udajna chyba systemu, Windows Repair

[Lmbzb]

Dobry den, pomuzete mi prosim? V Pc se mi usidlil virus, ktery hlasi, ze nastala chyba operacniho systemu. Rika si Windows Repair. Vzdy po restartu se objevi jeho okno a cerne pozadi plochy. Nejde spustit spravce uloh a vetsinou ani internetovy prohlizec. Pokusy o obnovu systemu konci neuspesne. Ze zacatku nesel ani Avast, ale ten ted uz funguje. Avastem jsem udelal test po restartu, neco nasel, ale stav to nezmenilo. Nyni se musim na internet pripojovat pres Ubuntu, ktere na pocitaci take mam.

Log z RSIT, spoustel jsem ho v nouzovem rezimu Windows:

Logfile of random's system information tool 1.08 (written by random/random)

Run by Milos Bilek at 2011-03-28 10:36:33

Systém Microsoft Windows XP Professional Service Pack 3

System drive C: has 5 GB (16%) free of 30 GB

Total RAM: 1023 MB (78% free)



Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:36:43, on 28.3.2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

D:\viry.exe

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

C:\Program Files\trend micro\Milos Bilek.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [JmpyxPEOWqPO] C:\Documents and Settings\All Users\Data aplikací\JmpyxPEOWqPO.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Proces mezipamìti kategorií souèástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: IDL DicomEx Storage SCP - Unknown owner - C:\Program Files\ITT\IDL71\bin\bin.x86\idl_dicomexstorscp.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe



--

End of file - 4872 bytes



======Registry dump======



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-23 41368]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-23 73728]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - C:\Program Files\Seznam\Postak\SRank.dll [2005-05-17 266240]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2006-01-30 98304]

"SMail"=C:\Program Files\Seznam\Postak\Postak.exe [2005-11-30 450560]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-23 148888]

"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]

"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2011-01-13 3396624]



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"JmpyxPEOWqPO"=C:\Documents and Settings\All Users\Data aplikací\JmpyxPEOWqPO.exe [2011-03-28 546816]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

C:\PROGRA~1\Eraser\Eraser.exe [2010-04-10 979344]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=1



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableTaskMgr"=1



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"



======List of files/folders created in the last 1 months======



2011-03-28 10:15:10 ----HD---- C:\Documents and Settings\Milos Bilek\Data aplikací\gtk-2.0

2011-03-28 01:23:11 ----A---- C:\WINDOWS\ntbtlog.txt

2011-03-28 01:23:10 ----ASH---- C:\pagefile.sys

2011-03-28 01:18:06 ----A---- C:\Documents and Settings\All Users\Data aplikací\19193652.exe

2011-03-28 00:37:45 ----A---- C:\Documents and Settings\All Users\Data aplikací\JmpyxPEOWqPO.exe

2011-03-25 01:08:52 ----D---- C:\Program Files\Inlite

2011-03-24 20:30:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$

2011-03-19 00:55:09 ----HD---- C:\Documents and Settings\Milos Bilek\Data aplikací\CAD-KAS

2011-03-19 00:54:47 ----D---- C:\Program Files\PDF Editor 3

2011-03-19 00:54:47 ----A---- C:\WINDOWS\cadkasdeinst01e.exe

2011-03-16 16:47:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$

2011-03-10 02:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$

2011-03-10 02:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$



======List of files/folders modified in the last 1 months======



2011-03-28 10:36:36 ----D---- C:\Program Files\trend micro

2011-03-28 10:31:01 ----D---- C:\WINDOWS\Temp

2011-03-28 10:30:44 ----A---- C:\WINDOWS\SchedLgU.Txt

2011-03-28 10:15:10 ----D---- C:\Program Files\ImageJ

2011-03-28 10:15:09 ----HD---- C:\Documents and Settings\Milos Bilek\Data aplikací\uTorrent

2011-03-28 10:15:09 ----D---- C:\WINDOWS

2011-03-28 10:15:09 ----D---- C:\Program Files\Astroart4 Demo

2011-03-28 10:15:05 ----HD---- C:\WINDOWS\inf

2011-03-28 03:18:15 ----D---- C:\WINDOWS\Prefetch

2011-03-28 00:38:09 ----D---- C:\WINDOWS\system32\drivers

2011-03-27 20:57:36 ----D---- C:\WINDOWS\system32

2011-03-27 20:57:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2011-03-25 01:52:07 ----D---- C:\WINDOWS\system32\CatRoot2

