Dobrý den,
Měl bych tu jeden problém s počítačem.
Dne 26.3.2011 jsem provedl rychlý sken programem MBAM a po skončení, MBAM detekoval 23 infikovaných souborů. Dal jsem tedy odstranit všechny infikované objekty a restartoval počítač. Poté jsem znovu provedl rychlý sken MBAM a opět detekoval 23 infikovaných souborů. Rozhodl jsem se tedy,použít Avenger ,po restartu pc vyšel log Avengera,že tyto objekty nebyli nalezeny,proto nemohli být smazány..divné je,že tyto soubory se nedají vyhledat.
Dne 27.3.2011 jsem provedl rychlý sken se SuperAntispyware - detekoval pouze Tracking Cookie..
Dnes 28.3.2011 - Jsem provedl opět sken s MBAM a detekoval tentokrát 24 infikovaných souborů. Přibyl Backdoor.bot.
BTW: Vůbec netuším,jak se to tam mohlo dostat,..Nebyl jsem za poslední týden na stránkách,které by vyhodnotil Web of Trust jako nedůvěryhodné..
PS2: Také jsem zapoměl dodat,že jsem jednou použil Combofix..po restartu se počítač nenabootoval a hlásil poškozený registr..tak jsem provedl opravu MBR a pak se PC nabootoval.
Můj počítač:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Martin MTA at 2011-03-28 21:09:52
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 62 GB (62%) free of 100 GB
Total RAM: 1022 MB (29% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:11:31, on 28.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BufferZone\CLNTSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BufferZone\BZDCOMLAUNCH.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
D:\My Folder\foldrs-slozky-install-portable\Everything-1.2.1.371.exe
C:\program files\coode software\shortcutor\shortcutor.exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\program files\robotask\robotask.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\FindAndRunRobot\FindAndRunRobot.exe
C:\Program Files\AIMP2\AIMP2.exe
C:\Program Files\KeyScrambler\KeyScrambler.exe
C:\Program Files\Window HTS\svchost.exe
C:\Program Files\PicPick\picpick.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\QIP 2010\qip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\The KMPlayer\KMPlayer.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\My Folder\My ! Eflax\sprava pocitace - PC\Malware\RSIT.exe
C:\Documents and Settings\Martin MTA\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Martin MTA.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: CBZurlmon Object - {311BA51F-64F2-439D-9A4A-772373D77312} - C:\Program Files\BufferZone\BZbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Everything] "D:\My Folder\foldrs-slozky-install-portable\Everything-1.2.1.371.exe" -startup
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKCU\..\Run: [Shortcutor] "C:\program files\coode software\shortcutor\shortcutor.exe"
O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Program Files\AnVir Task Manager Free\AnVir.exe" Minimized
O4 - HKCU\..\Run: [RoboTask] "C:\program files\robotask\robotask.exe"
O4 - Startup: Find And Run Robot.lnk = C:\Program Files\FindAndRunRobot\FindAndRunRobot.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0016624250
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FE0D22F-FFC7-4B63-8B3E-9C6CABE5F365}: NameServer = 10.0.82.65,62.240.184.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{9385D163-2321-4B16-8B94-F14A20F7EFD7}: NameServer = 10.0.82.65,62.240.184.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\CLNTSVC.EXE
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
--
End of file - 7404 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-03-10 381656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{311BA51F-64F2-439D-9A4A-772373D77312}]
CBZurlmon Object - C:\Program Files\BufferZone\BZbho.dll [2010-11-29 225056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-25 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Everything"=D:\My Folder\foldrs-slozky-install-portable\Everything-1.2.1.371.exe [2009-03-13 602624]
"StartupDelayer"=C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [2009-03-08 73728]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Shortcutor"=C:\program files\coode software\shortcutor\shortcutor.exe [2010-12-15 3975680]
"AnVir Task Manager Free"=C:\Program Files\AnVir Task Manager Free\AnVir.exe [2010-04-02 1733856]
"RoboTask"=C:\program files\robotask\robotask.exe [2011-03-01 706560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupDelayer]
C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [2009-03-08 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3
"HideMyIpSRV"=3
"WMPNetworkSvc"=3
"Secunia Update Agent"=2
"Secunia PSI Agent"=2
"ose"=3
"Microsoft Office Groove Audit Service"=3
"JavaQuickStarterService"=2
"iPod Service"=3
"idsvc"=3
"Bonjour Service"=2
"Ati HotKey Poller"=2
"Apple Mobile Device"=2
"cmdAgent"=2
"StarWindServiceAE"=2
"IDriverT"=3
"ocster_backup"=3
"SolutoService"=2
"Steam Client Service"=3
"MatSvc"=3
"Cleaner_Validator"=3
C:\Documents and Settings\Martin MTA\Nabídka Start\Po spuštění
Find And Run Robot.lnk - C:\Program Files\FindAndRunRobot\FindAndRunRobot.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-05-27 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll [2010-06-22 202088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoLogoff"=0
"MaxRecentDocs"=15
"DisableMyMusicDirChange"=1
"DisableMyPicturesDirChange"=1
"NoUserNameInStartMenu"=1
"NoCommonGroups"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Opera 11.00 beta\opera.exe"="C:\Program Files\Opera 11.00 beta\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Foxreal\YouTube FLV Downloader Pro\Foxreal YouTube FLV Downloader Pro.exe"="C:\Program Files\Foxreal\YouTube FLV Downloader Pro\Foxreal YouTube FLV Downloader Pro.exe:*:Enabled:Foxreal YouTube FLV Downloader Pro"
"C:\Program Files\1AVCenter\1AVCenter.exe"="C:\Program Files\1AVCenter\1AVCenter.exe:*:Enabled:1AVCenter "
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe"="C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe:*:Enabled:ElcomSoft Distributed Password Recovery Server"
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esdpr.exe"="C:\Program Files\ElcomSoft\Distributed Password Recovery\esdpr.exe:*:Enabled:ElcomSoft Distributed Password Recovery Console"
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe"="C:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe:*:Enabled:ElcomSoft Distributed Agent"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"D:\My Folder\foldrs-slozky-install-portable\TeamViewerPortable_en\TeamViewer.exe"="D:\My Folder\foldrs-slozky-install-portable\TeamViewerPortable_en\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Steam\steamapps\cleverboy\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\cleverboy\counter-strike\hl.exe:*:Enabled:Counter-Strike"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe"="C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer"
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe"="C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe:*:Enabled:ElcomSoft Distributed Password Recovery Server"
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esdpr.exe"="C:\Program Files\ElcomSoft\Distributed Password Recovery\esdpr.exe:*:Enabled:ElcomSoft Distributed Password Recovery Console"
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe"="C:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe:*:Enabled:ElcomSoft Distributed Agent"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
======List of files/folders created in the last 1 months======
2011-03-28 17:37:10 ----D---- C:\Program Files\AutoSizer
2011-03-28 17:29:14 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\FDRLab
2011-03-27 22:42:56 ----D---- C:\Program Files\DropMyRights
2011-03-27 17:13:30 ----A---- C:\WINDOWS\system32\mfc45.dll
2011-03-27 17:13:27 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\iolo
2011-03-27 17:13:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\iolo
2011-03-27 13:43:37 ----D---- C:\WINDOWS\system32\drivers\NBRTWizard
2011-03-27 13:43:25 ----D---- C:\Program Files\Norton Bootable Recovery Tool Wizard
2011-03-27 12:40:20 ----D---- C:\Program Files\AnVir Task Manager Free
2011-03-27 12:35:44 ----D---- C:\Program Files\EULAlyzer
2011-03-27 12:34:13 ----D---- C:\Program Files\VirusTotalUploader2
2011-03-27 00:39:36 ----D---- C:\Program Files\NortonInstaller
2011-03-27 00:39:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2011-03-26 22:14:03 ----D---- C:\Program Files\COMODO
2011-03-26 20:49:05 ----A---- C:\WINDOWS\system32\drivers\vde3mjk4.sys
2011-03-26 15:01:19 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2011-03-26 15:01:19 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2011-03-26 15:01:18 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2011-03-26 15:01:16 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2011-03-26 15:01:15 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2011-03-26 15:01:14 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2011-03-26 15:01:13 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2011-03-26 15:01:11 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2011-03-26 15:01:09 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2011-03-26 15:01:09 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2011-03-26 15:01:06 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2011-03-26 15:01:05 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2011-03-26 15:01:03 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2011-03-26 15:01:01 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2011-03-26 15:00:59 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2011-03-26 15:00:50 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2011-03-26 15:00:49 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2011-03-26 15:00:48 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2011-03-26 15:00:44 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2011-03-26 15:00:43 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2011-03-26 15:00:42 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2011-03-26 15:00:41 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2011-03-26 15:00:40 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2011-03-26 15:00:38 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2011-03-26 15:00:36 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2011-03-26 15:00:35 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2011-03-26 15:00:35 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2011-03-26 15:00:33 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2011-03-26 15:00:32 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2011-03-26 15:00:32 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2011-03-26 15:00:30 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2011-03-26 15:00:29 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2011-03-26 15:00:27 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2011-03-26 15:00:27 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2011-03-26 15:00:26 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2011-03-26 15:00:25 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2011-03-26 15:00:25 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2011-03-26 15:00:24 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2011-03-26 15:00:22 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2011-03-26 15:00:22 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2011-03-26 15:00:18 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2011-03-26 15:00:18 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2011-03-26 15:00:16 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2011-03-26 15:00:16 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2011-03-26 15:00:15 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2011-03-26 15:00:13 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2011-03-26 15:00:12 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2011-03-26 15:00:11 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2011-03-26 15:00:09 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2011-03-26 15:00:09 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2011-03-26 15:00:08 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2011-03-26 15:00:06 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2011-03-26 15:00:04 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2011-03-26 15:00:04 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2011-03-26 15:00:02 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2011-03-26 15:00:00 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2011-03-26 14:59:59 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2011-03-26 14:59:59 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2011-03-26 14:59:58 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2011-03-26 14:59:56 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2011-03-26 14:59:56 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2011-03-26 14:59:55 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2011-03-26 14:59:55 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2011-03-26 14:59:53 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2011-03-26 14:59:52 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2011-03-26 14:59:50 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2011-03-26 14:59:48 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2011-03-26 14:59:48 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2011-03-26 14:59:43 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2011-03-26 14:59:42 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2011-03-26 14:59:41 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2011-03-26 14:59:40 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2011-03-26 14:59:39 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2011-03-26 14:59:39 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2011-03-26 14:59:37 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2011-03-26 14:59:36 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2011-03-26 14:59:35 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2011-03-26 14:59:34 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2011-03-26 14:59:33 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2011-03-26 14:59:19 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2011-03-26 14:59:18 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2011-03-26 14:59:18 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2011-03-26 14:59:16 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2011-03-26 14:59:14 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2011-03-26 14:59:13 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2011-03-26 14:59:12 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2011-03-26 14:59:10 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2011-03-26 14:59:06 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2011-03-26 14:49:27 ----D---- C:\Program Files\Daum
2011-03-26 11:50:51 ----D---- C:\Program Files\KeyScrambler
2011-03-26 11:50:51 ----A---- C:\WINDOWS\system32\drivers\keyscrambler.sys
2011-03-26 10:52:51 ----SHD---- C:\RECYCLER
2011-03-26 09:15:44 ----ASH---- C:\pagefile.sys
2011-03-25 22:20:36 ----A---- C:\ComboFix.txt
2011-03-25 07:55:32 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\TuneUp Software
2011-03-25 07:44:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2011-03-23 22:37:52 ----D---- C:\Program Files\QTTabBar_1.2.2.1_glb
2011-03-23 21:28:24 ----D---- C:\Program Files\Poznámky.be
2011-03-22 22:17:29 ----D---- C:\Program Files\Common Files\Skype
2011-03-22 22:17:05 ----RD---- C:\Program Files\Skype
2011-03-21 21:57:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\RoboTask
2011-03-21 21:51:20 ----D---- C:\Program Files\RoboTask
2011-03-21 19:45:01 ----D---- C:\Program Files\Google Hacks
