:\windows\system32\msihnd.dll
+ 2002-09-23 12:00 . 2009-10-08 13:57 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2004-08-17 13:49 . 2008-05-19 05:33 332800 c:\windows\system32\dllcache\msihnd.dll
+ 2010-12-04 19:28 . 2010-12-04 19:28 250368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\7f7bba7715c856abda9e3ea273414f1e\System.Management.Automation.resources.ni.dll
+ 2010-12-04 19:28 . 2010-12-04 19:28 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\a90fef2e90e3c1c1de3bf24a835dcfa0\Microsoft.WSMan.Management.ni.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ff9583e53a4bec6da6aae423a613ba6c\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f449b2674e5198e37ce8642b27a94823\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-12-04 19:28 . 2010-12-04 19:28 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8aece00b9a77cc2d75a921465abcce57\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2010-12-04 19:28 . 2010-12-04 19:28 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\715cee741bcf47ecaf75a856c156f3cb\Microsoft.PowerShell.Security.ni.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3d7d5070c97ef550f64bc835a8959341\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 253952 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_cs_31bf3856ad364e35\System.Management.Automation.resources.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 274432 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 278528 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 651264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 991232 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 618496 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 262144 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 102400 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
+ 2010-12-04 19:24 . 2009-06-25 08:59 387376 c:\windows\$968930Uinstall_KB968930$\spuninst\updspapi.dll
+ 2010-12-04 19:24 . 2009-06-25 08:59 224048 c:\windows\$968930Uinstall_KB968930$\spuninst\spuninst.exe
+ 2009-10-09 15:16 . 2009-10-09 15:16 1107456 c:\windows\system32\WsmSvc.dll
+ 2004-08-17 13:49 . 2008-05-19 05:33 4445184 c:\windows\system32\msi.dll
+ 2004-08-17 13:49 . 2008-05-19 05:33 4445184 c:\windows\system32\dllcache\msi.dll
+ 2010-12-04 19:37 . 2010-12-04 19:37 1152512 c:\windows\Installer\20b53.msi
+ 2010-12-04 19:28 . 2010-12-04 19:28 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\47a2229038c869951b36a1081a3c8768\System.Management.Automation.ni.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\adca7827958ca8958a599d82143dce51\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-12-04 19:27 . 2010-12-04 19:27 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6408339c6991217900316808e44f5158\Microsoft.PowerShell.Editor.ni.dll
+ 2010-12-04 19:28 . 2010-12-04 19:28 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\27894b3ee67930492bb4925dc27c9e6b\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2010-12-04 19:24 . 2010-12-04 19:24 2682880 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Milan^Nabídka Start^Programy^Po spuštění^Game Alarm.lnk]
backup=c:\windows\pss\Game Alarm.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-04-09 14:17 2029640 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 08:56 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate1c96e5768000854"=2 (0x2)
"Nero BackItUp Scheduler 3"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Tropic Designs: Weather Pulse update permissions manager. 29862."=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\HRY\\HL2\\Steam.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\Hry\\Bionic Commando\\bcr.exe"=
"d:\\HRY\\FIFA 09\\FIFA09.exe"=
"d:\\HRY\\Pure\\Pure.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\HRY\\Shaun White\\ShaunWhiteSnowboardingGame.exe"=
"d:\\HRY\\Shaun White\\ShaunWhiteSnowboarding.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"e:\\Hry\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"e:\\Hry\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"e:\\Hry\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"d:\\HRY\\Wheelman\\Binaries\\WheelmanGame-Final.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\HRY\\HL2\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\HRY\\HL2\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"d:\\HRY\\HL2\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"d:\\HRY\\HL2\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"d:\\HRY\\HL2\\SteamApps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Hry\\Viva Pinata\\Viva Pinata.exe"=
"d:\\HRY\\HL2\\SteamApps\\zuzan123\\counter-strike source\\hl2.exe"=
"d:\\HRY\\HL2\\SteamApps\\common\\call of duty black ops rcon\\BlackOpsRcon.exe"=
"e:\\Hry\\NFS-HP\\Launcher.exe"=
"d:\\HRY\\HL2\\SteamApps\\common\\call of duty black ops\\BlackOps.exe"=
"d:\\HRY\\HL2\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"1051:TCP"= 1051:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 15:18 107256]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9.4.2009 15:19 731840]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [31.3.2009 18:45 12032]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [25.11.2009 23:06 34384]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10.7.2010 15:05 13224]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [24.12.2008 18:35 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [24.12.2008 18:35 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [24.12.2008 18:35 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [24.12.2008 18:35 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [24.12.2008 18:35 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [24.12.2008 18:35 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [24.12.2008 18:35 110120]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [24.12.2008 18:35 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [24.12.2008 18:35 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [24.12.2008 18:35 107304]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [17.8.2004 14:49 14336]
S4 Tropic Designs: Weather Pulse update permissions manager. 29862.;Tropic Designs: Weather Pulse update permissions manager. 29862.;e:\programy\Weather Pulse\TDClient.exe -PermissionManagerRun --> e:\programy\Weather Pulse\TDClient.exe -PermissionManagerRun [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
