prosim o kontrolu, neobvykla aktivita site

Zpráva

raskar89 · #16 Příspěvek od **raskar89** » 29 pro 2010 00:00

ComboFix 10-12-26.01 - Eduard 28.12.2010 23:51:26.2.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.2399 [GMT 1:00]
Spuštěný z: c:\users\Eduard\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-28 do 2010-12-28 )))))))))))))))))))))))))))))))
.

2010-12-28 22:56 . 2010-12-28 22:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-28 19:40 . 2010-12-28 19:40 -------- d-----w- c:\program files\Maxis
2010-12-27 21:39 . 2010-12-27 21:39 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-27 12:18 . 2010-12-27 12:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-12-26 09:47 . 2010-12-26 09:47 -------- d-----w- c:\users\Eduard\AppData\Local\Secunia PSI
2010-12-24 21:37 . 2010-12-25 12:48 -------- d-----w- c:\users\Eduard\AppData\Local\Apple Computer
2010-12-24 21:37 . 2010-12-25 12:44 -------- d-----w- c:\users\Eduard\AppData\Roaming\Apple Computer
2010-12-24 21:36 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-24 21:36 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-24 21:36 . 2010-12-24 21:36 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-24 21:36 . 2010-12-24 21:36 -------- d-----w- c:\program files\iTunes
2010-12-24 21:36 . 2010-12-24 21:36 -------- d-----w- c:\program files\iPod
2010-12-24 21:34 . 2010-12-24 21:34 -------- d-----w- c:\program files\Bonjour
2010-12-24 21:34 . 2010-12-24 21:39 -------- d-----w- c:\programdata\Apple
2010-12-24 21:34 . 2010-12-24 21:36 -------- d-----w- c:\program files\Common Files\Apple
2010-12-23 23:39 . 2010-12-23 23:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-23 23:36 . 2010-12-23 23:36 -------- d-----w- c:\users\Eduard\AppData\Local\Sunbelt Software
2010-12-23 23:35 . 2010-12-28 22:21 -------- d-----w- c:\programdata\Lavasoft
2010-12-22 21:42 . 2010-12-22 21:42 -------- d-----w- c:\program files\HyCam2
2010-12-17 17:42 . 2010-12-17 17:42 -------- d-----w- c:\program files\WinHTTrack
2010-12-15 09:30 . 2010-12-15 09:32 -------- d-----w- C:\4581386463297300e3bd92ebac10
2010-12-06 21:51 . 2004-01-21 20:26 377856 ----a-w- c:\windows\system32\binkw32.dll
2010-12-05 23:37 . 2010-12-05 23:37 -------- d-----w- c:\users\Eduard\AppData\Roaming\Leadertech
2010-12-05 22:36 . 2010-12-05 22:36 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-12-04 16:56 . 2010-12-05 22:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-04 16:56 . 2010-12-05 23:28 -------- d-----w- c:\users\Eduard\AppData\Roaming\DAEMON Tools Lite
2010-12-04 16:45 . 2010-12-04 16:45 -------- d-----w- c:\program files\Infogrames Interactive
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 19:00 . 2010-09-07 00:26 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-12-20 17:09 . 2010-09-07 00:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-09-07 00:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 11:21 . 2010-09-07 18:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-07 11:23 . 2010-10-07 11:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 11:23 . 2010-10-07 11:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 11:23 . 2010-10-07 11:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 11:23 . 2010-10-07 11:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2006-10-12 03:09 94208 --sh--w- c:\windows\System32\SalaatTime.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SalaatTime"="c:\program files\Salaat Time\SalaatTime.exe" [2008-05-16 13496320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-01 13789728]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-02 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2010-09-07 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2010-09-07 33136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^Users^Eduard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Eduard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-20 15:20 136176 ----atw- c:\users\Eduard\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 12:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 16:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-12-25 09:47 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-25 18:03 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
2010-10-27 00:17 5636136 ----a-w- c:\program files\Vidalia Bundle\Vidalia\vidalia.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-05 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-06 1343400]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-06-20 49664]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 12:09]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 12:09]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413461409-2882023136-2989487530-1001Core.job
- c:\users\Eduard\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 15:20]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413461409-2882023136-2989487530-1001UA.job
- c:\users\Eduard\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 15:20]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = localhost:8118
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eduard\AppData\Roaming\Mozilla\Firefox\Profiles\v7lyw48u.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.cz/nwshp?hl=cs&tab=wn
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c85cd47&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=cs&q=
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 8118
FF - prefs.js: network.proxy.gopher - localhost
FF - prefs.js: network.proxy.gopher_port - 8118
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 8118
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Gmail Manager: {582195F5-92E7-40a0-A127-DB71295901D7} - %profile%\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Pray Times!: azan-times@hamid.net - %profile%\extensions\azan-times@hamid.net
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-12-28 23:58:19
ComboFix-quarantined-files.txt 2010-12-28 22:58