2011-03-20 12:51:33 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\TeamViewer
2011-03-20 11:39:46 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Beenokle
2011-03-20 11:39:45 ----D---- C:\Unfiled Notes
2011-03-20 11:39:22 ----D---- C:\Program Files\ZenWriter
2011-03-19 15:45:05 ----D---- C:\Program Files\Common Files\Steam
2011-03-19 15:45:02 ----AD---- C:\Program Files\Steam
2011-03-18 16:28:31 ----D---- C:\WINDOWS\Prefetch
2011-03-18 08:27:22 ----A---- C:\Documents and Settings\All Users\Data aplikací\Microsoft.SqlServer.Compact.351.32.bc
2011-03-18 08:23:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Soluto
2011-03-17 20:29:27 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Winsplit Revolution
2011-03-17 20:29:18 ----D---- C:\Program Files\WinSplit Revolution
2011-03-17 20:26:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Crystal Office
2011-03-17 20:26:17 ----D---- C:\Program Files\Maple Professional
2011-03-17 19:59:12 ----A---- C:\WINDOWS\vncutil.exe
2011-03-17 19:59:12 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2011-03-17 19:59:12 ----A---- C:\WINDOWS\SkyTel.exe
2011-03-17 19:59:12 ----A---- C:\WINDOWS\RtlUpd.exe
2011-03-17 19:59:12 ----A---- C:\WINDOWS\RTLCPL.EXE
2011-03-17 19:59:11 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011-03-17 19:59:10 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2011-03-17 19:59:10 ----A---- C:\WINDOWS\RtkAudioService.exe
2011-03-17 19:59:09 ----A---- C:\WINDOWS\system32\drivers\Monfilt.sys
2011-03-17 19:59:09 ----A---- C:\WINDOWS\RTHDCPL.EXE
2011-03-17 19:59:09 ----A---- C:\WINDOWS\MicCal.exe
2011-03-17 19:59:05 ----A---- C:\WINDOWS\system32\drivers\Ambfilt.sys
2011-03-17 19:59:03 ----D---- C:\Program Files\Realtek
2011-03-17 19:59:03 ----A---- C:\WINDOWS\ALCWZRD.EXE
2011-03-17 19:59:03 ----A---- C:\WINDOWS\ALCMTR.EXE
2011-03-17 19:58:47 ----A---- C:\WINDOWS\RtlExUpd.dll
2011-03-17 15:26:47 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\OpenCandy
2011-03-17 15:26:36 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2011-03-17 15:26:31 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2011-03-17 15:26:10 ----D---- C:\WINDOWS\Logs
2011-03-17 15:24:57 ----D---- C:\Program Files\Winamp
2011-03-17 15:24:57 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Winamp
2011-03-16 15:36:23 ----AD---- C:\Program Files\ICQ7.4
2011-03-15 22:31:24 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\DonationCoder
2011-03-15 22:30:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\DonationCoder
2011-03-15 22:30:25 ----D---- C:\Program Files\FindAndRunRobot
2011-03-15 21:46:19 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\Trillian
2011-03-15 21:45:23 ----D---- C:\Program Files\Trillian
2011-03-13 22:01:52 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\Mozilla
2011-03-13 22:01:34 ----D---- C:\Program Files\Mozilla Firefox
2011-03-13 13:30:23 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Gmail Backup
2011-03-13 09:59:27 ----D---- C:\Program Files\GmailBackup
2011-03-13 09:55:01 ----D---- C:\Shoty
2011-03-13 09:48:29 ----D---- C:\Program Files\ScreenShots
2011-03-12 14:14:59 ----D---- C:\Program Files\ElcomSoft
2011-03-12 12:09:30 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Hornil
2011-03-12 12:08:26 ----D---- C:\Program Files\Two Pilots
2011-03-12 12:08:24 ----D---- C:\Program Files\Cosmetic Guide
2011-03-11 17:46:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\backup
2011-03-11 15:03:21 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Google Chrome Backup
2011-03-11 15:01:00 ----D---- C:\Program Files\Google Chrome Backup
2011-03-10 18:15:55 ----A---- C:\WINDOWS\wcx_ftp.ini
2011-03-10 14:40:21 ----D---- C:\Program Files\Common Files\xing shared
2011-03-10 10:30:02 ----D---- C:\Program Files\iResizer
2011-03-08 18:50:51 ----D---- C:\RECYCLER(2)
2011-03-08 08:31:31 ----D---- C:\WINDOWS\system32\Program Files
2011-03-07 22:14:40 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\FreeHideIP
2011-03-07 22:14:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\FreeHideIP
2011-03-07 22:13:29 ----D---- C:\Program Files\FreeHideIP
2011-03-06 21:49:40 ----D---- C:\Virtual
2011-03-06 21:43:49 ----AD---- C:\Documents and Settings\All Users\Data aplikací\BufferZone
2011-03-06 21:43:32 ----D---- C:\Program Files\BufferZone
2011-03-06 09:32:28 ----A---- C:\Documents and Settings\Martin MTA\Data aplikací\vispa.ini
2011-03-05 17:09:22 ----D---- C:\Program Files\Cain
2011-03-05 08:41:28 ----HD---- C:\WINDOWS\PIF
2011-03-05 08:35:49 ----D---- C:\WINDOWS\ERDNT
2011-03-05 08:27:20 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\JPEGsnoop
2011-03-03 20:36:58 ----D---- C:\Program Files\Common Files\Akamai
2011-03-02 20:27:51 ----D---- C:\Program Files\DAEMON Tools Lite
2011-03-02 20:27:14 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\DAEMON Tools Lite
2011-03-02 20:27:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2011-03-02 19:33:52 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
======List of files/folders modified in the last 1 months======
2011-03-28 21:10:19 ----D---- C:\Program Files\trend micro
2011-03-28 20:48:50 ----D---- C:\WINDOWS\temp
2011-03-28 20:32:41 ----D---- C:\WINDOWS\system32\drivers
2011-03-28 20:30:08 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-28 20:10:55 ----RD---- C:\Program Files
2011-03-28 18:18:44 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\AIMP
2011-03-28 18:02:10 ----AD---- C:\Program Files\QIP 2010
2011-03-28 17:49:20 ----ASD---- C:\WINDOWS\Tasks
2011-03-28 17:48:34 ----RASH---- C:\boot.ini
2011-03-28 17:48:34 ----A---- C:\WINDOWS\win.ini
2011-03-28 17:48:34 ----A---- C:\WINDOWS\system.ini
2011-03-28 17:44:31 ----D---- C:\Program Files\Everything
2011-03-28 17:44:10 ----AD---- C:\WINDOWS
2011-03-28 17:33:18 ----AD---- C:\Program Files\Sandboxie
2011-03-28 07:36:57 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-03-28 07:36:33 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-03-28 07:30:04 ----D---- C:\WINDOWS\Registration
2011-03-27 22:58:12 ----AD---- C:\WINDOWS\system32
2011-03-27 22:58:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-27 22:43:01 ----SHD---- C:\WINDOWS\Installer
2011-03-27 22:42:57 ----D---- C:\Config.Msi
2011-03-27 19:22:01 ----D---- C:\Program Files\Window HTS
2011-03-27 18:37:59 ----D---- C:\Program Files\SUPERAntiSpyware
2011-03-27 18:04:32 ----D---- C:\Program Files\Microsoft Bootvis
2011-03-27 17:58:27 ----D---- C:\WINDOWS\security
2011-03-27 17:42:51 ----AD---- C:\Program Files\IrfanView
2011-03-27 17:20:37 ----D---- C:\WINDOWS\system32\config
2011-03-27 13:46:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2011-03-27 13:31:36 ----HD---- C:\WINDOWS\msdownld.tmp
2011-03-27 12:29:38 ----D---- C:\WINDOWS\system32\drivers\etc
2011-03-26 22:12:36 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Media Player Classic
2011-03-26 20:19:14 ----ASHD---- C:\System Volume Information
2011-03-26 19:51:28 ----D---- C:\WINDOWS\system32\Restore
2011-03-26 18:02:43 ----HD---- C:\WINDOWS\inf
2011-03-26 17:41:59 ----D---- C:\WINDOWS\Microsoft.NET
2011-03-26 17:41:57 ----RSD---- C:\WINDOWS\assembly
2011-03-26 17:32:21 ----D---- C:\WINDOWS\Performance
2011-03-26 17:17:29 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Audacity
2011-03-26 15:01:23 ----D---- C:\WINDOWS\system32\DirectX
2011-03-26 13:56:19 ----D---- C:\WINDOWS\WinSxS
2011-03-26 13:49:10 ----D---- C:\WINDOWS\system32\en-US
2011-03-26 12:22:43 ----AD---- C:\Program Files\Valve
2011-03-26 11:03:44 ----AD---- C:\WINDOWS\system32\wbem
2011-03-26 09:45:19 ----D---- C:\WINDOWS\addins
2011-03-25 22:03:59 ----D---- C:\WINDOWS\AppPatch
2011-03-25 22:03:50 ----D---- C:\Program Files\Common Files
2011-03-25 21:27:05 ----D---- C:\Program Files\Common Files\Windows Live
2011-03-24 23:14:17 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\ICQ
2011-03-24 23:03:40 ----D---- C:\Program Files\CCleaner
2011-03-24 22:42:53 ----D---- C:\ProgramData
2011-03-24 17:48:37 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\Skype
2011-03-24 17:48:34 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\skypePM
2011-03-22 22:17:04 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-03-22 22:11:40 ----D---- C:\Program Files\Defraggler
2011-03-22 14:21:20 ----D---- C:\Program Files\Opera 11.00 beta
2011-03-20 11:39:22 ----RSD---- C:\WINDOWS\Fonts
2011-03-20 09:32:14 ----D---- C:\Program Files\Unlocker
2011-03-20 09:31:54 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\Ventrilo
2011-03-18 18:42:16 ----D---- C:\WINDOWS\Minidump
2011-03-18 17:47:57 ----AD---- C:\Documents and Settings\Martin MTA\Data aplikací\uTorrent
2011-03-18 14:22:45 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-03-17 23:44:50 ----D---- C:\WINDOWS\Debug
2011-03-17 19:59:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-17 19:59:46 ----D---- C:\WINDOWS\system32\RTCOM
2011-03-17 19:59:39 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-17 19:59:02 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-17 19:58:02 ----D---- C:\Program Files\Driver Cleaner
2011-03-13 17:43:44 ----D---- C:\Program Files\Google
2011-03-13 09:39:36 ----AD---- C:\Documents and Settings
2011-03-12 21:45:10 ----D---- C:\Program Files\Boxoft Screen OCR
2011-03-12 21:10:11 ----D---- C:\Program Files\WinRAR
2011-03-12 11:48:46 ----D---- C:\Program Files\XnView
2011-03-10 20:54:09 ----RD---- C:\WINDOWS\Web
2011-03-10 20:53:00 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2011-03-10 18:08:46 ----D---- C:\Documents and Settings\Martin MTA\Data aplikací\KeePass
2011-03-10 17:35:25 ----A---- C:\WINDOWS\Sandboxie.ini
2011-03-10 14:40:39 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Real
2011-03-10 14:40:35 ----D---- C:\Program Files\Real
2011-03-10 14:39:52 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2011-03-10 14:38:50 ----A---- C:\WINDOWS\system32\pndx5032.dll
2011-03-10 14:38:50 ----A---- C:\WINDOWS\system32\pndx5016.dll
2011-03-10 14:38:40 ----A---- C:\WINDOWS\system32\pncrt.dll
2011-03-10 14:38:28 ----A---- C:\WINDOWS\system32\msvcr71.dll
2011-03-10 14:38:28 ----A---- C:\WINDOWS\system32\msvcp71.dll
2011-03-10 14:32:49 ----D---- C:\Program Files\Safari
2011-03-09 15:57:35 ----D---- C:\Program Files\iTunes
2011-03-09 08:24:42 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-09 08:24:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hotcore3;hc3ServiceName; C:\WINDOWS\system32\DRIVERS\hotcore3.sys [2010-09-15 40560]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 REDLIGHT;REDLIGHT; C:\WINDOWS\System32\drivers\REDLIGHT.SYS [2010-11-29 378144]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-03-02 431672]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 videX32;videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [2009-05-05 13976]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R0 xfilt;VIA SATA IDE Hot-plug Driver; C:\WINDOWS\System32\DRIVERS\xfilt.sys [2009-05-05 22168]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-02-23 30680]
R1 AntiLog32;AntiLog32; \??\C:\Program Files\AntiLogger\AntiLog32.sys []
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-02-23 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-02-23 371544]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-02-23 301528]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-02-23 49240]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 CFRMD;CFRMD; C:\WINDOWS\system32\DRIVERS\CFRMD.sys [2010-12-09 66584]
R1 CFRPD;CFRPD; C:\WINDOWS\system32\DRIVERS\CFRPD.sys [2010-12-09 33232]
R1 cpuidlep;CpuIdle Pro System Driver; C:\WINDOWS\system32\drivers\cpuidlep.sys [2010-12-09 4484]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2010-12-19 231248]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-02-23 102232]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-05-27 4830720]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2010-08-19 101904]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2009-06-16 46592]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-06-12 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-02-24 6340200]
R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2010-02-11 114952]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S0 fdulmsko;fdulmsko; C:\WINDOWS\System32\drivers\mavecg.sys []
S3 a24fz05j;a24fz05j; C:\WINDOWS\system32\drivers\a24fz05j.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 ampa;ampa; \??\C:\WINDOWS\system32\ampa.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 cpuz134;cpuz134; \??\C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys []
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\esihdrv.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-06-25 35088]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-11-20 25984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-02-23 42184]
R2 BufferZoneSvc;BufferZone Service; C:\Program Files\BufferZone\CLNTSVC.EXE [2010-11-29 802888]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2011-03-24 72936]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-05-27 602112]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
S4 Cleaner_Validator;COMODO System - Cleaner Service; C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-09 305600]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-03-07 820520]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-25 153376]
S4 MatSvc;Microsoft Automated Troubleshooting Service; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 267568]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 ocster_backup;Ocster Backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [2010-11-26 18200]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org
Verze databáze: 6198
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
28.3.2011 20:50:00
mbam-log-2011-03-28 (20-49-49).txt
Typ kontroly: Rychlý test
Testované objekty: 207075
Uplynulý čas: 11 minut, 40 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 24
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\documents and settings\_ocster_backup_\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic.000\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\all users\application data\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\all users\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\default user\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\localservice\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\martin mta\application data\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\martin mta\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\mta 2\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\mta 3\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\networkservice\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\windows\system32\config\systemprofile\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\windows\system32\keygen.exe (Backdoor.Bot) -> No action taken.
c:\documents and settings\localservice\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\martin mta\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\mta 2\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\networkservice\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\system32\config\systemprofile\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\microsoft.net\keygen.exe (Worm.Rebhip) -> No action taken.
c:\windows\virus.exe (Worm.AutoRun) -> No action taken.
c:\program files\msnmsgr\crack.exe (Backdoor.Bifrose) -> No action taken.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zavirovaný počítač,možná falešná detekce MBAM
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
BOnioo1775
- Návštěvník
- Příspěvky: 67
- Registrován: 24 dub 2010 09:52
Zavirovaný počítač,možná falešná detekce MBAM
Naposledy upravil(a) BOnioo1775 dne 29 bře 2011 21:13, celkem upraveno 3 x.