WINRM REG_MULTI_SZ WINRM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-10-22 18:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-12-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.82.144.83/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\pttb712s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/
FF - component: c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\pttb712s.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Acid Burn: {47d1d620-5e5b-11da-8cd6-0800200c9a66} - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\pttb712s.default\extensions\{47d1d620-5e5b-11da-8cd6-0800200c9a66}
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\pttb712s.default\extensions\bkmrksync@nokia.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\pttb712s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\pttb712s.default\extensions\battlefieldheroespatcher@ea.com
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\pttb712s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Flash Video Resources Downloader: max@subfighter.com - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\pttb712s.default\extensions\max@subfighter.com
FF - Extension: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\pttb712s.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 22:12
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tropic Designs: Weather Pulse update permissions manager. 29862.]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-73586283-1682526488-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f5,7d,3b,3a,66,a1,65,53,19,79,24,e4,27,33,d1,f7,df,c3,f0,d9,ea,
32,19,9d,6b,61,8d,6c,14,f1,eb,c0,2e,aa,51,3f,2c,de,3e,52,3d,32,38,e7,1c,2e,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="7AFA0F8D24B4A53AA787AC778C2948BE8D507297DCA71C1462EAF3C1E43F6CEE4D2ECEBB00F274427BEC77D32EE37010458693DB483E41FC6740625FB8821EBC48F13B3DCD9855C44E85147F9535225CC3409C94510E0FED545F6AC7ECDC63348B08339912372DB1F0FEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933D2C29EADE9337E8D9763CD3ED3BF2246884F4BB04A616A2E12B7842A86EDC6B9B1B57F9AAE8F6E072B1E6718CE437E1DD49DA979F49919FDEF2A2655CBD7A1F998476BBDD1D980E236108859194CF987939C69C89DB595FD6C324457A1519140A1C19C8328B26D1C6DB84D4E6FC17F6AB0A225E5088198A24C9A1F1677AABD2E0F06150FE9116F1E29AE15F5F1DF78A03E9AC0CDDF1EE0527B41362BA10AD857430914B63340C5CAE61C0503A737D777F2825F31B300AF69091BD1E3556913C447D2A406055FB5F6C7BB06DE792A9231A8EC6AF374EFCAB4A6AEFA412F96A2F0467E8EBA44E007EA1161C2A333F01F04DCFE10AE7A8B7BF82C96FEF8AEB2C4CB103EE3C6378A8365A9712CA009187C98B1F3C02FFE4310ED9304F17438B3353A1954F5520C787C1620E3F5D90FFE2A106D1BB173215B5ABBFD3829521164B715F89ADBB6D398442326C79808BE58ACF8F8535CB3626CAE04AB0CBE63E66114A6EAFC718280AE34230EBDD094F42D8C5B6296FCD4A9E4685985E9112C479D94B051FA56F8ECD027A5537B9D21F359D7B0DBED16754183634194D14168A55E86E4AC2A6C1054E8FBAA124A43FEE10C1D663C76EB65575D03B88955B682DA3CBCECA631DBF15638172889854A3845C97360FB6308A800DCAC2EB61E1B9FA1A60FE50CCD0F7EF84FDF0621A100060EE970F23A7B36792FBD488313E55C92195ED7DCCACF36C62495C22160A172598D17B36837988A434010C411B7FBAD66C3F9F458789B4391A3C42ECB741FF6D4F6525C005AA8D626F2391421664404D70BE14A504C28ED59A86E964A2E47A550E66F8E6AAD2E37F7E6F2ABF380359A59B956BCAEA084324EC672F2D482DC5A585796744DDC3F06BFA5C884BA0DDBED0FFE66B855784ECDD0778ABF998A33362B2D423AC3BC8667BA971B9D9D3755C153ED79AB97F53BC4F895BDFC3982B49B3CAAC210DBC1C2BDD98AA0F637CED59B337D49893EE012DD90E3ED2D49CB5EB4337B3C2B1806C5B34133609797C425C5710AE14884A5312495044DD852EBC16B6C2C26436C4774B549A6380940B01ECD025328E11AD387E63B00618AD08A04F1F72ECC16C467CA76FEDE58D7294D2F860F7B4FD5A39F9AB968C486D23676DD3B17D64FE37E6CD769213BC4163D7BDC86F60AE126B960017337216A"
"OODEFRAG11.00.00.01WORKSTATION"="51C71939B627D9A606079B6B96D0052F5647EC47F782C114A46665F274DAE91E2522D002E3122A66282343FBD58340A0C49EC26FD95E0CF3C204B38F16D9E367D9B8A56C34F9C8DAC9EB61B295645F94316FCF7EDCCCBAD5442B2FBB49E47C0D4E18191D5AE73F08FA4ECF9C4CAF554880A86C8ADE56D0D0876DCCB66E76631F708EDA9DDBE88B98637B1EAA459F8E9DAE7A251090094621FA9A36253C0D3DD146B0D257950A9D57B96690B22374E71BC9D9BAEB75F60623A0C9478C3E2B237CE6549B1EB4615AB5CDC79E6D57F4B46AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5C292EEDB33824529721DE246A6E5F47034AD4D94BF0652281369D95AF79B2E1A67910939B54E3BEAF3B1CDA7F1489A08C95A2A38C1F8C75FEC9EC8B9485ABC2BEB9A4987CAB769A38BE620EC3BEF0D356C6D0120F81AD99DCC7D72152E28FC151FAD8527F668883797284EE46DBF1E9E0F832D0EDE9F4A3F5404F9D2F677FA4B4606246B07DC88B6130165FFDA9EE5FD15AD840A5FC9322C8D4897F51BB9AA3DFA4B62F80426BB501E370F6C43DCA28F42B21F59A33C010F8BF00F743DF8A686D9190FB435529FD8C0F2D82D77DF0A9374425B911593463CD4A736DF523F7941F8871CD312E3B4EDCC7AD8056A5CABEA88E4987B5112D0231D3E2783C2D133C58FD19FB67186289EEB71624C8C7CA348209B091164D6C47B3CF17E7CCF68DE7A07A129165B1E2046499CF5617C465CB9CC5443B23D738018546983C43CE1E922418A4CC11ED848602C184B18D56133D756A329CB5CD59F37F50352A1F5580ACB28A629F3112914F2F94A605DF0850302EB16B03079F1E579BA0809C4501719940939CB1723ADA8E7A89E8D422B91F460F6BA4ED3592D8537A77D0B07A1CB4B2648CEADC66D433E9943044594E9D028D7EF5D794433EDD0A5C2D3EB76CC391C25BE029AE7F2573F851A8F4FC41BC028E8CCB415C1711080EAAAD2937A96A520B851176EB9842F6C92BA87ADFBC732E42EA756263FA4AB3646EF732E9A4D5C4BDE53335896C151C5D3EF918D3E6709317EF9081F91E7EC38A581E40BAB61EBB8424EC8DB19A5E48294AF7D7E347B84A6F9350A5A313189D6EB9C97C4E99B20EFB0EFB69C42AAF6195369606C74C23E720767A9C1BCED32AF18AB3D6F76D5597B11130785381F0D4FE0AD8B0F1C7DA8B74D76A794B2CC0D66EE32C8042B41B352B436E2E25EDDA903872D82E046EE0D42A9F0D0ED4EAC4962D86976FE9D8EDCAE15BAD41331F7E8905C04315D55A88E7F257E4F68CAB18DEED55EA5EE1A38C3E3EB47C2EAE2ABD369E695B427487F9EDF42B880E7BF6C828E3D6B34A4EC587FAA3D0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(3124)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Altap Salamander 2.5\plugins\salamext.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Razer\Lachesis\OSD.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Razer\Lachesis\razerofa.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-12-04 22:15:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-04 21:15
ComboFix2.txt 2010-12-03 22:45
ComboFix3.txt 2010-11-30 19:36