Před spuštěním: Volných bajtů: 57 444 675 584
Po spuštění: Volných bajtů: 58 825 023 488

- - End Of File - - E82AF8AB7BA5906927311642AEFBB42C

raskar89 · #17 Příspěvek od **raskar89** » 29 pro 2010 00:24

po nainstalovani antiviru i firewallu je pristup na net porad stejny, jako predtim

#18 Příspěvek od **Rudy** » 29 pro 2010 18:53

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\acovcnt.exe

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

Obrázek

raskar89 · #19 Příspěvek od **raskar89** » 30 pro 2010 11:09

s tim souborem, jaky jsme mazali jsem mel problem vzdy, kdyz jsem prosil o radu na tomto foru, vzdycky mne nekdo z adminu pomohl ho smazat pres CF ale vzdy se zase vratil. je to uz minimalne po 5te (i s kompletni preinstalaci pc)

ComboFix 10-12-26.01 - Eduard 30.12.2010 10:56:43.3.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.2429 [GMT 1:00]
Spuštěný z: c:\users\Eduard\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Eduard\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení

file zipped: c:\windows\system32\acovcnt.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-28 do 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 10:01 . 2010-12-30 10:01 -------- d-----w- c:\users\Eduard\AppData\Local\temp
2010-12-30 10:01 . 2010-12-30 10:01 -------- d-----w- c:\users\Home\AppData\Local\temp
2010-12-30 10:01 . 2010-12-30 10:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-30 09:38 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94E185E2-7E67-4D61-9E71-0E236C0377CF}\mpengine.dll
2010-12-28 23:14 . 2010-12-28 23:14 -------- d-----w- C:\VritualRoot
2010-12-28 23:12 . 2010-12-28 23:12 -------- d-----w- c:\program files\COMODO
2010-12-28 23:11 . 2010-12-28 23:14 -------- d-----w- c:\programdata\Comodo
2010-12-28 23:09 . 2010-12-28 23:09 -------- d-----w- c:\users\Eduard\AppData\Roaming\Avira
2010-12-28 23:02 . 2010-12-28 23:02 -------- d-----w- c:\programdata\Avira
2010-12-28 23:02 . 2010-12-28 23:02 -------- d-----w- c:\program files\Avira
2010-12-28 23:02 . 2010-12-13 07:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-28 23:02 . 2010-12-13 07:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-28 19:40 . 2010-12-28 19:40 -------- d-----w- c:\program files\Maxis
2010-12-27 21:39 . 2010-12-27 21:39 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-27 12:18 . 2010-12-27 12:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-12-26 09:47 . 2010-12-26 09:47 -------- d-----w- c:\users\Eduard\AppData\Local\Secunia PSI
2010-12-24 21:37 . 2010-12-25 12:48 -------- d-----w- c:\users\Eduard\AppData\Local\Apple Computer
2010-12-24 21:37 . 2010-12-25 12:44 -------- d-----w- c:\users\Eduard\AppData\Roaming\Apple Computer
2010-12-24 21:36 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-24 21:36 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-24 21:36 . 2010-12-24 21:36 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-24 21:36 . 2010-12-24 21:36 -------- d-----w- c:\program files\iTunes
2010-12-24 21:36 . 2010-12-24 21:36 -------- d-----w- c:\program files\iPod
2010-12-24 21:34 . 2010-12-24 21:34 -------- d-----w- c:\program files\Bonjour
2010-12-24 21:34 . 2010-12-24 21:39 -------- d-----w- c:\programdata\Apple
2010-12-24 21:34 . 2010-12-24 21:36 -------- d-----w- c:\program files\Common Files\Apple
2010-12-23 23:39 . 2010-12-23 23:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-23 23:36 . 2010-12-23 23:36 -------- d-----w- c:\users\Eduard\AppData\Local\Sunbelt Software
2010-12-23 23:35 . 2010-12-28 22:21 -------- d-----w- c:\programdata\Lavasoft
2010-12-22 21:42 . 2010-12-22 21:42 -------- d-----w- c:\program files\HyCam2
2010-12-17 17:42 . 2010-12-17 17:42 -------- d-----w- c:\program files\WinHTTrack
2010-12-15 09:30 . 2010-12-15 09:32 -------- d-----w- C:\4581386463297300e3bd92ebac10
2010-12-06 21:51 . 2004-01-21 20:26 377856 ----a-w- c:\windows\system32\binkw32.dll
2010-12-05 23:37 . 2010-12-05 23:37 -------- d-----w- c:\users\Eduard\AppData\Roaming\Leadertech
2010-12-05 22:36 . 2010-12-05 22:36 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-12-04 16:56 . 2010-12-05 22:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-04 16:56 . 2010-12-05 23:28 -------- d-----w- c:\users\Eduard\AppData\Roaming\DAEMON Tools Lite
2010-12-04 16:45 . 2010-12-04 16:45 -------- d-----w- c:\program files\Infogrames Interactive