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovaný počítač,možná falešná detekce MBAM
zavirovaný PC máte. Jednak v RSIT vidím rootkity a za druhé všechny keygeny (jejichž použití je, mimochodem, nezákonné) jsoui de facto doprovázeny adwary a trojany. To, co nalezl MBAM, smažte a dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
BOnioo1775
- Návštěvník
- Příspěvky: 67
- Registrován: 24 dub 2010 09:52
Re: Zavirovaný počítač,možná falešná detekce MBAM
Znám rizika spojena s používáním keygenů a s pravidly fóra a zákony ČR jsem obeznamén. Keygeny nepoužívám,ani žádný crack jsem nestahoval..
ComboFix 11-03-28.01 - Martin MTA 28.03.2011 22:01:51.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.429 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin MTA\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-823518204-1060284298-839522115-1003(2)\INFO2
.
----- BITS: Možné infikované stránky -----
.
hxxp://liveupdate.symantecliveupdate.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-28 do 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-28 15:37 . 2011-03-28 15:37 -------- d-----w- c:\program files\AutoSizer
2011-03-28 15:29 . 2011-03-28 15:29 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\FDRLab
2011-03-27 20:42 . 2011-03-27 20:46 -------- d-----w- c:\program files\DropMyRights
2011-03-27 15:13 . 2011-03-27 15:13 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-03-27 15:13 . 2011-03-27 15:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\iolo
2011-03-27 15:13 . 2011-03-27 15:26 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\iolo
2011-03-27 11:43 . 2011-03-27 11:43 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2011-03-27 11:43 . 2011-03-27 11:43 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2011-03-27 10:40 . 2011-03-27 19:51 -------- d-----w- c:\program files\AnVir Task Manager Free
2011-03-27 10:40 . 2011-03-27 12:39 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\AnVir
2011-03-27 10:35 . 2011-03-27 10:35 -------- d-----w- c:\program files\EULAlyzer
2011-03-27 10:34 . 2011-03-27 10:34 -------- d-----w- c:\program files\VirusTotalUploader2
2011-03-26 22:39 . 2011-03-27 11:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NortonInstaller
2011-03-26 22:39 . 2011-03-27 11:42 -------- d-----w- c:\program files\NortonInstaller
2011-03-26 20:14 . 2011-03-26 20:14 -------- d-----w- c:\program files\COMODO
2011-03-26 18:49 . 2011-03-26 18:49 13312 ----a-w- c:\windows\system32\drivers\vde3mjk4.sys
2011-03-26 13:00 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-03-26 12:59 . 2007-07-19 17:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-03-26 12:49 . 2011-03-26 12:49 -------- d-----w- c:\program files\Daum
2011-03-26 09:50 . 2011-03-26 09:50 -------- d-----w- c:\program files\KeyScrambler
2011-03-26 09:50 . 2010-02-11 15:03 114952 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-03-26 09:03 . 2011-03-28 19:45 -------- d-----w- c:\windows\system32\wbem\Logs
2011-03-25 05:55 . 2011-03-25 05:55 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\TuneUp Software
2011-03-25 05:44 . 2011-03-25 05:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TuneUp Software
2011-03-24 18:46 . 2011-03-25 19:27 -------- d-----w- c:\documents and settings\All Users\Studio14Trial
2011-03-23 21:38 . 2011-03-28 15:08 -------- d---a-w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\LastPass
2011-03-23 20:37 . 2011-03-23 20:37 -------- d-----w- c:\program files\QTTabBar_1.2.2.1_glb
2011-03-23 19:28 . 2011-03-23 19:28 -------- d-----w- c:\program files\Poznámky.be
2011-03-22 20:17 . 2011-03-22 20:17 -------- d-----w- c:\program files\Common Files\Skype
2011-03-22 20:17 . 2011-03-22 20:17 -------- d-----r- c:\program files\Skype
2011-03-22 12:01 . 2011-03-22 12:01 -------- d-----w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\WMTools Downloaded Files
2011-03-21 19:57 . 2011-03-21 19:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RoboTask
2011-03-21 19:51 . 2011-03-21 19:51 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\RoboTask
2011-03-21 19:51 . 2011-03-21 19:51 -------- d-----w- c:\program files\RoboTask
2011-03-21 17:45 . 2011-03-21 17:45 -------- d-----w- c:\program files\Google Hacks
2011-03-20 10:51 . 2011-03-20 12:13 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\TeamViewer
2011-03-20 09:39 . 2011-03-20 09:39 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Beenokle
2011-03-20 09:39 . 2011-03-20 09:39 -------- d-----w- C:\Unfiled Notes
2011-03-20 09:39 . 2011-03-20 09:39 -------- d-----w- c:\program files\ZenWriter
2011-03-19 13:45 . 2011-03-19 13:45 -------- d-----w- c:\program files\Common Files\Steam
2011-03-19 13:45 . 2011-03-28 14:57 -------- d---a-w- c:\program files\Steam
2011-03-19 12:27 . 2011-03-19 12:27 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2011-03-18 06:23 . 2011-03-18 12:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Soluto
2011-03-17 18:29 . 2011-03-17 18:32 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Winsplit Revolution
2011-03-17 18:29 . 2011-03-18 06:20 -------- d-----w- c:\program files\WinSplit Revolution
2011-03-17 18:26 . 2011-03-17 18:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Crystal Office
2011-03-17 18:26 . 2011-03-17 18:26 -------- d-----w- c:\program files\Maple Professional
2011-03-17 17:58 . 2011-02-09 14:56 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-03-17 13:26 . 2011-03-17 17:53 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\OpenCandy
2011-03-17 13:26 . 2011-03-17 13:26 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\OpenCandy
2011-03-17 13:26 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-03-17 13:26 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-03-17 13:26 . 2011-03-26 12:58 -------- d-----w- c:\windows\Logs
2011-03-17 13:24 . 2011-03-27 14:16 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Winamp
2011-03-17 13:24 . 2011-03-17 17:53 -------- d-----w- c:\program files\Winamp
2011-03-16 13:36 . 2011-03-24 20:48 -------- d---a-w- c:\program files\ICQ7.4
2011-03-16 07:53 . 2011-03-16 07:53 -------- d-----w- c:\documents and settings\MTA 2\Data aplikací\Zoner
2011-03-16 07:53 . 2011-03-16 07:53 -------- d-----w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\Zoner
2011-03-15 20:31 . 2011-03-15 20:31 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\DonationCoder
2011-03-15 20:30 . 2011-03-15 20:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DonationCoder
2011-03-15 20:30 . 2011-03-28 19:42 -------- d-----w- c:\program files\FindAndRunRobot
2011-03-15 19:46 . 2011-03-15 19:55 -------- d---a-w- c:\documents and settings\Martin MTA\Data aplikací\Trillian
2011-03-15 19:45 . 2011-03-18 15:50 -------- d-----w- c:\program files\Trillian
2011-03-13 21:41 . 2011-03-16 21:12 -------- d---a-w- c:\documents and settings\MTA 2\Data aplikací\BufferZone
2011-03-13 21:31 . 2011-03-13 21:31 -------- d-----w- c:\documents and settings\MTA 2\SecurityScans
2011-03-13 13:40 . 2011-03-13 13:40 -------- d---a-w- c:\documents and settings\MTA 2\TEMPBZ.TMP
2011-03-13 11:30 . 2011-03-13 11:30 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Gmail Backup
2011-03-13 07:59 . 2011-03-13 07:59 -------- d-----w- c:\program files\GmailBackup
2011-03-13 07:55 . 2011-03-21 18:44 -------- d-----w- C:\Shoty
2011-03-13 07:48 . 2011-03-13 07:55 -------- d-----w- c:\program files\ScreenShots
2011-03-13 07:39 . 2011-03-17 21:54 -------- d-----w- c:\documents and settings\MTA 3
2011-03-12 12:14 . 2011-03-12 12:14 -------- d-----w- c:\program files\ElcomSoft
2011-03-12 10:09 . 2011-03-12 10:09 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Hornil
2011-03-12 10:08 . 2011-03-12 10:08 -------- d-----w- c:\program files\Two Pilots
2011-03-12 10:08 . 2011-03-12 10:08 -------- d-----w- c:\program files\Cosmetic Guide
2011-03-11 15:46 . 2011-03-11 15:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\backup
2011-03-11 15:01 . 2011-03-11 15:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-11 13:03 . 2011-03-11 18:29 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Google Chrome Backup
2011-03-11 13:01 . 2011-03-11 16:53 -------- d-----w- c:\program files\Google Chrome Backup
2011-03-10 12:40 . 2011-03-10 12:40 -------- d-----w- c:\program files\Common Files\xing shared
2011-03-10 08:30 . 2011-03-10 08:30 -------- d-----w- c:\program files\iResizer
2011-03-10 05:59 . 2011-03-10 05:59 -------- d---a-w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\Adobe
2011-03-10 05:59 . 2011-03-10 05:59 -------- d---a-w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\Temp
2011-03-10 05:39 . 2011-03-21 18:14 -------- d---a-w- c:\documents and settings\MTA 2\DRM
2011-03-08 06:31 . 2011-03-08 06:31 -------- d-----w- c:\windows\system32\Program Files
2011-03-07 20:14 . 2011-03-07 20:14 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\FreeHideIP
2011-03-07 20:14 . 2011-03-07 20:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FreeHideIP
2011-03-07 20:13 . 2011-03-07 20:13 -------- d-----w- c:\program files\FreeHideIP
2011-03-06 19:49 . 2011-03-06 19:49 -------- d-----w- C:\Virtual
2011-03-06 19:43 . 2011-03-28 15:34 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\BufferZone
2011-03-06 19:43 . 2011-03-28 19:40 -------- d-----w- c:\program files\BufferZone
2011-03-05 15:09 . 2011-03-05 17:31 -------- d-----w- c:\program files\Cain
2011-03-05 06:41 . 2011-03-05 06:41 -------- d--h--w- c:\windows\PIF
2011-03-05 06:27 . 2011-03-05 06:27 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\JPEGsnoop
2011-03-03 18:36 . 2011-03-28 19:41 -------- d-----w- c:\program files\Common Files\Akamai
2011-03-02 18:27 . 2011-03-02 18:28 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-03-02 18:27 . 2011-03-20 07:32 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\DAEMON Tools Lite
2011-03-02 18:27 . 2011-03-02 18:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-03-02 17:33 . 2011-03-02 18:28 431672 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-03-01 11:24 . 2011-03-01 11:24 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\GHISLER
2011-02-27 11:59 . 2011-02-27 11:59 -------- d---a-w- c:\documents and settings\Martin MTA\Data aplikací\SecurityHeroes
2011-02-27 08:47 . 2011-02-27 08:49 -------- d-----w- c:\windows\system32\NtmsData
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 12:38 . 2010-11-17 22:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-10 12:38 . 2010-11-17 22:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-25 14:13 . 2010-12-10 17:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-25 14:12 . 2010-11-17 19:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-23 15:04 . 2010-11-17 19:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-11-17 19:08 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-02-23 20:06 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-11-17 19:08 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-11-17 19:08 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-11-17 19:08 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-11-17 19:08 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-11-17 19:08 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-11-17 19:08 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-11-17 19:08 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:51 . 2011-02-22 23:51 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2011-02-09 13:53 . 2004-08-17 13:49 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-17 13:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 01:16 . 2011-02-08 01:16 922112 ------w- c:\windows\system32\imapi2fs.dll
2011-02-08 01:16 . 2011-02-08 01:16 426496 ------w- c:\windows\system32\imapi2.dll
2011-02-02 07:58 . 2010-11-17 14:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-11-17 14:43 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 16:40 . 2011-01-25 12:39 1098680 ----a-w- c:\windows\ampa.exe
2011-01-21 14:44 . 2004-08-17 13:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-21 11:30 . 2011-01-21 11:30 311296 ----a-w- c:\windows\system32\EMRegSys.dll
2011-01-19 09:46 . 2011-01-25 12:39 10936 ----a-w- c:\windows\system32\ampa.sys
2011-01-07 14:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-17 13:44 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-29 11:47 . 2010-12-29 11:47 3584 ----a-r- c:\documents and settings\Martin MTA\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-03-18 17:53 . 2011-03-22 20:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay]
@="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}"
[HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]
@="{F594B094-8768-4632-8143-12852EBBD688}"
[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]
@="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}"
[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]
@="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}"
[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shortcutor"="c:\program files\coode software\shortcutor\shortcutor.exe" [2010-12-15 3975680]
"AnVir Task Manager Free"="c:\program files\AnVir Task Manager Free\AnVir.exe" [2010-04-02 1733856]
"RoboTask"="c:\program files\robotask\robotask.exe" [2011-03-01 706560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Everything"="d:\my folder\foldrs-slozky-install-portable\Everything-1.2.1.371.exe" [2009-03-13 602624]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
.