2011-03-25 01:08:52 ----RD---- C:\Program Files

2011-03-24 20:29:42 ----HD---- C:\WINDOWS\$hf_mig$

2011-03-24 15:40:03 ----D---- C:\Program Files\Mozilla Firefox

2011-03-22 01:48:18 ----HD---- C:\Documents and Settings\Milos Bilek\Data aplikací\Adobe

2011-03-19 01:25:54 ----D---- C:\Program Files\Common Files\Adobe

2011-03-16 16:47:42 ----A---- C:\WINDOWS\imsins.BAK

2011-03-16 16:47:38 ----RSHDC---- C:\WINDOWS\system32\dllcache

2011-03-10 02:05:59 ----D---- C:\WINDOWS\Debug

2011-03-10 02:05:47 ----A---- C:\WINDOWS\system32\MRT.exe

2011-03-07 23:10:58 ----A---- C:\WINDOWS\system32\BASSMOD.dll



======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R0 agp440;Filtr Intel sbìrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]

R0 IdeBusDr;IdeBusDr; C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys [2002-10-15 13891]

R0 IdeChnDr;Intel(R) Ultra ATA Controller; C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys [2002-10-15 101431]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-17 44944]

R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]

R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-11-29 18688]

R3 USBSTOR;Ovladaè velkokapacitního pamìového zaøízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 usbuhci;Ovladaè Microsoft univerzálního hostitelského øadièe USB od spoleènosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]

S1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]

S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]

S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]

S1 intelppm;Øadiè procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]

S1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]

S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]

S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]

S2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]

S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-02-25 139776]

S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-10-24 907456]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]

S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]

S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

S3 SD;SD; \??\D:\stazene prog\recover\Sd.Sys []

S3 SMC2862W;SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter Driver; C:\WINDOWS\system32\DRIVERS\2862WICB.sys [2004-09-10 381088]

S3 usbprint;Tøída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]



======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]

S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-23 152984]

S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

S2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]

S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDL DicomEx Storage SCP;IDL DicomEx Storage SCP; C:\Program Files\ITT\IDL71\bin\bin.x86\idl_dicomexstorscp.exe [2009-04-21 57344]

S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]

S4 NetTcpPortSharing;Služba sdílení portù Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]



-----------------EOF-----------------

[JaRon]

pouzi Avenger - jeho script:
Files to delete:
C:\Documents and Settings\All Users\Data aplikací\19193652.exe
c:\Documents and Settings\All Users\Data aplikací\JmpyxPEOWqPO.exe

[Lmbzb]

Diky za odpoved. Okno programu se uz po restartu nespousti a pripojeni k internetu funguje. Spravce uloh stale nejde spustit a pozadi obrazovky se zmenilo z cerne na sedou.
Log z Avangeru:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Documents and Settings\All Users\Data aplikací\19193652.exe" deleted successfully.
File "c:\Documents and Settings\All Users\Data aplikací\JmpyxPEOWqPO.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[JaRon]

prescanuj PC s MBAM

[Lmbzb]

Zde je log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6190

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28.3.2011 12:57:37
mbam-log-2011-03-28 (12-56-47).txt

Typ kontroly: Rychlý test
Testované objekty: 186895
Uplynulý čas: 14 minut, 18 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\milos bilek\local settings\temp\jar_cache6823579333254242920.tmp (Trojan.Downloader) -> No action taken.
c:\documents and settings\milos bilek\local settings\temp\0.23786522374517005.exe (Trojan.Dropper) -> No action taken.

[JaRon]

najdene nechaj odstranit v MBAM - restart a napis ci su este problemy

[Lmbzb]

Spravce uloh jiz spustit jde. Stale je pozadi plochy sedive, vedle tlacitka Start stale chybi ikony (napr. zobrazit plochu), je stale nastaveno jine zobrazovani ikon slozek a souboru nez pred prichodem viru.

[JaRon]

spust ComboFix - log vloz

[Lmbzb]