Před spuštěním: Volných bajtů: 22 191 083 520
Po spuštění: Volných bajtů: 22 101 651 456

- - End Of File - - 28A3D41E00489C16314BE01EEB0163B9

#19 Příspěvek od **Rudy** » 05 pro 2010 10:27

Smazáno, log již vypadá čistý.

milan.g · #20 Příspěvek od **milan.g** » 05 pro 2010 10:39

Taky si myslím že je ultra čisto. Explorer ale padá, někdy se objeví restart i v Opeře... Při posledním restartu jsem měl blue screen s oznámením chyby v ATI...nějaký zacyklení...
Zkusil jsem tedy vrátit ovladače ATI - na webu jsem našel, že nejnovější nejsou nejstabilnější..
Tak uvidím, zatím šlape.
Ještě dotaz - má smysl nechat souběžně puštěný NOD a Spybot (s rezid. ochr.) ? Myslím že NOD by měl stačit sám.
Jinak za kontroly logů a návod díky, díky..

#21 Příspěvek od **Rudy** » 05 pro 2010 10:48

NOD a Spybot se spolu v systému snáší. NOD by měl stačit určitě sám a Spybot je jaksi již za horizontem své slávy. Nepatří v souč. době mezi námi doporučované sw.

VIRY.CZ

po smazani virtumonde PC blbne,snad ještě další vir?

Re: po smazani virtumonde PC blbne,snad ještě další vir?

Re: po smazani virtumonde PC blbne,snad ještě další vir?

Re: po smazani virtumonde PC blbne,snad ještě další vir?

Re: po smazani virtumonde PC blbne,snad ještě další vir?

Re: po smazani virtumonde PC blbne,snad ještě další vir?

Re: po smazani virtumonde PC blbne,snad ještě další vir?