c:\documents and settings\MTA 2\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Safari.lnk - c:\program files\Safari\Safari.exe [2011-2-16 2388264]
.
c:\documents and settings\Martin MTA\Nabˇdka Start\Po spuçtŘnˇ\
Find And Run Robot.lnk - c:\program files\FindAndRunRobot\FindAndRunRobot.exe [2011-3-15 4404736]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 15 (0xf)
"DisableMyMusicDirChange"= 1 (0x1)
"DisableMyPicturesDirChange"= 1 (0x1)
"NoCommonGroups"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupDelayer]
2009-03-08 12:47 73728 ----a-w- c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"HideMyIpSRV"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"Secunia Update Agent"=2 (0x2)
"Secunia PSI Agent"=2 (0x2)
"ose"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"cmdAgent"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"IDriverT"=3 (0x3)
"ocster_backup"=3 (0x3)
"SolutoService"=2 (0x2)
"Steam Client Service"=3 (0x3)
"MatSvc"=3 (0x3)
"Cleaner_Validator"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Foxreal\\YouTube FLV Downloader Pro\\Foxreal YouTube FLV Downloader Pro.exe"=
"c:\\Program Files\\1AVCenter\\1AVCenter.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdprs.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdpr.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esda.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"d:\\My Folder\\foldrs-slozky-install-portable\\TeamViewerPortable_en\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Steam\\steamapps\\cleverboy\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12121:TCP"= 12121:TCP:ElcomSoft Distributed Agents TCP Port
"12122:TCP"= 12122:TCP:ElcomSoft Distributed Password Recovery Console TCP Port
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [5.1.2011 21:50 40560]
R0 REDLIGHT;REDLIGHT;c:\windows\system32\drivers\redlight.sys [29.11.2010 20:16 378144]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [3.1.2011 14:46 121288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.2.2011 22:06 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.11.2010 21:08 301528]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [23.1.2011 16:32 13696]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [9.12.2010 14:14 66584]
R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [9.12.2010 14:15 33232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [17.8.2004 15:49 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.11.2010 21:08 19544]
R2 BufferZoneSvc;BufferZone Service;c:\program files\BufferZone\ClntSvc.exe [29.11.2010 20:16 802888]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [28.12.2010 23:14 101904]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [26.3.2011 11:50 114952]
S0 fdulmsko;fdulmsko;c:\windows\system32\drivers\mavecg.sys --> c:\windows\system32\drivers\mavecg.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.3.2011 19:59 1691480]
S3 ampa;ampa;c:\windows\system32\ampa.sys [25.1.2011 14:39 10936]
S3 cpuz130;cpuz130;\??\c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 esihdrv;esihdrv;\??\c:\docume~1\MARTIN~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\MARTIN~1\LOCALS~1\Temp\esihdrv.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 19:07 35088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S4 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [9.12.2010 14:08 305600]
S4 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [16.11.2010 2:10 267568]
S4 ocster_backup;Ocster Backup;c:\program files\Ocster Backup\bin\backupService-ox.exe [26.11.2010 12:46 18200]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
netsvcs_Untrusted_BZ REG_MULTI_SZ BITS_Untrusted_BZ netman_Untrusted_BZ wuauserv_Untrusted_BZ " winmgmt_Untrusted_BZ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {5FE0D22F-FFC7-4B63-8B3E-9C6CABE5F365} = 10.0.82.65,62.240.184.2
TCP: {9385D163-2321-4B16-8B94-F14A20F7EFD7} = 10.0.82.65,62.240.184.2
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-SolutoService
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-28 22:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,14,1f,c6,ff,17,55,46,a7,8d,19,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,14,1f,c6,ff,17,55,46,a7,8d,19,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet015\Hardware Profiles\Current]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\User\LocalSystem]
@Allowed: (Read) (RestrictedCode)
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(304)
c:\program files\BufferZone\RLHOOK.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(560)
c:\program files\BufferZone\RLHOOK.DLL
.
- - - - - - - > 'csrss.exe'(1864)
c:\program files\BufferZone\RLHOOK.DLL
.
Celkový čas: 2011-03-28 22:21:46
ComboFix-quarantined-files.txt 2011-03-28 20:21
ComboFix2.txt 2011-03-25 20:20
.
Před spuštěním: Volných bajtů: 64 616 763 392
Po spuštění: Volných bajtů: 64 577 855 488
.
Current=15 Default=15 Failed=14 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
- - End Of File - - 9D36DB7DAE009368ECDC52CCD4BCC4C5
ComboFix 11-03-28.01 - Martin MTA 28.03.2011 22:01:51.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.429 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin MTA\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-823518204-1060284298-839522115-1003(2)\INFO2
.
----- BITS: Možné infikované stránky -----
.
hxxp://liveupdate.symantecliveupdate.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-28 do 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-28 15:37 . 2011-03-28 15:37 -------- d-----w- c:\program files\AutoSizer
2011-03-28 15:29 . 2011-03-28 15:29 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\FDRLab
2011-03-27 20:42 . 2011-03-27 20:46 -------- d-----w- c:\program files\DropMyRights
2011-03-27 15:13 . 2011-03-27 15:13 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-03-27 15:13 . 2011-03-27 15:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\iolo
2011-03-27 15:13 . 2011-03-27 15:26 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\iolo
2011-03-27 11:43 . 2011-03-27 11:43 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2011-03-27 11:43 . 2011-03-27 11:43 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2011-03-27 10:40 . 2011-03-27 19:51 -------- d-----w- c:\program files\AnVir Task Manager Free
2011-03-27 10:40 . 2011-03-27 12:39 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\AnVir
2011-03-27 10:35 . 2011-03-27 10:35 -------- d-----w- c:\program files\EULAlyzer
2011-03-27 10:34 . 2011-03-27 10:34 -------- d-----w- c:\program files\VirusTotalUploader2
2011-03-26 22:39 . 2011-03-27 11:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NortonInstaller
2011-03-26 22:39 . 2011-03-27 11:42 -------- d-----w- c:\program files\NortonInstaller
2011-03-26 20:14 . 2011-03-26 20:14 -------- d-----w- c:\program files\COMODO
2011-03-26 18:49 . 2011-03-26 18:49 13312 ----a-w- c:\windows\system32\drivers\vde3mjk4.sys
2011-03-26 13:00 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-03-26 12:59 . 2007-07-19 17:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-03-26 12:49 . 2011-03-26 12:49 -------- d-----w- c:\program files\Daum
2011-03-26 09:50 . 2011-03-26 09:50 -------- d-----w- c:\program files\KeyScrambler
2011-03-26 09:50 . 2010-02-11 15:03 114952 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-03-26 09:03 . 2011-03-28 19:45 -------- d-----w- c:\windows\system32\wbem\Logs
2011-03-25 05:55 . 2011-03-25 05:55 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\TuneUp Software
2011-03-25 05:44 . 2011-03-25 05:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TuneUp Software
2011-03-24 18:46 . 2011-03-25 19:27 -------- d-----w- c:\documents and settings\All Users\Studio14Trial
2011-03-23 21:38 . 2011-03-28 15:08 -------- d---a-w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\LastPass
2011-03-23 20:37 . 2011-03-23 20:37 -------- d-----w- c:\program files\QTTabBar_1.2.2.1_glb
2011-03-23 19:28 . 2011-03-23 19:28 -------- d-----w- c:\program files\Poznámky.be
2011-03-22 20:17 . 2011-03-22 20:17 -------- d-----w- c:\program files\Common Files\Skype
2011-03-22 20:17 . 2011-03-22 20:17 -------- d-----r- c:\program files\Skype
2011-03-22 12:01 . 2011-03-22 12:01 -------- d-----w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\WMTools Downloaded Files
2011-03-21 19:57 . 2011-03-21 19:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RoboTask
2011-03-21 19:51 . 2011-03-21 19:51 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\RoboTask
2011-03-21 19:51 . 2011-03-21 19:51 -------- d-----w- c:\program files\RoboTask
2011-03-21 17:45 . 2011-03-21 17:45 -------- d-----w- c:\program files\Google Hacks
2011-03-20 10:51 . 2011-03-20 12:13 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\TeamViewer
2011-03-20 09:39 . 2011-03-20 09:39 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Beenokle
2011-03-20 09:39 . 2011-03-20 09:39 -------- d-----w- C:\Unfiled Notes
2011-03-20 09:39 . 2011-03-20 09:39 -------- d-----w- c:\program files\ZenWriter
2011-03-19 13:45 . 2011-03-19 13:45 -------- d-----w- c:\program files\Common Files\Steam
2011-03-19 13:45 . 2011-03-28 14:57 -------- d---a-w- c:\program files\Steam
2011-03-19 12:27 . 2011-03-19 12:27 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2011-03-18 06:23 . 2011-03-18 12:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Soluto
2011-03-17 18:29 . 2011-03-17 18:32 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Winsplit Revolution
2011-03-17 18:29 . 2011-03-18 06:20 -------- d-----w- c:\program files\WinSplit Revolution
2011-03-17 18:26 . 2011-03-17 18:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Crystal Office
2011-03-17 18:26 . 2011-03-17 18:26 -------- d-----w- c:\program files\Maple Professional
2011-03-17 17:58 . 2011-02-09 14:56 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-03-17 13:26 . 2011-03-17 17:53 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\OpenCandy
2011-03-17 13:26 . 2011-03-17 13:26 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\OpenCandy
2011-03-17 13:26 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-03-17 13:26 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-03-17 13:26 . 2011-03-26 12:58 -------- d-----w- c:\windows\Logs
2011-03-17 13:24 . 2011-03-27 14:16 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Winamp
2011-03-17 13:24 . 2011-03-17 17:53 -------- d-----w- c:\program files\Winamp
2011-03-16 13:36 . 2011-03-24 20:48 -------- d---a-w- c:\program files\ICQ7.4
2011-03-16 07:53 . 2011-03-16 07:53 -------- d-----w- c:\documents and settings\MTA 2\Data aplikací\Zoner
2011-03-16 07:53 . 2011-03-16 07:53 -------- d-----w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\Zoner
2011-03-15 20:31 . 2011-03-15 20:31 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\DonationCoder
2011-03-15 20:30 . 2011-03-15 20:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DonationCoder
2011-03-15 20:30 . 2011-03-28 19:42 -------- d-----w- c:\program files\FindAndRunRobot
2011-03-15 19:46 . 2011-03-15 19:55 -------- d---a-w- c:\documents and settings\Martin MTA\Data aplikací\Trillian
2011-03-15 19:45 . 2011-03-18 15:50 -------- d-----w- c:\program files\Trillian
2011-03-13 21:41 . 2011-03-16 21:12 -------- d---a-w- c:\documents and settings\MTA 2\Data aplikací\BufferZone
2011-03-13 21:31 . 2011-03-13 21:31 -------- d-----w- c:\documents and settings\MTA 2\SecurityScans