ComboFix 11-03-27.02 - Milos Bilek 28.03.2011 14:41:50.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.708 [GMT 2:00]
Spuštěný z: d:\viry\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\midas.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-28 do 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-28 10:23 . 2011-03-28 10:23 -------- d-----w- c:\documents and settings\Milos Bilek\Data aplikací\Malwarebytes
2011-03-28 10:23 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-28 10:23 . 2011-03-28 10:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-28 10:23 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-28 08:15 . 2011-03-28 08:15 -------- d--h--w- c:\documents and settings\Milos Bilek\Data aplikací\gtk-2.0
2011-03-28 08:15 . 2011-03-28 08:15 -------- d-----w- c:\documents and settings\Milos Bilek\thumbnails
2011-03-24 23:08 . 2011-03-24 23:08 -------- d-----w- c:\program files\Inlite
2011-03-24 22:37 . 2011-03-28 08:15 -------- d-----w- c:\documents and settings\Milos Bilek\gwyddion
2011-03-18 22:55 . 2011-03-18 22:55 -------- d--h--w- c:\documents and settings\Milos Bilek\Data aplikací\CAD-KAS
2011-03-18 22:54 . 2011-03-18 23:23 -------- d-----w- c:\program files\PDF Editor 3
2011-03-18 22:54 . 2011-03-18 22:54 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2011-03-04 06:59 . 2011-03-24 13:39 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-03-04 06:59 . 2011-03-24 13:39 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-03-04 06:59 . 2011-03-24 13:39 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-04 06:59 . 2011-03-24 13:39 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-17 13:49 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-17 13:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-06-01 20:28 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-06-01 20:28 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-17 13:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-08-25 21:02 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-08-25 21:08 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-08-25 21:08 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-08-25 21:08 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-08-25 21:08 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-08-25 21:08 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-08-25 21:08 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-08-25 21:08 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-08-25 21:08 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-17 13:44 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-01-09_21.34.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-28 11:41 . 2011-03-28 11:41 16384 c:\windows\Temp\Perflib_Perfdata_4ac.dat
+ 2001-10-25 12:00 . 2011-03-27 18:57 71138 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2011-03-27 18:57 82642 c:\windows\system32\perfc005.dat
+ 2004-08-17 13:49 . 2010-12-20 23:52 66560 c:\windows\system32\mshtmled.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 02:31 . 2010-12-20 23:52 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 02:31 . 2010-11-06 00:23 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 43520 c:\windows\system32\licmgr10.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 43520 c:\windows\system32\licmgr10.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-12 17:24 . 2010-12-20 23:52 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-12 17:24 . 2010-11-06 00:23 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-03-08 02:31 . 2010-12-20 23:52 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-03-08 02:31 . 2010-11-06 00:23 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-08-01 20:04 . 2010-11-06 00:23 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-08-01 20:04 . 2010-12-20 23:52 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 02:34 . 2010-11-06 00:23 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 02:34 . 2010-12-20 23:52 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 02:33 . 2010-12-20 23:52 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 02:33 . 2010-11-06 00:23 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-14 07:10 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-17 13:49 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
- 2004-08-17 13:49 . 2009-12-14 07:10 33280 c:\windows\system32\csrsrv.dll
+ 2009-06-05 19:00 . 2011-03-07 21:10 10752 c:\windows\system32\BASSMOD.dll
+ 2011-02-10 09:32 . 2010-11-06 00:23 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-10 09:31 . 2010-11-06 00:23 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-10 09:31 . 2010-11-06 00:23 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-10 09:32 . 2010-11-06 00:23 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-10 09:32 . 2010-11-06 00:23 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2011-02-10 09:31 . 2009-12-14 07:10 33280 c:\windows\$NtUninstallKB2476687$\csrsrv.dll
+ 2011-02-10 09:35 . 2010-07-05 13:13 26488 c:\windows\$hf_mig$\KB2485376\update\spcustom.dll
+ 2011-02-10 09:35 . 2010-07-05 13:13 18296 c:\windows\$hf_mig$\KB2485376\spmsg.dll
+ 2011-02-10 09:35 . 2010-02-22 14:20 26488 c:\windows\$hf_mig$\KB2483185\update\spcustom.dll