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-09-07 00:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-09-07 00:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-10-19 09:41 . 2010-09-06 23:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 11:21 . 2010-09-07 18:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-07 11:23 . 2010-10-07 11:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 11:23 . 2010-10-07 11:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 11:23 . 2010-10-07 11:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 11:23 . 2010-10-07 11:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2006-10-12 03:09 94208 --sh--w- c:\windows\System32\SalaatTime.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-28_22.56.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-28 23:02 . 2010-12-28 23:02 59728 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90RUS.DLL
+ 2010-12-28 23:02 . 2010-12-28 23:02 42832 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90KOR.DLL
+ 2010-12-28 23:02 . 2010-12-28 23:02 43344 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90JPN.DLL
+ 2010-12-28 23:02 . 2010-12-28 23:02 61264 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ITA.DLL
+ 2010-12-28 23:02 . 2010-12-28 23:02 36688 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90CHT.DLL
+ 2010-12-28 23:02 . 2010-12-28 23:02 35648 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90CHS.DLL
+ 2010-12-28 23:02 . 2010-12-28 23:02 62800 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90FRA.DLL
+ 2010-12-28 23:02 . 2010-12-28 23:02 61760 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ESP.DLL
+ 2010-12-28 23:02 . 2010-12-28 23:02 61776 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ESN.DLL
+ 2010-12-28 23:02 . 2010-12-28 23:02 53568 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ENU.DLL
+ 2010-12-28 23:02 . 2010-12-28 23:02 63296 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90DEU.DLL
+ 2010-12-28 23:02 . 2010-12-28 23:02 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfcm90u.dll
+ 2010-12-28 23:02 . 2010-12-28 23:02 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfcm90.dll
+ 2010-09-06 23:54 . 2010-12-30 09:53 31930 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-12-28 23:15 40832 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-06 23:28 . 2010-12-28 23:15 10010 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2413461409-2882023136-2989487530-1001_UserData.bin
+ 2009-07-14 04:50 . 2010-12-28 23:12 86016 c:\windows\System32\DriverStore\infpub.dat
- 2009-07-14 04:50 . 2010-12-28 22:25 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2010-09-10 22:40 . 2010-09-10 22:40 78504 c:\windows\System32\DriverStore\FileRepository\inspect.inf_x86_neutral_5379ce3149166da4\inspect.sys
+ 2010-12-28 23:02 . 2010-06-17 13:27 28520 c:\windows\System32\drivers\ssmdrv.sys
+ 2010-09-10 22:40 . 2010-09-10 22:40 78504 c:\windows\System32\drivers\inspect.sys
+ 2010-09-10 22:40 . 2010-09-10 22:40 30112 c:\windows\System32\drivers\cmdhlp.sys
+ 2010-09-10 22:40 . 2010-09-10 22:40 17256 c:\windows\System32\drivers\cmderd.sys
+ 2010-09-06 23:16 . 2010-12-28 23:16 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-06 23:16 . 2010-12-28 22:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-06 23:16 . 2010-12-28 23:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-06 23:16 . 2010-12-28 22:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-12-28 22:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-12-28 23:16 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-06 23:27 . 2010-12-28 22:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-06 23:27 . 2010-12-30 09:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-12-28 23:16 78240 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-09-06 23:27 . 2010-12-30 09:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-06 23:27 . 2010-12-28 22:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-06 23:27 . 2010-12-30 09:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-06 23:27 . 2010-12-28 22:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-06 23:27 . 2010-12-28 22:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-06 23:27 . 2010-12-30 09:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-06 23:27 . 2010-12-30 09:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-06 23:27 . 2010-12-28 22:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-30 09:51 . 2010-12-30 09:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-28 22:46 . 2010-12-28 22:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-28 22:46 . 2010-12-28 22:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-30 09:51 . 2010-12-30 09:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-28 23:01 . 2010-12-28 23:01 159032 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll
+ 2010-09-10 07:49 . 2010-12-30 09:23 278630 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-09-10 22:41 . 2010-09-10 22:41 285480 c:\windows\System32\guard32.dll
+ 2009-07-14 04:50 . 2010-12-28 23:12 143360 c:\windows\System32\DriverStore\infstrng.dat
- 2009-07-14 04:50 . 2010-12-28 22:25 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2010-12-28 23:12 143360 c:\windows\System32\DriverStore\infstor.dat
- 2009-07-14 04:50 . 2010-12-28 22:25 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2010-09-10 22:40 . 2010-09-10 22:40 236088 c:\windows\System32\drivers\cmdGuard.sys
- 2010-09-06 23:19 . 2010-12-28 10:50 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-09-06 23:19 . 2010-12-29 00:45 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-12 11:16 . 2009-07-12 11:16 223232 c:\windows\Installer\261c3.msi
+ 2010-12-28 23:02 . 2010-12-28 23:02 3780424 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll
+ 2010-12-28 23:02 . 2010-12-28 23:02 3765048 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90.dll
+ 2010-10-27 09:00 . 2010-12-28 23:02 9689836 c:\windows\winsxs\ManifestCache\b881082fc34f61ea_blobs.bin
- 2009-07-14 02:03 . 2010-12-28 22:41 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-12-29 01:02 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 04:34 . 2010-12-23 23:47 3837348 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2010-12-28 23:16 3837348 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-28 23:11 . 2010-12-28 23:11 25272832 c:\windows\Installer\261c7.msi
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SalaatTime"="c:\program files\Salaat Time\SalaatTime.exe" [2008-05-16 13496320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-01 13789728]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-02 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2010-09-07 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2010-09-07 33136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^Users^Eduard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Eduard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-20 15:20 136176 ----atw- c:\users\Eduard\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 12:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 16:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-12-25 09:47 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-25 18:03 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
2010-10-27 00:17 5636136 ----a-w- c:\program files\Vidalia Bundle\Vidalia\vidalia.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-05 691696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-09-10 236088]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-09-10 30112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-06 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-06-20 49664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 12:09]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 12:09]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413461409-2882023136-2989487530-1001Core.job
- c:\users\Eduard\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 15:20]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413461409-2882023136-2989487530-1001UA.job
- c:\users\Eduard\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 15:20]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = localhost:8118
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {0FC59343-0F1B-4E29-B9E5-E89F4FF7291C} = 156.154.70.25,156.154.71.25
TCP: {1847B92A-B3C7-43F0-8C76-84FD0DD00B20} = 156.154.70.25,156.154.71.25
FF - ProfilePath - c:\users\Eduard\AppData\Roaming\Mozilla\Firefox\Profiles\v7lyw48u.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.cz/nwshp?hl=cs&tab=wn
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c85cd47&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=cs&q=
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 8118
FF - prefs.js: network.proxy.gopher - localhost
FF - prefs.js: network.proxy.gopher_port - 8118
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 8118
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Gmail Manager: {582195F5-92E7-40a0-A127-DB71295901D7} - %profile%\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Pray Times!: azan-times@hamid.net - %profile%\extensions\azan-times@hamid.net
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-RunOnce-<NO NAME> - (no file)