2011-03-13 13:40 . 2011-03-13 13:40 -------- d---a-w- c:\documents and settings\MTA 2\TEMPBZ.TMP
2011-03-13 11:30 . 2011-03-13 11:30 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Gmail Backup
2011-03-13 07:59 . 2011-03-13 07:59 -------- d-----w- c:\program files\GmailBackup
2011-03-13 07:55 . 2011-03-21 18:44 -------- d-----w- C:\Shoty
2011-03-13 07:48 . 2011-03-13 07:55 -------- d-----w- c:\program files\ScreenShots
2011-03-13 07:39 . 2011-03-17 21:54 -------- d-----w- c:\documents and settings\MTA 3
2011-03-12 12:14 . 2011-03-12 12:14 -------- d-----w- c:\program files\ElcomSoft
2011-03-12 10:09 . 2011-03-12 10:09 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Hornil
2011-03-12 10:08 . 2011-03-12 10:08 -------- d-----w- c:\program files\Two Pilots
2011-03-12 10:08 . 2011-03-12 10:08 -------- d-----w- c:\program files\Cosmetic Guide
2011-03-11 15:46 . 2011-03-11 15:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\backup
2011-03-11 15:01 . 2011-03-11 15:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-11 13:03 . 2011-03-11 18:29 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Google Chrome Backup
2011-03-11 13:01 . 2011-03-11 16:53 -------- d-----w- c:\program files\Google Chrome Backup
2011-03-10 12:40 . 2011-03-10 12:40 -------- d-----w- c:\program files\Common Files\xing shared
2011-03-10 08:30 . 2011-03-10 08:30 -------- d-----w- c:\program files\iResizer
2011-03-10 05:59 . 2011-03-10 05:59 -------- d---a-w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\Adobe
2011-03-10 05:59 . 2011-03-10 05:59 -------- d---a-w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\Temp
2011-03-10 05:39 . 2011-03-21 18:14 -------- d---a-w- c:\documents and settings\MTA 2\DRM
2011-03-08 06:31 . 2011-03-08 06:31 -------- d-----w- c:\windows\system32\Program Files
2011-03-07 20:14 . 2011-03-07 20:14 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\FreeHideIP
2011-03-07 20:14 . 2011-03-07 20:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FreeHideIP
2011-03-07 20:13 . 2011-03-07 20:13 -------- d-----w- c:\program files\FreeHideIP
2011-03-06 19:49 . 2011-03-06 19:49 -------- d-----w- C:\Virtual
2011-03-06 19:43 . 2011-03-28 15:34 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\BufferZone
2011-03-06 19:43 . 2011-03-28 19:40 -------- d-----w- c:\program files\BufferZone
2011-03-05 15:09 . 2011-03-05 17:31 -------- d-----w- c:\program files\Cain
2011-03-05 06:41 . 2011-03-05 06:41 -------- d--h--w- c:\windows\PIF
2011-03-05 06:27 . 2011-03-05 06:27 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\JPEGsnoop
2011-03-03 18:36 . 2011-03-28 19:41 -------- d-----w- c:\program files\Common Files\Akamai
2011-03-02 18:27 . 2011-03-02 18:28 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-03-02 18:27 . 2011-03-20 07:32 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\DAEMON Tools Lite
2011-03-02 18:27 . 2011-03-02 18:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-03-02 17:33 . 2011-03-02 18:28 431672 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-03-01 11:24 . 2011-03-01 11:24 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\GHISLER
2011-02-27 11:59 . 2011-02-27 11:59 -------- d---a-w- c:\documents and settings\Martin MTA\Data aplikací\SecurityHeroes
2011-02-27 08:47 . 2011-02-27 08:49 -------- d-----w- c:\windows\system32\NtmsData
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 12:38 . 2010-11-17 22:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-10 12:38 . 2010-11-17 22:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-25 14:13 . 2010-12-10 17:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-25 14:12 . 2010-11-17 19:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-23 15:04 . 2010-11-17 19:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-11-17 19:08 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-02-23 20:06 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-11-17 19:08 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-11-17 19:08 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-11-17 19:08 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-11-17 19:08 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-11-17 19:08 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-11-17 19:08 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-11-17 19:08 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:51 . 2011-02-22 23:51 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2011-02-09 13:53 . 2004-08-17 13:49 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-17 13:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 01:16 . 2011-02-08 01:16 922112 ------w- c:\windows\system32\imapi2fs.dll
2011-02-08 01:16 . 2011-02-08 01:16 426496 ------w- c:\windows\system32\imapi2.dll
2011-02-02 07:58 . 2010-11-17 14:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-11-17 14:43 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 16:40 . 2011-01-25 12:39 1098680 ----a-w- c:\windows\ampa.exe
2011-01-21 14:44 . 2004-08-17 13:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-21 11:30 . 2011-01-21 11:30 311296 ----a-w- c:\windows\system32\EMRegSys.dll
2011-01-19 09:46 . 2011-01-25 12:39 10936 ----a-w- c:\windows\system32\ampa.sys
2011-01-07 14:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-17 13:44 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-29 11:47 . 2010-12-29 11:47 3584 ----a-r- c:\documents and settings\Martin MTA\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-03-18 17:53 . 2011-03-22 20:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay]
@="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}"
[HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]
@="{F594B094-8768-4632-8143-12852EBBD688}"
[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]
@="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}"
[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]
@="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}"
[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shortcutor"="c:\program files\coode software\shortcutor\shortcutor.exe" [2010-12-15 3975680]
"AnVir Task Manager Free"="c:\program files\AnVir Task Manager Free\AnVir.exe" [2010-04-02 1733856]
"RoboTask"="c:\program files\robotask\robotask.exe" [2011-03-01 706560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Everything"="d:\my folder\foldrs-slozky-install-portable\Everything-1.2.1.371.exe" [2009-03-13 602624]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
.
c:\documents and settings\MTA 2\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Safari.lnk - c:\program files\Safari\Safari.exe [2011-2-16 2388264]
.
c:\documents and settings\Martin MTA\Nabˇdka Start\Po spuçtŘnˇ\
Find And Run Robot.lnk - c:\program files\FindAndRunRobot\FindAndRunRobot.exe [2011-3-15 4404736]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 15 (0xf)
"DisableMyMusicDirChange"= 1 (0x1)
"DisableMyPicturesDirChange"= 1 (0x1)
"NoCommonGroups"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupDelayer]
2009-03-08 12:47 73728 ----a-w- c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"HideMyIpSRV"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"Secunia Update Agent"=2 (0x2)
"Secunia PSI Agent"=2 (0x2)
"ose"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"cmdAgent"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"IDriverT"=3 (0x3)
"ocster_backup"=3 (0x3)
"SolutoService"=2 (0x2)
"Steam Client Service"=3 (0x3)
"MatSvc"=3 (0x3)
"Cleaner_Validator"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Foxreal\\YouTube FLV Downloader Pro\\Foxreal YouTube FLV Downloader Pro.exe"=
"c:\\Program Files\\1AVCenter\\1AVCenter.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdprs.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdpr.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esda.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"d:\\My Folder\\foldrs-slozky-install-portable\\TeamViewerPortable_en\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Steam\\steamapps\\cleverboy\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12121:TCP"= 12121:TCP:ElcomSoft Distributed Agents TCP Port
"12122:TCP"= 12122:TCP:ElcomSoft Distributed Password Recovery Console TCP Port
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [5.1.2011 21:50 40560]
R0 REDLIGHT;REDLIGHT;c:\windows\system32\drivers\redlight.sys [29.11.2010 20:16 378144]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [3.1.2011 14:46 121288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.2.2011 22:06 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.11.2010 21:08 301528]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [23.1.2011 16:32 13696]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [9.12.2010 14:14 66584]
R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [9.12.2010 14:15 33232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [17.8.2004 15:49 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.11.2010 21:08 19544]
R2 BufferZoneSvc;BufferZone Service;c:\program files\BufferZone\ClntSvc.exe [29.11.2010 20:16 802888]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [28.12.2010 23:14 101904]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [26.3.2011 11:50 114952]
S0 fdulmsko;fdulmsko;c:\windows\system32\drivers\mavecg.sys --> c:\windows\system32\drivers\mavecg.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.3.2011 19:59 1691480]
S3 ampa;ampa;c:\windows\system32\ampa.sys [25.1.2011 14:39 10936]
S3 cpuz130;cpuz130;\??\c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 esihdrv;esihdrv;\??\c:\docume~1\MARTIN~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\MARTIN~1\LOCALS~1\Temp\esihdrv.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 19:07 35088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S4 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [9.12.2010 14:08 305600]
S4 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [16.11.2010 2:10 267568]
S4 ocster_backup;Ocster Backup;c:\program files\Ocster Backup\bin\backupService-ox.exe [26.11.2010 12:46 18200]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
netsvcs_Untrusted_BZ REG_MULTI_SZ BITS_Untrusted_BZ netman_Untrusted_BZ wuauserv_Untrusted_BZ " winmgmt_Untrusted_BZ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {5FE0D22F-FFC7-4B63-8B3E-9C6CABE5F365} = 10.0.82.65,62.240.184.2
TCP: {9385D163-2321-4B16-8B94-F14A20F7EFD7} = 10.0.82.65,62.240.184.2
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-SolutoService
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-28 22:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,14,1f,c6,ff,17,55,46,a7,8d,19,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,14,1f,c6,ff,17,55,46,a7,8d,19,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet015\Hardware Profiles\Current]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\User\LocalSystem]
@Allowed: (Read) (RestrictedCode)
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(304)
c:\program files\BufferZone\RLHOOK.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(560)
c:\program files\BufferZone\RLHOOK.DLL
.
- - - - - - - > 'csrss.exe'(1864)
c:\program files\BufferZone\RLHOOK.DLL
.
Celkový čas: 2011-03-28 22:21:46
ComboFix-quarantined-files.txt 2011-03-28 20:21
ComboFix2.txt 2011-03-25 20:20
.
Před spuštěním: Volných bajtů: 64 616 763 392
Po spuštění: Volných bajtů: 64 577 855 488
.