+ 2011-02-10 09:35 . 2010-02-22 14:20 18296 c:\windows\$hf_mig$\KB2483185\spmsg.dll
+ 2011-02-10 09:32 . 2010-07-05 13:13 26488 c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll
+ 2011-02-10 09:32 . 2010-07-05 13:13 18296 c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 12800 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 66560 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 55296 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 43520 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 25600 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll
+ 2011-02-10 09:35 . 2010-02-22 14:20 26488 c:\windows\$hf_mig$\KB2479628\update\spcustom.dll
+ 2011-02-10 09:35 . 2010-02-22 14:20 18296 c:\windows\$hf_mig$\KB2479628\spmsg.dll
+ 2011-02-10 09:35 . 2010-02-22 14:20 26488 c:\windows\$hf_mig$\KB2478971\update\spcustom.dll
+ 2011-02-10 09:35 . 2010-02-22 14:20 18296 c:\windows\$hf_mig$\KB2478971\spmsg.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 26488 c:\windows\$hf_mig$\KB2478960\update\spcustom.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 18296 c:\windows\$hf_mig$\KB2478960\spmsg.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 26488 c:\windows\$hf_mig$\KB2476687\update\spcustom.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 18296 c:\windows\$hf_mig$\KB2476687\spmsg.dll
+ 2010-12-09 14:28 . 2010-12-09 14:28 33280 c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll
+ 2011-01-18 18:05 . 2010-02-22 14:20 26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
+ 2011-01-18 18:05 . 2010-02-22 14:20 18296 c:\windows\$hf_mig$\KB2419632\spmsg.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 26488 c:\windows\$hf_mig$\KB2393802\update\spcustom.dll
+ 2011-02-10 09:24 . 2010-12-10 05:42 16896 c:\windows\$hf_mig$\KB2393802\update\mpsyschk.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 18296 c:\windows\$hf_mig$\KB2393802\spmsg.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 916480 c:\windows\system32\wininet.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 916480 c:\windows\system32\wininet.dll
+ 2004-08-17 13:49 . 2009-07-27 23:19 135168 c:\windows\system32\shsvcs.dll
- 2004-08-17 13:49 . 2008-04-14 06:51 135168 c:\windows\system32\shsvcs.dll
+ 2001-10-25 12:00 . 2011-03-27 18:57 440820 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2011-03-27 18:57 437336 c:\windows\system32\perfh005.dat
+ 2004-08-17 13:49 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
- 2004-08-17 13:49 . 2008-04-14 06:51 249856 c:\windows\system32\odbc32.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 206848 c:\windows\system32\occache.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 206848 c:\windows\system32\occache.dll
+ 2004-08-17 13:48 . 2010-12-09 15:15 713216 c:\windows\system32\ntdll.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 611840 c:\windows\system32\mstime.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 611840 c:\windows\system32\mstime.dll
- 2009-03-08 02:32 . 2010-11-06 00:23 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 02:32 . 2010-12-20 23:52 602112 c:\windows\system32\msfeeds.dll
+ 2011-03-24 07:59 . 2011-03-24 07:59 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
+ 2011-03-24 07:59 . 2011-03-24 07:59 311456 c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.dll
+ 2011-03-02 19:08 . 2011-03-02 19:08 235168 c:\windows\system32\Macromed\Flash\FlashUtil10n_Plugin.exe
- 2004-08-17 13:49 . 2009-06-25 08:27 729088 c:\windows\system32\lsasrv.dll
+ 2004-08-17 13:49 . 2010-12-20 17:25 729088 c:\windows\system32\lsasrv.dll
- 2004-08-17 13:49 . 2009-06-25 08:27 301568 c:\windows\system32\kerberos.dll
+ 2004-08-17 13:49 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 184320 c:\windows\system32\iepeers.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 184320 c:\windows\system32\iepeers.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-17 13:49 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-17 13:49 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
+ 2009-06-01 22:20 . 2011-02-10 13:22 149992 c:\windows\system32\FNTCACHE.DAT
- 2009-06-01 22:20 . 2010-12-15 14:07 149992 c:\windows\system32\FNTCACHE.DAT
- 2009-02-20 08:12 . 2010-11-06 00:23 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-02-20 08:12 . 2010-12-20 23:52 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-07-27 23:19 . 2009-07-27 23:19 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44 440320 c:\windows\system32\dllcache\shimgvw.dll
+ 2011-02-09 13:53 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2009-03-08 02:34 . 2010-12-20 23:52 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 02:34 . 2010-11-06 00:23 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-06-02 11:31 . 2010-12-09 15:15 713216 c:\windows\system32\dllcache\ntdll.dll
+ 2009-03-08 02:32 . 2010-12-20 23:52 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 02:32 . 2010-11-06 00:23 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2009-08-01 20:04 . 2010-12-20 23:52 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-08-01 20:04 . 2010-11-06 00:23 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