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-12-30 11:03:08
ComboFix-quarantined-files.txt 2010-12-30 10:03
ComboFix2.txt 2010-12-28 22:58

Před spuštěním: Volných bajtů: 60 718 055 424
Po spuštění: Volných bajtů: 60 427 747 328

- - End Of File - - C8805DCD267085F1F658C2BA60F221A0

raskar89 · #20 Příspěvek od **raskar89** » 30 pro 2010 12:14

tak ty velke uploady a downloady zmizely, ted uz je tam jenom ten 208B kazdou 2.sekundu

#21 Příspěvek od **Rudy** » 30 pro 2010 18:02

Log již vypadá čistý.

raskar89 · #22 Příspěvek od **raskar89** » 30 pro 2010 19:43

co to je prosim za program, ten jaky jsme mazali? proc se porad objevuje znovu po case? da se proti tomu nejak branit preventivne?

#23 Příspěvek od **Rudy** » 30 pro 2010 20:43

Je to trojan backdoor. Někde na netu jste si ho stáhl. Ochranou by měl být rez. štít antiviru.

raskar89 · #24 Příspěvek od **raskar89** » 31 pro 2010 17:49

Mockrat dekuju za pomoc

#25 Příspěvek od **Rudy** » 31 pro 2010 18:28

Rádo se stalo!

VIRY.CZ

prosim o kontrolu, neobvykla aktivita site

Re: prosim o kontrolu, neobvykla aktivita site

Re: prosim o kontrolu, neobvykla aktivita site

Re: prosim o kontrolu, neobvykla aktivita site

Re: prosim o kontrolu, neobvykla aktivita site

Re: prosim o kontrolu, neobvykla aktivita site

Re: prosim o kontrolu, neobvykla aktivita site

Re: prosim o kontrolu, neobvykla aktivita site

Re: prosim o kontrolu, neobvykla aktivita site

Re: prosim o kontrolu, neobvykla aktivita site

Re: prosim o kontrolu, neobvykla aktivita site