Current=15 Default=15 Failed=14 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
- - End Of File - - 9D36DB7DAE009368ECDC52CCD4BCC4C5
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovaný počítač,možná falešná detekce MBAM
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
C:\WINDOWS\System32\drivers\mavecg.sys
Driver::
Akamai
fdulmsko
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
BOnioo1775
- Návštěvník
- Příspěvky: 67
- Registrován: 24 dub 2010 09:52
Re: Zavirovaný počítač,možná falešná detekce MBAM
ComboFix 11-03-28.01 - Martin MTA 28.03.2011 22:40:16.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.474 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin MTA\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin MTA\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AKAMAI
-------\Service_Akamai
-------\Service_fdulmsko
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-28 do 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-28 15:37 . 2011-03-28 15:37 -------- d-----w- c:\program files\AutoSizer
2011-03-28 15:29 . 2011-03-28 15:29 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\FDRLab
2011-03-27 20:42 . 2011-03-27 20:46 -------- d-----w- c:\program files\DropMyRights
2011-03-27 15:13 . 2011-03-27 15:13 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-03-27 15:13 . 2011-03-27 15:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\iolo
2011-03-27 15:13 . 2011-03-27 15:26 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\iolo
2011-03-27 11:43 . 2011-03-27 11:43 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2011-03-27 11:43 . 2011-03-27 11:43 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2011-03-27 10:40 . 2011-03-27 19:51 -------- d-----w- c:\program files\AnVir Task Manager Free
2011-03-27 10:40 . 2011-03-27 12:39 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\AnVir
2011-03-27 10:35 . 2011-03-27 10:35 -------- d-----w- c:\program files\EULAlyzer
2011-03-27 10:34 . 2011-03-27 10:34 -------- d-----w- c:\program files\VirusTotalUploader2
2011-03-26 22:39 . 2011-03-27 11:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NortonInstaller
2011-03-26 22:39 . 2011-03-27 11:42 -------- d-----w- c:\program files\NortonInstaller
2011-03-26 20:14 . 2011-03-26 20:14 -------- d-----w- c:\program files\COMODO
2011-03-26 18:49 . 2011-03-26 18:49 13312 ----a-w- c:\windows\system32\drivers\vde3mjk4.sys
2011-03-26 13:00 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-03-26 12:59 . 2007-07-19 17:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-03-26 12:49 . 2011-03-26 12:49 -------- d-----w- c:\program files\Daum
2011-03-26 09:50 . 2011-03-26 09:50 -------- d-----w- c:\program files\KeyScrambler
2011-03-26 09:50 . 2010-02-11 15:03 114952 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-03-26 09:03 . 2011-03-28 19:45 -------- d-----w- c:\windows\system32\wbem\Logs
2011-03-25 05:55 . 2011-03-25 05:55 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\TuneUp Software
2011-03-25 05:44 . 2011-03-25 05:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TuneUp Software
2011-03-24 18:46 . 2011-03-25 19:27 -------- d-----w- c:\documents and settings\All Users\Studio14Trial
2011-03-23 21:38 . 2011-03-28 15:08 -------- d---a-w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\LastPass
2011-03-23 20:37 . 2011-03-23 20:37 -------- d-----w- c:\program files\QTTabBar_1.2.2.1_glb
2011-03-23 19:28 . 2011-03-23 19:28 -------- d-----w- c:\program files\Poznámky.be
2011-03-22 20:17 . 2011-03-22 20:17 -------- d-----w- c:\program files\Common Files\Skype
2011-03-22 20:17 . 2011-03-22 20:17 -------- d-----r- c:\program files\Skype
2011-03-22 12:01 . 2011-03-22 12:01 -------- d-----w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\WMTools Downloaded Files
2011-03-21 19:57 . 2011-03-21 19:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RoboTask
2011-03-21 19:51 . 2011-03-21 19:51 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\RoboTask
2011-03-21 19:51 . 2011-03-21 19:51 -------- d-----w- c:\program files\RoboTask
2011-03-21 17:45 . 2011-03-21 17:45 -------- d-----w- c:\program files\Google Hacks
2011-03-20 10:51 . 2011-03-20 12:13 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\TeamViewer
2011-03-20 09:39 . 2011-03-20 09:39 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Beenokle
2011-03-20 09:39 . 2011-03-20 09:39 -------- d-----w- C:\Unfiled Notes
2011-03-20 09:39 . 2011-03-20 09:39 -------- d-----w- c:\program files\ZenWriter
2011-03-19 13:45 . 2011-03-19 13:45 -------- d-----w- c:\program files\Common Files\Steam
2011-03-19 13:45 . 2011-03-28 14:57 -------- d---a-w- c:\program files\Steam
2011-03-19 12:27 . 2011-03-19 12:27 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2011-03-18 06:23 . 2011-03-18 12:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Soluto
2011-03-17 18:29 . 2011-03-17 18:32 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Winsplit Revolution
2011-03-17 18:29 . 2011-03-18 06:20 -------- d-----w- c:\program files\WinSplit Revolution
2011-03-17 18:26 . 2011-03-17 18:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Crystal Office
2011-03-17 18:26 . 2011-03-17 18:26 -------- d-----w- c:\program files\Maple Professional
2011-03-17 17:58 . 2011-02-09 14:56 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-03-17 13:26 . 2011-03-17 17:53 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\OpenCandy
2011-03-17 13:26 . 2011-03-17 13:26 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\OpenCandy
2011-03-17 13:26 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-03-17 13:26 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-03-17 13:26 . 2011-03-26 12:58 -------- d-----w- c:\windows\Logs
2011-03-17 13:24 . 2011-03-27 14:16 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Winamp
2011-03-17 13:24 . 2011-03-17 17:53 -------- d-----w- c:\program files\Winamp
2011-03-16 13:36 . 2011-03-24 20:48 -------- d---a-w- c:\program files\ICQ7.4
2011-03-16 07:53 . 2011-03-16 07:53 -------- d-----w- c:\documents and settings\MTA 2\Data aplikací\Zoner
2011-03-16 07:53 . 2011-03-16 07:53 -------- d-----w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\Zoner
2011-03-15 20:31 . 2011-03-15 20:31 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\DonationCoder
2011-03-15 20:30 . 2011-03-15 20:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DonationCoder
2011-03-15 20:30 . 2011-03-28 20:57 -------- d-----w- c:\program files\FindAndRunRobot
2011-03-15 19:46 . 2011-03-15 19:55 -------- d---a-w- c:\documents and settings\Martin MTA\Data aplikací\Trillian
2011-03-15 19:45 . 2011-03-18 15:50 -------- d-----w- c:\program files\Trillian
2011-03-13 21:41 . 2011-03-16 21:12 -------- d---a-w- c:\documents and settings\MTA 2\Data aplikací\BufferZone
2011-03-13 21:31 . 2011-03-13 21:31 -------- d-----w- c:\documents and settings\MTA 2\SecurityScans
2011-03-13 13:40 . 2011-03-13 13:40 -------- d---a-w- c:\documents and settings\MTA 2\TEMPBZ.TMP
2011-03-13 11:30 . 2011-03-13 11:30 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Gmail Backup
2011-03-13 07:59 . 2011-03-13 07:59 -------- d-----w- c:\program files\GmailBackup
2011-03-13 07:55 . 2011-03-21 18:44 -------- d-----w- C:\Shoty
2011-03-13 07:48 . 2011-03-13 07:55 -------- d-----w- c:\program files\ScreenShots
2011-03-13 07:39 . 2011-03-17 21:54 -------- d-----w- c:\documents and settings\MTA 3
2011-03-12 12:14 . 2011-03-12 12:14 -------- d-----w- c:\program files\ElcomSoft
2011-03-12 10:09 . 2011-03-12 10:09 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Hornil
2011-03-12 10:08 . 2011-03-12 10:08 -------- d-----w- c:\program files\Two Pilots
2011-03-12 10:08 . 2011-03-12 10:08 -------- d-----w- c:\program files\Cosmetic Guide
2011-03-11 15:46 . 2011-03-11 15:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\backup
2011-03-11 15:01 . 2011-03-11 15:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-11 13:03 . 2011-03-11 18:29 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Google Chrome Backup
2011-03-11 13:01 . 2011-03-11 16:53 -------- d-----w- c:\program files\Google Chrome Backup
2011-03-10 12:40 . 2011-03-10 12:40 -------- d-----w- c:\program files\Common Files\xing shared
2011-03-10 08:30 . 2011-03-10 08:30 -------- d-----w- c:\program files\iResizer
2011-03-10 05:59 . 2011-03-10 05:59 -------- d---a-w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\Adobe
2011-03-10 05:59 . 2011-03-10 05:59 -------- d---a-w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\Temp
2011-03-10 05:39 . 2011-03-21 18:14 -------- d---a-w- c:\documents and settings\MTA 2\DRM
2011-03-08 06:31 . 2011-03-08 06:31 -------- d-----w- c:\windows\system32\Program Files
2011-03-07 20:14 . 2011-03-07 20:14 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\FreeHideIP
2011-03-07 20:14 . 2011-03-07 20:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FreeHideIP
2011-03-07 20:13 . 2011-03-07 20:13 -------- d-----w- c:\program files\FreeHideIP
2011-03-06 19:49 . 2011-03-06 19:49 -------- d-----w- C:\Virtual
2011-03-06 19:43 . 2011-03-28 15:34 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\BufferZone
2011-03-06 19:43 . 2011-03-28 20:55 -------- d-----w- c:\program files\BufferZone
2011-03-05 15:09 . 2011-03-05 17:31 -------- d-----w- c:\program files\Cain
2011-03-05 06:41 . 2011-03-05 06:41 -------- d--h--w- c:\windows\PIF
2011-03-05 06:27 . 2011-03-05 06:27 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\JPEGsnoop
2011-03-03 18:36 . 2011-03-28 19:41 -------- d-----w- c:\program files\Common Files\Akamai
2011-03-02 18:27 . 2011-03-02 18:28 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-03-02 18:27 . 2011-03-20 07:32 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\DAEMON Tools Lite
2011-03-02 18:27 . 2011-03-02 18:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-03-02 17:33 . 2011-03-02 18:28 431672 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-03-01 11:24 . 2011-03-01 11:24 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\GHISLER
2011-02-27 11:59 . 2011-02-27 11:59 -------- d---a-w- c:\documents and settings\Martin MTA\Data aplikací\SecurityHeroes
2011-02-27 08:47 . 2011-02-27 08:49 -------- d-----w- c:\windows\system32\NtmsData
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 12:38 . 2010-11-17 22:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-10 12:38 . 2010-11-17 22:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-25 14:13 . 2010-12-10 17:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-25 14:12 . 2010-11-17 19:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-23 15:04 . 2010-11-17 19:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-11-17 19:08 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-02-23 20:06 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-11-17 19:08 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-11-17 19:08 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-11-17 19:08 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-11-17 19:08 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-11-17 19:08 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-11-17 19:08 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-11-17 19:08 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:51 . 2011-02-22 23:51 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2011-02-09 13:53 . 2004-08-17 13:49 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-17 13:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 01:16 . 2011-02-08 01:16 922112 ------w- c:\windows\system32\imapi2fs.dll
2011-02-08 01:16 . 2011-02-08 01:16 426496 ------w- c:\windows\system32\imapi2.dll
2011-02-02 07:58 . 2010-11-17 14:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-11-17 14:43 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 16:40 . 2011-01-25 12:39 1098680 ----a-w- c:\windows\ampa.exe
2011-01-21 14:44 . 2004-08-17 13:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-21 11:30 . 2011-01-21 11:30 311296 ----a-w- c:\windows\system32\EMRegSys.dll
2011-01-19 09:46 . 2011-01-25 12:39 10936 ----a-w- c:\windows\system32\ampa.sys
2011-01-07 14:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-17 13:44 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-29 11:47 . 2010-12-29 11:47 3584 ----a-r- c:\documents and settings\Martin MTA\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-03-18 17:53 . 2011-03-22 20:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay]
@="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}"
[HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]
@="{F594B094-8768-4632-8143-12852EBBD688}"
[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]
@="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}"
[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]
@="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}"
[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shortcutor"="c:\program files\coode software\shortcutor\shortcutor.exe" [2010-12-15 3975680]
"AnVir Task Manager Free"="c:\program files\AnVir Task Manager Free\AnVir.exe" [2010-04-02 1733856]
"RoboTask"="c:\program files\robotask\robotask.exe" [2011-03-01 706560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Everything"="d:\my folder\foldrs-slozky-install-portable\Everything-1.2.1.371.exe" [2009-03-13 602624]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
.
c:\documents and settings\MTA 2\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Safari.lnk - c:\program files\Safari\Safari.exe [2011-2-16 2388264]
.
c:\documents and settings\Martin MTA\Nabˇdka Start\Po spuçtŘnˇ\
Find And Run Robot.lnk - c:\program files\FindAndRunRobot\FindAndRunRobot.exe [2011-3-15 4404736]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 15 (0xf)
"DisableMyMusicDirChange"= 1 (0x1)
"DisableMyPicturesDirChange"= 1 (0x1)
"NoCommonGroups"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupDelayer]
2009-03-08 12:47 73728 ----a-w- c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"HideMyIpSRV"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"Secunia Update Agent"=2 (0x2)
"Secunia PSI Agent"=2 (0x2)
"ose"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"cmdAgent"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"IDriverT"=3 (0x3)
"ocster_backup"=3 (0x3)
"SolutoService"=2 (0x2)
"Steam Client Service"=3 (0x3)
"MatSvc"=3 (0x3)
"Cleaner_Validator"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Foxreal\\YouTube FLV Downloader Pro\\Foxreal YouTube FLV Downloader Pro.exe"=
"c:\\Program Files\\1AVCenter\\1AVCenter.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdprs.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdpr.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esda.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"d:\\My Folder\\foldrs-slozky-install-portable\\TeamViewerPortable_en\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Steam\\steamapps\\cleverboy\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12121:TCP"= 12121:TCP:ElcomSoft Distributed Agents TCP Port
"12122:TCP"= 12122:TCP:ElcomSoft Distributed Password Recovery Console TCP Port
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [5.1.2011 21:50 40560]
R0 REDLIGHT;REDLIGHT;c:\windows\system32\drivers\redlight.sys [29.11.2010 20:16 378144]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [3.1.2011 14:46 121288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.2.2011 22:06 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.11.2010 21:08 301528]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [23.1.2011 16:32 13696]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [9.12.2010 14:14 66584]
R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [9.12.2010 14:15 33232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.11.2010 21:08 19544]
R2 BufferZoneSvc;BufferZone Service;c:\program files\BufferZone\ClntSvc.exe [29.11.2010 20:16 802888]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [28.12.2010 23:14 101904]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [26.3.2011 11:50 114952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.3.2011 19:59 1691480]
S3 ampa;ampa;c:\windows\system32\ampa.sys [25.1.2011 14:39 10936]
S3 cpuz130;cpuz130;\??\c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 esihdrv;esihdrv;\??\c:\docume~1\MARTIN~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\MARTIN~1\LOCALS~1\Temp\esihdrv.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 19:07 35088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S4 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [9.12.2010 14:08 305600]
S4 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [16.11.2010 2:10 267568]
S4 ocster_backup;Ocster Backup;c:\program files\Ocster Backup\bin\backupService-ox.exe [26.11.2010 12:46 18200]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
netsvcs_Untrusted_BZ REG_MULTI_SZ BITS_Untrusted_BZ netman_Untrusted_BZ wuauserv_Untrusted_BZ " winmgmt_Untrusted_BZ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {5FE0D22F-FFC7-4B63-8B3E-9C6CABE5F365} = 10.0.82.65,62.240.184.2
TCP: {9385D163-2321-4B16-8B94-F14A20F7EFD7} = 10.0.82.65,62.240.184.2
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-28 22:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,14,1f,c6,ff,17,55,46,a7,8d,19,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,14,1f,c6,ff,17,55,46,a7,8d,19,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet015\Hardware Profiles\Current]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\User\LocalSystem]
@Allowed: (Read) (RestrictedCode)
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1884)
c:\program files\BufferZone\RLHOOK.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(2004)
c:\program files\BufferZone\RLHOOK.DLL
.