+ 2009-06-02 11:31 . 2010-12-20 17:25 729088 c:\windows\system32\dllcache\lsasrv.dll
- 2009-06-02 11:31 . 2009-06-25 08:27 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
- 2009-06-25 08:27 . 2009-06-25 08:27 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-25 08:27 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-12 17:24 . 2010-12-20 23:52 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-12 17:24 . 2010-11-06 00:23 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 02:31 . 2010-12-20 23:52 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 02:31 . 2010-11-06 00:23 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 13:28 . 2010-12-20 23:52 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 13:28 . 2010-11-06 00:23 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 12:09 . 2010-12-20 23:52 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 12:09 . 2010-11-06 00:23 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 02:32 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 02:32 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2010-04-20 05:32 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
- 2010-04-20 05:32 . 2010-10-28 13:09 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2011-02-25 22:13 . 2011-02-25 22:13 332288 c:\windows\Installer\1a339d9.msi
+ 2011-02-10 09:31 . 2010-11-06 00:23 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-10 09:32 . 2010-07-05 13:13 391032 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-10 09:32 . 2010-07-05 13:13 233848 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-10 09:31 . 2010-11-06 00:23 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-10 09:31 . 2010-11-06 00:23 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-10 09:31 . 2010-11-06 00:23 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-10 09:32 . 2010-11-06 00:23 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-10 09:32 . 2010-11-06 00:23 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-10 09:32 . 2010-11-06 00:23 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-10 09:32 . 2010-11-06 00:23 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-10 09:32 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2011-02-10 09:35 . 2010-07-05 13:13 391032 c:\windows\$NtUninstallKB2485376$\spuninst\updspapi.dll
+ 2011-02-10 09:35 . 2010-07-05 13:13 233848 c:\windows\$NtUninstallKB2485376$\spuninst\spuninst.exe
+ 2011-02-10 09:35 . 2010-10-28 13:09 290048 c:\windows\$NtUninstallKB2485376$\atmfd.dll
+ 2011-02-10 09:35 . 2010-02-22 14:21 391032 c:\windows\$NtUninstallKB2483185$\spuninst\updspapi.dll
+ 2011-02-10 09:35 . 2010-02-22 14:20 233848 c:\windows\$NtUninstallKB2483185$\spuninst\spuninst.exe
+ 2011-02-10 09:35 . 2008-04-14 06:51 439296 c:\windows\$NtUninstallKB2483185$\shimgvw.dll
+ 2011-02-10 09:35 . 2010-02-22 14:21 391032 c:\windows\$NtUninstallKB2479628$\spuninst\updspapi.dll
+ 2011-02-10 09:35 . 2010-02-22 14:20 233848 c:\windows\$NtUninstallKB2479628$\spuninst\spuninst.exe
+ 2011-02-10 09:35 . 2010-02-22 14:21 391032 c:\windows\$NtUninstallKB2478971$\spuninst\updspapi.dll
+ 2011-02-10 09:35 . 2010-02-22 14:20 233848 c:\windows\$NtUninstallKB2478971$\spuninst\spuninst.exe
+ 2011-02-10 09:35 . 2009-06-25 08:27 301568 c:\windows\$NtUninstallKB2478971$\kerberos.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 391032 c:\windows\$NtUninstallKB2478960$\spuninst\updspapi.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 233848 c:\windows\$NtUninstallKB2478960$\spuninst\spuninst.exe
+ 2011-02-10 09:31 . 2009-06-25 08:27 729088 c:\windows\$NtUninstallKB2478960$\lsasrv.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 391032 c:\windows\$NtUninstallKB2476687$\spuninst\updspapi.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 233848 c:\windows\$NtUninstallKB2476687$\spuninst\spuninst.exe
+ 2011-01-18 18:05 . 2010-02-22 14:21 391032 c:\windows\$NtUninstallKB2419632$\spuninst\updspapi.dll
+ 2011-01-18 18:05 . 2010-02-22 14:20 233848 c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe
+ 2011-01-18 18:05 . 2008-04-14 06:51 249856 c:\windows\$NtUninstallKB2419632$\odbc32.dll
+ 2011-01-18 18:05 . 2008-04-14 06:51 102400 c:\windows\$NtUninstallKB2419632$\msjro.dll
+ 2011-01-18 18:05 . 2008-04-14 06:51 200704 c:\windows\$NtUninstallKB2419632$\msadox.dll
+ 2011-01-18 18:05 . 2008-04-14 06:51 180224 c:\windows\$NtUninstallKB2419632$\msadomd.dll
+ 2011-01-18 18:05 . 2008-04-14 06:51 536576 c:\windows\$NtUninstallKB2419632$\msado15.dll
+ 2011-01-18 18:05 . 2008-04-14 06:51 143360 c:\windows\$NtUninstallKB2419632$\msadco.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 391032 c:\windows\$NtUninstallKB2393802$\spuninst\updspapi.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 233848 c:\windows\$NtUninstallKB2393802$\spuninst\spuninst.exe
+ 2011-02-10 09:31 . 2009-02-09 10:56 709632 c:\windows\$NtUninstallKB2393802$\ntdll.dll
+ 2011-02-10 09:35 . 2010-07-05 13:13 391032 c:\windows\$hf_mig$\KB2485376\update\updspapi.dll
+ 2011-02-10 09:35 . 2010-07-05 13:13 759160 c:\windows\$hf_mig$\KB2485376\update\update.exe
+ 2011-02-10 09:35 . 2010-07-05 13:13 233848 c:\windows\$hf_mig$\KB2485376\spuninst.exe
+ 2011-01-07 14:09 . 2011-01-07 14:09 290048 c:\windows\$hf_mig$\KB2485376\SP3QFE\atmfd.dll
+ 2011-02-10 09:35 . 2010-02-22 14:21 391032 c:\windows\$hf_mig$\KB2483185\update\updspapi.dll
+ 2011-02-10 09:35 . 2010-02-22 14:21 759160 c:\windows\$hf_mig$\KB2483185\update\update.exe
+ 2011-02-10 09:35 . 2010-02-22 14:20 233848 c:\windows\$hf_mig$\KB2483185\spuninst.exe
+ 2011-01-21 14:42 . 2011-01-21 14:42 440832 c:\windows\$hf_mig$\KB2483185\SP3QFE\shimgvw.dll
+ 2011-02-10 09:32 . 2010-07-05 13:13 391032 c:\windows\$hf_mig$\KB2482017-IE8\update\updspapi.dll
+ 2011-02-10 09:32 . 2010-07-05 13:13 759160 c:\windows\$hf_mig$\KB2482017-IE8\update\update.exe
+ 2011-02-10 09:32 . 2010-07-05 13:13 233848 c:\windows\$hf_mig$\KB2482017-IE8\spuninst.exe
+ 2011-02-10 09:25 . 2010-12-20 23:51 919552 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 206848 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\occache.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 611840 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mstime.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 602112 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeeds.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 247808 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieproxy.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 184320 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iepeers.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 743424 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedvtool.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 387584 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedkcs32.dll
+ 2011-02-10 09:25 . 2010-12-20 12:48 173568 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ie4uinit.exe
+ 2011-02-10 09:35 . 2010-02-22 14:21 391032 c:\windows\$hf_mig$\KB2479628\update\updspapi.dll
+ 2011-02-10 09:35 . 2010-02-22 14:21 759160 c:\windows\$hf_mig$\KB2479628\update\update.exe
+ 2011-02-10 09:35 . 2010-02-22 14:20 233848 c:\windows\$hf_mig$\KB2479628\spuninst.exe
+ 2011-02-10 09:35 . 2010-02-22 14:21 391032 c:\windows\$hf_mig$\KB2478971\update\updspapi.dll
+ 2011-02-10 09:35 . 2010-02-22 14:21 759160 c:\windows\$hf_mig$\KB2478971\update\update.exe
+ 2011-02-10 09:35 . 2010-02-22 14:20 233848 c:\windows\$hf_mig$\KB2478971\spuninst.exe
+ 2010-12-22 12:32 . 2010-12-22 12:32 301568 c:\windows\$hf_mig$\KB2478971\SP3QFE\kerberos.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 391032 c:\windows\$hf_mig$\KB2478960\update\updspapi.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 759160 c:\windows\$hf_mig$\KB2478960\update\update.exe
+ 2011-02-10 09:31 . 2010-07-05 13:13 233848 c:\windows\$hf_mig$\KB2478960\spuninst.exe
+ 2010-12-20 17:24 . 2010-12-20 17:24 729088 c:\windows\$hf_mig$\KB2478960\SP3QFE\lsasrv.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 391032 c:\windows\$hf_mig$\KB2476687\update\updspapi.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 759160 c:\windows\$hf_mig$\KB2476687\update\update.exe
+ 2011-02-10 09:31 . 2010-07-05 13:13 233848 c:\windows\$hf_mig$\KB2476687\spuninst.exe
+ 2011-01-18 18:05 . 2010-02-22 14:21 391032 c:\windows\$hf_mig$\KB2419632\update\updspapi.dll
+ 2011-01-18 18:05 . 2010-02-22 14:21 759160 c:\windows\$hf_mig$\KB2419632\update\update.exe
+ 2011-01-18 18:05 . 2010-02-22 14:20 233848 c:\windows\$hf_mig$\KB2419632\spuninst.exe
+ 2010-11-09 14:51 . 2010-11-09 14:51 253952 c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51 102400 c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51 200704 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51 180224 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51 565248 c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll
+ 2010-11-09 14:51 . 2010-11-09 14:51 143360 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 391032 c:\windows\$hf_mig$\KB2393802\update\updspapi.dll
+ 2011-02-10 09:31 . 2010-07-05 13:13 759160 c:\windows\$hf_mig$\KB2393802\update\update.exe
+ 2011-02-10 09:31 . 2010-07-05 13:13 233848 c:\windows\$hf_mig$\KB2393802\spuninst.exe
+ 2011-02-10 09:24 . 2010-12-09 15:15 713216 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
- 2004-08-17 13:49 . 2010-11-06 00:23 1210880 c:\windows\system32\urlmon.dll
+ 2004-08-17 13:49 . 2010-12-20 23:52 1210880 c:\windows\system32\urlmon.dll
+ 2004-08-17 13:49 . 2011-01-21 14:44 8466432 c:\windows\system32\shell32.dll
- 2004-08-17 13:49 . 2010-07-27 06:30 8466432 c:\windows\system32\shell32.dll
+ 2009-07-10 19:34 . 2011-03-28 08:15 4266168 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-17 13:45 . 2010-12-09 15:14 2194944 c:\windows\system32\ntoskrnl.exe
+ 2004-08-17 15:45 . 2010-12-09 15:14 2071552 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-17 13:49 . 2010-12-20 23:52 5961216 c:\windows\system32\mshtml.dll
+ 2009-02-03 02:15 . 2011-03-02 19:08 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2009-03-08 02:32 . 2010-11-06 00:23 1991680 c:\windows\system32\iertutil.dll
+ 2009-03-08 02:32 . 2010-12-20 23:52 1991680 c:\windows\system32\iertutil.dll
+ 2009-02-09 14:07 . 2010-12-31 14:04 1854976 c:\windows\system32\dllcache\win32k.sys
- 2009-02-20 08:12 . 2010-11-06 00:23 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2009-02-20 08:12 . 2010-12-20 23:52 1210880 c:\windows\system32\dllcache\urlmon.dll