- - - - - - - > 'explorer.exe'(2756)
c:\program files\AnVir Task Manager Free\AnvirHook631.dll
c:\windows\system32\RlShellExt.dll
c:\windows\system32\AM.DLL
c:\windows\Resources\themes\Luna\Luna.msstyles
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(1564)
c:\program files\BufferZone\RLHOOK.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\BufferZone\BZRPCSS.EXE
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\BufferZone\BZDCOMLAUNCH.EXE
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
.
**************************************************************************
.
Celkový čas: 2011-03-28 23:03:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-28 21:03
ComboFix2.txt 2011-03-28 20:21
ComboFix3.txt 2011-03-25 20:20
.
Před spuštěním: Volných bajtů: 64 615 260 160
Po spuštění: Volných bajtů: 64 459 628 544
.
Current=15 Default=15 Failed=14 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
- - End Of File - - 7F413A5DFBA800BBEBA43907F01D06DD
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.474 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin MTA\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin MTA\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AKAMAI
-------\Service_Akamai
-------\Service_fdulmsko
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-28 do 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-28 15:37 . 2011-03-28 15:37 -------- d-----w- c:\program files\AutoSizer
2011-03-28 15:29 . 2011-03-28 15:29 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\FDRLab
2011-03-27 20:42 . 2011-03-27 20:46 -------- d-----w- c:\program files\DropMyRights
2011-03-27 15:13 . 2011-03-27 15:13 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-03-27 15:13 . 2011-03-27 15:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\iolo
2011-03-27 15:13 . 2011-03-27 15:26 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\iolo
2011-03-27 11:43 . 2011-03-27 11:43 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2011-03-27 11:43 . 2011-03-27 11:43 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2011-03-27 10:40 . 2011-03-27 19:51 -------- d-----w- c:\program files\AnVir Task Manager Free
2011-03-27 10:40 . 2011-03-27 12:39 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\AnVir
2011-03-27 10:35 . 2011-03-27 10:35 -------- d-----w- c:\program files\EULAlyzer
2011-03-27 10:34 . 2011-03-27 10:34 -------- d-----w- c:\program files\VirusTotalUploader2
2011-03-26 22:39 . 2011-03-27 11:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NortonInstaller
2011-03-26 22:39 . 2011-03-27 11:42 -------- d-----w- c:\program files\NortonInstaller
2011-03-26 20:14 . 2011-03-26 20:14 -------- d-----w- c:\program files\COMODO
2011-03-26 18:49 . 2011-03-26 18:49 13312 ----a-w- c:\windows\system32\drivers\vde3mjk4.sys
2011-03-26 13:00 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-03-26 12:59 . 2007-07-19 17:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-03-26 12:49 . 2011-03-26 12:49 -------- d-----w- c:\program files\Daum
2011-03-26 09:50 . 2011-03-26 09:50 -------- d-----w- c:\program files\KeyScrambler
2011-03-26 09:50 . 2010-02-11 15:03 114952 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-03-26 09:03 . 2011-03-28 19:45 -------- d-----w- c:\windows\system32\wbem\Logs
2011-03-25 05:55 . 2011-03-25 05:55 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\TuneUp Software
2011-03-25 05:44 . 2011-03-25 05:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TuneUp Software
2011-03-24 18:46 . 2011-03-25 19:27 -------- d-----w- c:\documents and settings\All Users\Studio14Trial
2011-03-23 21:38 . 2011-03-28 15:08 -------- d---a-w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\LastPass
2011-03-23 20:37 . 2011-03-23 20:37 -------- d-----w- c:\program files\QTTabBar_1.2.2.1_glb
2011-03-23 19:28 . 2011-03-23 19:28 -------- d-----w- c:\program files\Poznámky.be
2011-03-22 20:17 . 2011-03-22 20:17 -------- d-----w- c:\program files\Common Files\Skype
2011-03-22 20:17 . 2011-03-22 20:17 -------- d-----r- c:\program files\Skype
2011-03-22 12:01 . 2011-03-22 12:01 -------- d-----w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\WMTools Downloaded Files
2011-03-21 19:57 . 2011-03-21 19:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RoboTask
2011-03-21 19:51 . 2011-03-21 19:51 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\RoboTask
2011-03-21 19:51 . 2011-03-21 19:51 -------- d-----w- c:\program files\RoboTask
2011-03-21 17:45 . 2011-03-21 17:45 -------- d-----w- c:\program files\Google Hacks
2011-03-20 10:51 . 2011-03-20 12:13 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\TeamViewer
2011-03-20 09:39 . 2011-03-20 09:39 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Beenokle
2011-03-20 09:39 . 2011-03-20 09:39 -------- d-----w- C:\Unfiled Notes
2011-03-20 09:39 . 2011-03-20 09:39 -------- d-----w- c:\program files\ZenWriter
2011-03-19 13:45 . 2011-03-19 13:45 -------- d-----w- c:\program files\Common Files\Steam
2011-03-19 13:45 . 2011-03-28 14:57 -------- d---a-w- c:\program files\Steam
2011-03-19 12:27 . 2011-03-19 12:27 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2011-03-18 06:23 . 2011-03-18 12:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Soluto
2011-03-17 18:29 . 2011-03-17 18:32 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Winsplit Revolution
2011-03-17 18:29 . 2011-03-18 06:20 -------- d-----w- c:\program files\WinSplit Revolution
2011-03-17 18:26 . 2011-03-17 18:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Crystal Office
2011-03-17 18:26 . 2011-03-17 18:26 -------- d-----w- c:\program files\Maple Professional
2011-03-17 17:58 . 2011-02-09 14:56 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-03-17 13:26 . 2011-03-17 17:53 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\OpenCandy
2011-03-17 13:26 . 2011-03-17 13:26 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\OpenCandy
2011-03-17 13:26 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-03-17 13:26 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-03-17 13:26 . 2011-03-26 12:58 -------- d-----w- c:\windows\Logs
2011-03-17 13:24 . 2011-03-27 14:16 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Winamp
2011-03-17 13:24 . 2011-03-17 17:53 -------- d-----w- c:\program files\Winamp
2011-03-16 13:36 . 2011-03-24 20:48 -------- d---a-w- c:\program files\ICQ7.4
2011-03-16 07:53 . 2011-03-16 07:53 -------- d-----w- c:\documents and settings\MTA 2\Data aplikací\Zoner
2011-03-16 07:53 . 2011-03-16 07:53 -------- d-----w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\Zoner
2011-03-15 20:31 . 2011-03-15 20:31 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\DonationCoder
2011-03-15 20:30 . 2011-03-15 20:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DonationCoder
2011-03-15 20:30 . 2011-03-28 20:57 -------- d-----w- c:\program files\FindAndRunRobot
2011-03-15 19:46 . 2011-03-15 19:55 -------- d---a-w- c:\documents and settings\Martin MTA\Data aplikací\Trillian
2011-03-15 19:45 . 2011-03-18 15:50 -------- d-----w- c:\program files\Trillian
2011-03-13 21:41 . 2011-03-16 21:12 -------- d---a-w- c:\documents and settings\MTA 2\Data aplikací\BufferZone
2011-03-13 21:31 . 2011-03-13 21:31 -------- d-----w- c:\documents and settings\MTA 2\SecurityScans
2011-03-13 13:40 . 2011-03-13 13:40 -------- d---a-w- c:\documents and settings\MTA 2\TEMPBZ.TMP
2011-03-13 11:30 . 2011-03-13 11:30 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Gmail Backup
2011-03-13 07:59 . 2011-03-13 07:59 -------- d-----w- c:\program files\GmailBackup
2011-03-13 07:55 . 2011-03-21 18:44 -------- d-----w- C:\Shoty
2011-03-13 07:48 . 2011-03-13 07:55 -------- d-----w- c:\program files\ScreenShots
2011-03-13 07:39 . 2011-03-17 21:54 -------- d-----w- c:\documents and settings\MTA 3
2011-03-12 12:14 . 2011-03-12 12:14 -------- d-----w- c:\program files\ElcomSoft
2011-03-12 10:09 . 2011-03-12 10:09 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Hornil
2011-03-12 10:08 . 2011-03-12 10:08 -------- d-----w- c:\program files\Two Pilots
2011-03-12 10:08 . 2011-03-12 10:08 -------- d-----w- c:\program files\Cosmetic Guide
2011-03-11 15:46 . 2011-03-11 15:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\backup
2011-03-11 15:01 . 2011-03-11 15:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-11 13:03 . 2011-03-11 18:29 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\Google Chrome Backup
2011-03-11 13:01 . 2011-03-11 16:53 -------- d-----w- c:\program files\Google Chrome Backup
2011-03-10 12:40 . 2011-03-10 12:40 -------- d-----w- c:\program files\Common Files\xing shared
2011-03-10 08:30 . 2011-03-10 08:30 -------- d-----w- c:\program files\iResizer
2011-03-10 05:59 . 2011-03-10 05:59 -------- d---a-w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\Adobe
2011-03-10 05:59 . 2011-03-10 05:59 -------- d---a-w- c:\documents and settings\MTA 2\Local Settings\Data aplikací\Temp
2011-03-10 05:39 . 2011-03-21 18:14 -------- d---a-w- c:\documents and settings\MTA 2\DRM
2011-03-08 06:31 . 2011-03-08 06:31 -------- d-----w- c:\windows\system32\Program Files
2011-03-07 20:14 . 2011-03-07 20:14 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\FreeHideIP
2011-03-07 20:14 . 2011-03-07 20:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FreeHideIP
2011-03-07 20:13 . 2011-03-07 20:13 -------- d-----w- c:\program files\FreeHideIP
2011-03-06 19:49 . 2011-03-06 19:49 -------- d-----w- C:\Virtual
2011-03-06 19:43 . 2011-03-28 15:34 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\BufferZone
2011-03-06 19:43 . 2011-03-28 20:55 -------- d-----w- c:\program files\BufferZone
2011-03-05 15:09 . 2011-03-05 17:31 -------- d-----w- c:\program files\Cain
2011-03-05 06:41 . 2011-03-05 06:41 -------- d--h--w- c:\windows\PIF
2011-03-05 06:27 . 2011-03-05 06:27 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\JPEGsnoop
2011-03-03 18:36 . 2011-03-28 19:41 -------- d-----w- c:\program files\Common Files\Akamai
2011-03-02 18:27 . 2011-03-02 18:28 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-03-02 18:27 . 2011-03-20 07:32 -------- d-----w- c:\documents and settings\Martin MTA\Data aplikací\DAEMON Tools Lite
2011-03-02 18:27 . 2011-03-02 18:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2011-03-02 17:33 . 2011-03-02 18:28 431672 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-03-01 11:24 . 2011-03-01 11:24 -------- d-----w- c:\documents and settings\Martin MTA\Local Settings\Data aplikací\GHISLER
2011-02-27 11:59 . 2011-02-27 11:59 -------- d---a-w- c:\documents and settings\Martin MTA\Data aplikací\SecurityHeroes
2011-02-27 08:47 . 2011-02-27 08:49 -------- d-----w- c:\windows\system32\NtmsData
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 12:38 . 2010-11-17 22:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-10 12:38 . 2010-11-17 22:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-25 14:13 . 2010-12-10 17:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-25 14:12 . 2010-11-17 19:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-23 15:04 . 2010-11-17 19:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-11-17 19:08 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-02-23 20:06 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-11-17 19:08 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-11-17 19:08 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-11-17 19:08 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-11-17 19:08 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-11-17 19:08 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-11-17 19:08 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-11-17 19:08 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:51 . 2011-02-22 23:51 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2011-02-09 13:53 . 2004-08-17 13:49 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-17 13:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 01:16 . 2011-02-08 01:16 922112 ------w- c:\windows\system32\imapi2fs.dll
2011-02-08 01:16 . 2011-02-08 01:16 426496 ------w- c:\windows\system32\imapi2.dll
2011-02-02 07:58 . 2010-11-17 14:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-11-17 14:43 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 16:40 . 2011-01-25 12:39 1098680 ----a-w- c:\windows\ampa.exe
2011-01-21 14:44 . 2004-08-17 13:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-21 11:30 . 2011-01-21 11:30 311296 ----a-w- c:\windows\system32\EMRegSys.dll
2011-01-19 09:46 . 2011-01-25 12:39 10936 ----a-w- c:\windows\system32\ampa.sys
2011-01-07 14:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-17 13:44 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-29 11:47 . 2010-12-29 11:47 3584 ----a-r- c:\documents and settings\Martin MTA\Data aplikací\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-03-18 17:53 . 2011-03-22 20:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay]
@="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}"
[HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]
@="{F594B094-8768-4632-8143-12852EBBD688}"
[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]
@="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}"
[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]
@="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}"
[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]
2010-11-29 18:16 1280288 ----a-w- c:\windows\system32\RlShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shortcutor"="c:\program files\coode software\shortcutor\shortcutor.exe" [2010-12-15 3975680]
"AnVir Task Manager Free"="c:\program files\AnVir Task Manager Free\AnVir.exe" [2010-04-02 1733856]
"RoboTask"="c:\program files\robotask\robotask.exe" [2011-03-01 706560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Everything"="d:\my folder\foldrs-slozky-install-portable\Everything-1.2.1.371.exe" [2009-03-13 602624]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
.