- 2008-06-17 19:02 . 2010-07-27 06:30 8466432 c:\windows\system32\dllcache\shell32.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44 8466432 c:\windows\system32\dllcache\shell32.dll
+ 2009-06-02 11:31 . 2010-12-09 15:14 2194944 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-06-02 11:31 . 2010-12-09 15:14 2029056 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-10 17:09 . 2010-12-09 15:14 2071552 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-06-02 11:31 . 2010-12-09 15:14 2150912 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-02-20 08:12 . 2010-12-20 23:52 5961216 c:\windows\system32\dllcache\mshtml.dll
+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
- 2009-06-12 17:24 . 2010-11-06 00:23 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2009-06-12 17:24 . 2010-12-20 23:52 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-02-10 09:31 . 2010-11-06 00:23 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-10 09:31 . 2010-11-06 00:23 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-10 09:32 . 2010-11-06 00:23 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2009-06-02 11:31 . 2010-12-09 15:14 2194944 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-06-02 11:31 . 2010-12-09 15:14 2029056 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-10 17:09 . 2010-12-09 15:14 2071552 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-06-02 11:31 . 2010-12-09 15:14 2150912 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-02-10 09:35 . 2010-07-27 06:30 8466432 c:\windows\$NtUninstallKB2483185$\shell32.dll
+ 2011-02-10 09:35 . 2010-10-26 13:58 1853312 c:\windows\$NtUninstallKB2479628$\win32k.sys
+ 2011-02-10 09:31 . 2010-04-28 18:15 2192128 c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
+ 2011-02-10 09:31 . 2010-04-28 05:45 2026496 c:\windows\$NtUninstallKB2393802$\ntkrpamp.exe
+ 2011-02-10 09:31 . 2010-04-28 05:45 2068992 c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
+ 2011-02-10 09:31 . 2010-04-28 05:45 2148352 c:\windows\$NtUninstallKB2393802$\ntkrnlmp.exe
+ 2011-01-21 14:42 . 2011-01-21 14:42 8467456 c:\windows\$hf_mig$\KB2483185\SP3QFE\shell32.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 1211904 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\urlmon.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 5962240 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
+ 2011-02-10 09:25 . 2010-12-20 23:51 1992192 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iertutil.dll
+ 2010-12-31 14:02 . 2010-12-31 14:02 1864064 c:\windows\$hf_mig$\KB2479628\SP3QFE\win32k.sys
+ 2011-02-10 09:24 . 2010-12-09 15:14 2194944 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
+ 2011-02-10 09:24 . 2010-12-09 15:14 2029056 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrpamp.exe
+ 2010-12-09 19:44 . 2010-12-09 19:44 2071552 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
+ 2011-02-10 09:24 . 2010-12-09 15:14 2150912 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlmp.exe
+ 2009-06-02 11:42 . 2011-03-10 00:05 37943240 c:\windows\system32\MRT.exe
- 2009-03-08 02:39 . 2010-11-06 00:23 11080704 c:\windows\system32\ieframe.dll
+ 2009-03-08 02:39 . 2010-12-20 10:52 11080704 c:\windows\system32\ieframe.dll
- 2009-06-12 17:24 . 2010-11-06 00:23 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2009-06-12 17:24 . 2010-12-20 10:52 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-02-10 09:32 . 2010-11-06 00:23 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2011-02-10 09:24 . 2010-12-20 23:51 11082752 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-11-30 450560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-23 148888]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-04-10 06:45 979344 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1215:TCP"= 1215:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.8.2010 23:08 294608]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 10:21 72624]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.8.2010 23:08 17744]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 10:21 1234480]
S3 IDL DicomEx Storage SCP;IDL DicomEx Storage SCP;c:\program files\ITT\IDL71\bin\bin.x86\idl_dicomexstorscp.exe [21.4.2009 17:51 57344]
S3 SD;SD;\??\d:\stazene prog\recover\Sd.Sys --> d:\stazene prog\recover\Sd.Sys [?]
S3 SMC2862W;SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter Driver;c:\windows\system32\drivers\2862WICB.sys [30.3.2008 17:29 381088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Milos Bilek\Data aplikací\Mozilla\Firefox\Profiles\4d0c3ek1.default\
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-JmpyxPEOWqPO - c:\documents and settings\All Users\Data aplikací\JmpyxPEOWqPO.exe
AddRemove-Gwyddion - d:\stazene prog\Gwyddion\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-28 14:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
Celkový čas: 2011-03-28 14:59:03
ComboFix-quarantined-files.txt 2011-03-28 12:58
ComboFix2.txt 2011-01-17 13:07
ComboFix3.txt 2011-01-10 17:46
ComboFix4.txt 2011-01-09 21:38
ComboFix5.txt 2011-03-28 12:38
.
Před spuštěním: 5 820 153 856
Po spuštění: 6 600 933 376
.
- - End Of File - - D781D00449F30442D11F22A2B23891BA

[Lmbzb]

Ted jsem si vsiml, ze se vypnul Kerio Firewall a nejde zapnout. Mam dojem ze jeste pred spustenim ComboFixu bezel. Take chybi znacna cast nabidky Programy.
EDIT: A spousta dokumentu!
EDIT2: ale velikosti slozek, kde ty dokumenty byly jsou stale stejne.
EDIT3: ony ty soubory byly nastesti jen skryte.

[JaRon]

log CF vypada dobre - prescanuj PC s AVPTool
Kerio mozno bude treba preinstalovat

[Lmbzb]

Kerio uz po dalsim restartu nabiha samo.

Automatická kontrola: dokončeno před 8 hod. (události: 4, objekty: 868611, čas: 04:56:23)
29.3.2011 1:40:24 Úloha byla dokončena
28.3.2011 21:17:40 Zjištěno: HEUR:Exploit.Script.Generic C:\Documents and Settings\Milos Bilek\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\4d0c3ek1.default\Cache(5)\54C385A5d01/data0015
28.3.2011 21:16:39 Zjištěno: HEUR:Exploit.Script.Generic C:\Documents and Settings\Milos Bilek\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\4d0c3ek1.default\Cache(5)\54C385A5d01/data0009
28.3.2011 20:44:00 Úloha byla spuštěna

[JaRon]

preventivne vymaz cache Mozilly
po AV stranke je PC OK

[Lmbzb]

Diky moc. Zkousel jsem vratit puvodni nastaveni (pozadi plochy, styl zobrazovani souboru, velikost oken pri otevreni, puvodni nabidku Programy, tlacitko Zobrazit plochu, atd.) pomoci Obnoveni systemu. Ve slozce Sytemove nastroje vubec neni. Jde spustit jen z nouzoveho rezimu. Po vybrani jakehokoliv bodu obnoveni pocitac zacne pracovat, restartuje se, ale vse skonci hlasenim: obnova nemohla byt provedena, nebyly provedeny zadne zmeny. Funkci Obnova systemu mam zapnutou a drive fungovala, jak ma. Nevis, co s tim?

[JaRon]

v tomto stadiu by som s obnovou privelmi neexperimentoval - mozes si s nastavenim vratit aj smejdy ,,,
doporucujem:
1. vypnut obnovu systemu
2. restart
3. zapnut obnovu systemu
4. vytvorit aktualny bod obnovy - ak bude potrebne sa vratit
(tie stare mozu byt poskodene a zaroven aj zavirene)