c:\documents and settings\MTA 2\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Safari.lnk - c:\program files\Safari\Safari.exe [2011-2-16 2388264]
.
c:\documents and settings\Martin MTA\Nabˇdka Start\Po spuçtŘnˇ\
Find And Run Robot.lnk - c:\program files\FindAndRunRobot\FindAndRunRobot.exe [2011-3-15 4404736]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 15 (0xf)
"DisableMyMusicDirChange"= 1 (0x1)
"DisableMyPicturesDirChange"= 1 (0x1)
"NoCommonGroups"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupDelayer]
2009-03-08 12:47 73728 ----a-w- c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"HideMyIpSRV"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"Secunia Update Agent"=2 (0x2)
"Secunia PSI Agent"=2 (0x2)
"ose"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"cmdAgent"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"IDriverT"=3 (0x3)
"ocster_backup"=3 (0x3)
"SolutoService"=2 (0x2)
"Steam Client Service"=3 (0x3)
"MatSvc"=3 (0x3)
"Cleaner_Validator"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera 11.00 beta\\opera.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Foxreal\\YouTube FLV Downloader Pro\\Foxreal YouTube FLV Downloader Pro.exe"=
"c:\\Program Files\\1AVCenter\\1AVCenter.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdprs.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdpr.exe"=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esda.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"d:\\My Folder\\foldrs-slozky-install-portable\\TeamViewerPortable_en\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Steam\\steamapps\\cleverboy\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12121:TCP"= 12121:TCP:ElcomSoft Distributed Agents TCP Port
"12122:TCP"= 12122:TCP:ElcomSoft Distributed Password Recovery Console TCP Port
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [5.1.2011 21:50 40560]
R0 REDLIGHT;REDLIGHT;c:\windows\system32\drivers\redlight.sys [29.11.2010 20:16 378144]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [3.1.2011 14:46 121288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.2.2011 22:06 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.11.2010 21:08 301528]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [23.1.2011 16:32 13696]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [9.12.2010 14:14 66584]
R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [9.12.2010 14:15 33232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.11.2010 21:08 19544]
R2 BufferZoneSvc;BufferZone Service;c:\program files\BufferZone\ClntSvc.exe [29.11.2010 20:16 802888]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [28.12.2010 23:14 101904]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [26.3.2011 11:50 114952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.3.2011 19:59 1691480]
S3 ampa;ampa;c:\windows\system32\ampa.sys [25.1.2011 14:39 10936]
S3 cpuz130;cpuz130;\??\c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 esihdrv;esihdrv;\??\c:\docume~1\MARTIN~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\MARTIN~1\LOCALS~1\Temp\esihdrv.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 19:07 35088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S4 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [9.12.2010 14:08 305600]
S4 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [16.11.2010 2:10 267568]
S4 ocster_backup;Ocster Backup;c:\program files\Ocster Backup\bin\backupService-ox.exe [26.11.2010 12:46 18200]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
netsvcs_Untrusted_BZ REG_MULTI_SZ BITS_Untrusted_BZ netman_Untrusted_BZ wuauserv_Untrusted_BZ " winmgmt_Untrusted_BZ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {5FE0D22F-FFC7-4B63-8B3E-9C6CABE5F365} = 10.0.82.65,62.240.184.2
TCP: {9385D163-2321-4B16-8B94-F14A20F7EFD7} = 10.0.82.65,62.240.184.2
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-28 22:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,14,1f,c6,ff,17,55,46,a7,8d,19,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,14,1f,c6,ff,17,55,46,a7,8d,19,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet015\Hardware Profiles\Current]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\User\LocalSystem]
@Allowed: (Read) (RestrictedCode)
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1884)
c:\program files\BufferZone\RLHOOK.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(2004)
c:\program files\BufferZone\RLHOOK.DLL
.
- - - - - - - > 'explorer.exe'(2756)
c:\program files\AnVir Task Manager Free\AnvirHook631.dll
c:\windows\system32\RlShellExt.dll
c:\windows\system32\AM.DLL
c:\windows\Resources\themes\Luna\Luna.msstyles
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(1564)
c:\program files\BufferZone\RLHOOK.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\BufferZone\BZRPCSS.EXE
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\BufferZone\BZDCOMLAUNCH.EXE
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
.
**************************************************************************
.
Celkový čas: 2011-03-28 23:03:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-28 21:03
ComboFix2.txt 2011-03-28 20:21
ComboFix3.txt 2011-03-25 20:20
.
Před spuštěním: Volných bajtů: 64 615 260 160
Po spuštění: Volných bajtů: 64 459 628 544
.
Current=15 Default=15 Failed=14 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
- - End Of File - - 7F413A5DFBA800BBEBA43907F01D06DD
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovaný počítač,možná falešná detekce MBAM
Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
BOnioo1775
- Návštěvník
- Příspěvky: 67
- Registrován: 24 dub 2010 09:52
Re: Zavirovaný počítač,možná falešná detekce MBAM
To není možné ...Provedl jsem opět rychlý sken MBAMem ..čekal jsem,že problém zmizí namísto toho přibylo 7 virů navíc..
Ty Trojani se množí ..nejdou vyhledat ,nejspíš nějaký zakeřný typ rootkitu ..Prosím o pomoc Urgentní
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org
Verze databáze: 6198
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
28.3.2011 23:12:57
mbam-log-2011-03-28 (23-12-53).txt
Typ kontroly: Rychlý test
Testované objekty: 222700
Uplynulý čas: 5 minut, 28 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 30
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\documents and settings\_ocster_backup_\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic.000\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\all users\application data\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\all users\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\default user\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\localservice\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\martin mta\application data\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\martin mta\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\mta 2\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\mta 3\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\networkservice\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\windows\system32\config\systemprofile\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\windows\system32\keygen.exe (Backdoor.Bot) -> No action taken.
c:\documents and settings\_ocster_backup_\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic.000\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\administrator\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\default user\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\localservice\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\martin mta\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\mta 2\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\mta 3\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\networkservice\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\system32\config\systemprofile\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\microsoft.net\keygen.exe (Worm.Rebhip) -> No action taken.
c:\windows\virus.exe (Worm.AutoRun) -> No action taken.
c:\program files\msnmsgr\crack.exe (Backdoor.Bifrose) -> No action taken.
Ty Trojani se množí ..nejdou vyhledat ,nejspíš nějaký zakeřný typ rootkitu ..Prosím o pomoc Urgentní
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org
Verze databáze: 6198
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
28.3.2011 23:12:57
mbam-log-2011-03-28 (23-12-53).txt
Typ kontroly: Rychlý test
Testované objekty: 222700
Uplynulý čas: 5 minut, 28 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 30
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\documents and settings\_ocster_backup_\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic.000\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\all users\application data\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\all users\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\default user\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\localservice\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\martin mta\application data\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\martin mta\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\mta 2\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\mta 3\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\networkservice\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\windows\system32\config\systemprofile\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\windows\system32\keygen.exe (Backdoor.Bot) -> No action taken.
c:\documents and settings\_ocster_backup_\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic.000\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\administrator\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\default user\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\localservice\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\martin mta\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\mta 2\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\mta 3\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\networkservice\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\system32\config\systemprofile\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\microsoft.net\keygen.exe (Worm.Rebhip) -> No action taken.
c:\windows\virus.exe (Worm.AutoRun) -> No action taken.
c:\program files\msnmsgr\crack.exe (Backdoor.Bifrose) -> No action taken.
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovaný počítač,možná falešná detekce MBAM
Smažte vše, co MBAM nalezl. Před tím jste patrně nemazal.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
BOnioo1775
- Návštěvník
- Příspěvky: 67
- Registrován: 24 dub 2010 09:52
Re: Zavirovaný počítač,možná falešná detekce MBAM
Pochybujete,že neumím smazat,to co mi MBAM vyjede? Už v úvodu zmiňuji,že jsem zvolil "Odstranit Vybrané" a MBAM mě vyzval k restartu počítače,což jsem udělal a stále po provedení skenu hlásí nákazu..také jsem napsal,že jsem použil Avenger,..myslíte,že jsem 3x pochybil s MBAMem a zárověn s Avengerem?
Tu je aktuální log z MBAM i po několika pokusech o smazání:
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org
Verze databáze: 6198
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
29.3.2011 19:43:14
mbam-log-2011-03-29 (19-43-11).txt
Typ kontroly: Rychlý test
Testované objekty: 222987
Uplynulý čas: 6 minut, 10 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 30
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\documents and settings\_ocster_backup_\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic.000\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\all users\application data\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\all users\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\default user\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\localservice\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\martin mta\application data\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\martin mta\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\mta 2\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\mta 3\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\networkservice\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\windows\system32\config\systemprofile\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\windows\system32\keygen.exe (Backdoor.Bot) -> No action taken.
c:\documents and settings\_ocster_backup_\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic.000\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\administrator\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\default user\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\localservice\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\martin mta\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\mta 2\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\mta 3\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\networkservice\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\system32\config\systemprofile\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\microsoft.net\keygen.exe (Worm.Rebhip) -> No action taken.
c:\windows\virus.exe (Worm.AutoRun) -> No action taken.
c:\program files\msnmsgr\crack.exe (Backdoor.Bifrose) -> No action taken.
Tu je aktuální log z MBAM i po několika pokusech o smazání:
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org
Verze databáze: 6198
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
29.3.2011 19:43:14
mbam-log-2011-03-29 (19-43-11).txt
Typ kontroly: Rychlý test
Testované objekty: 222987
Uplynulý čas: 6 minut, 10 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 30
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\documents and settings\_ocster_backup_\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic.000\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\all users\application data\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\all users\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\default user\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\localservice\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\martin mta\application data\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\martin mta\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\mta 2\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\mta 3\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\networkservice\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\windows\system32\config\systemprofile\data aplikací\local\microsoft\windows\explorer\keygen.exe (Trojan.Agent) -> No action taken.
c:\windows\system32\keygen.exe (Backdoor.Bot) -> No action taken.
c:\documents and settings\_ocster_backup_\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic.000\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\administrator.butterfl-3jcaic\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\administrator\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\default user\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\localservice\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\martin mta\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\mta 2\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\mta 3\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\networkservice\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\system32\config\systemprofile\local settings\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\temp\ixp000.tmp\keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\windows\microsoft.net\keygen.exe (Worm.Rebhip) -> No action taken.
c:\windows\virus.exe (Worm.AutoRun) -> No action taken.
c:\program files\msnmsgr\crack.exe (Backdoor.Bifrose) -> No action taken.
-
BOnioo1775
- Návštěvník
- Příspěvky: 67
- Registrován: 24 dub 2010 09:52
Re: Zavirovaný počítač,možná falešná detekce MBAM
Omlouvám se,problém vyřešen..
Problém byl v tom,že MBAM byl uloženej v izolovaným prostředí "Bufferzone",což způsobilo,že po vypnutí programu se vše obnoví do stavu,kdy byl MBAM vložen do izolovaného prostředí Bufferzone..Stačilo přidat MBAM mezi Důvěryhodné v Bufferzone Pro.
Problém byl v tom,že MBAM byl uloženej v izolovaným prostředí "Bufferzone",což způsobilo,že po vypnutí programu se vše obnoví do stavu,kdy byl MBAM vložen do izolovaného prostředí Bufferzone..Stačilo přidat MBAM mezi Důvěryhodné v Bufferzone Pro.
Naposledy upravil(a) BOnioo1775 dne 29 bře 2011 19:08, celkem upraveno 2 x.
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovaný počítač,možná falešná detekce MBAM
OK, to beru. 
Měl byste mít čisto.
Měl byste mít čisto.Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
BOnioo1775
- Návštěvník
- Příspěvky: 67
- Registrován: 24 dub 2010 09:52
Re: Zavirovaný počítač,možná falešná detekce MBAM
OK,dík za vše..
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovaný počítač,možná falešná detekce MBAM
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?