Známy bot na posilani viru pres Skype

[MrShock]

Jak už jsem četl došlo k něčemu na foru a muj thread se smazal ... Vsechny rady se na mym threadu smazali a ted nevim co udelat ... Tak jsem se rozhodl udelat thread a pozaduji (jestli je to možné) o pomoc když mám vir který mi po skypu kamosum rozesila zpravy typu : Foto <webova.stranka.s.virem> ... Tak se teda ptám jestli byste nemohli znovu pomoci. Uz sem provedl tyto rady ktere byly na predchozim threadu napsany :

Projel jsem pocitac ComboFixem
Vycistil PC a dostal vice mista
Pro pridad jsem si stahl Avira Anti-vir

[vyosek]

Zdravim, vlozte sem ten log z ComboFixu...

[MrShock]

Oh ano tady to je ale mám zdání že ComboFix vir odstranil protoze od doby co jsem dneska zapl PC mi to nedela.
Ah já nevím kde ten log sehnat ...

[vyosek]

Mel by byt C:\Combofix.txt pripadne tam bude C:\ComboFix2.txt - proste sem vlozte vsechny logy co maji v nazvu ComboFix2.txt

[MrShock]

Děkuji a tady máte

ComboFix 10-10-17.04 - MrShock adámek 18.10.2010 19:17:22.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.383.135 [GMT 2:00]
Spuštěný z: c:\documents and settings\MrShock adámek\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\LocalService\proxy_port
c:\windows\nvsvc32.exe
c:\windows\system32\cooper.mine
c:\windows\system32\drivers\112.exe
c:\windows\system32\drivers\121.exe
c:\windows\system32\drivers\13.exe
c:\windows\system32\drivers\131.exe
c:\windows\system32\drivers\136.exe
c:\windows\system32\drivers\147.exe
c:\windows\system32\drivers\175.exe
c:\windows\system32\drivers\212.exe
c:\windows\system32\drivers\214.exe
c:\windows\system32\drivers\261.exe
c:\windows\system32\drivers\28.exe
c:\windows\system32\drivers\281.exe
c:\windows\system32\drivers\284.exe
c:\windows\system32\drivers\285.exe
c:\windows\system32\drivers\298.exe
c:\windows\system32\drivers\299.exe
c:\windows\system32\drivers\347.exe
c:\windows\system32\drivers\368.exe
c:\windows\system32\drivers\369.exe
c:\windows\system32\drivers\374.exe
c:\windows\system32\drivers\376.exe
c:\windows\system32\drivers\386.exe
c:\windows\system32\drivers\406.exe
c:\windows\system32\drivers\41.exe
c:\windows\system32\drivers\433.exe
c:\windows\system32\drivers\436.exe
c:\windows\system32\drivers\446.exe
c:\windows\system32\drivers\448.exe
c:\windows\system32\drivers\482.exe
c:\windows\system32\drivers\489.exe
c:\windows\system32\drivers\493.exe
c:\windows\system32\drivers\5.exe
c:\windows\system32\drivers\526.exe
c:\windows\system32\drivers\538.exe
c:\windows\system32\drivers\555.exe
c:\windows\system32\drivers\571.exe
c:\windows\system32\drivers\58.exe
c:\windows\system32\drivers\580.exe
c:\windows\system32\drivers\584.exe
c:\windows\system32\drivers\621.exe
c:\windows\system32\drivers\625.exe
c:\windows\system32\drivers\63.exe
c:\windows\system32\drivers\650.exe
c:\windows\system32\drivers\66.exe
c:\windows\system32\drivers\672.exe
c:\windows\system32\drivers\678.exe
c:\windows\system32\drivers\688.exe
c:\windows\system32\drivers\690.exe
c:\windows\system32\drivers\691.exe
c:\windows\system32\drivers\706.exe
c:\windows\system32\drivers\714.exe
c:\windows\system32\drivers\766.exe
c:\windows\system32\drivers\767.exe
c:\windows\system32\drivers\769.exe
c:\windows\system32\drivers\770.exe
c:\windows\system32\drivers\774.exe
c:\windows\system32\drivers\783.exe
c:\windows\system32\drivers\789.exe
c:\windows\system32\drivers\794.exe
c:\windows\system32\drivers\820.exe
c:\windows\system32\drivers\845.exe
c:\windows\system32\drivers\847.exe
c:\windows\system32\drivers\857.exe
c:\windows\system32\drivers\872.exe
c:\windows\system32\drivers\877.exe
c:\windows\system32\drivers\909.exe
c:\windows\system32\drivers\915.exe
c:\windows\system32\drivers\937.exe
c:\windows\system32\drivers\964.exe
c:\windows\system32\drivers\985.exe
c:\windows\system32\ff4h.gy
c:\windows\system32\h7t.wt
c:\windows\system32\hgtd.ruy
c:\windows\system32\ssssssssss

c:\windows\system32\drivers\cdrom.sys . . . chybí !!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-18 do 2010-10-18 )))))))))))))))))))))))))))))))
.

2010-10-18 16:51 . 2010-10-18 16:51 -------- d-----w- c:\documents and settings\MrShock adámek\Data aplikací\Avira
2010-10-18 16:12 . 2010-10-18 16:27 -------- d-----w- c:\program files\trend micro
2010-10-18 16:12 . 2010-10-18 16:27 -------- d-----w- C:\rsit
2010-10-18 15:34 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-18 15:34 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-18 15:34 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-18 15:34 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-18 15:34 . 2010-10-18 15:34 -------- d-----w- c:\program files\Avira
2010-10-18 15:34 . 2010-10-18 15:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2010-10-18 13:09 . 2010-10-18 13:09 -------- d-----w- c:\program files\Common Files\Skype
2010-10-18 13:09 . 2010-10-18 13:09 -------- d-----r- c:\program files\Skype
2010-10-16 09:28 . 2010-10-16 09:28 -------- d-----w- c:\documents and settings\MrShock adámek\Data aplikací\Malwarebytes
2010-10-11 14:47 . 2010-10-11 14:47 -------- d-----w- c:\documents and settings\MrShock adámek\temp
2010-10-05 17:22 . 2004-08-17 13:49 577024 ----a-w- c:\windows\system32\wwwwwwwwwww
2010-10-05 15:42 . 2010-10-05 15:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PopCap Games
2010-10-05 15:41 . 2010-10-06 16:45 -------- d-----w- c:\program files\PopCap Games
2010-10-05 12:36 . 2004-08-17 13:49 577024 ----a-w- c:\windows\system32\jjjjjjj
2010-10-02 13:54 . 2010-10-02 13:54 -------- d-----w- c:\windows\log
2010-10-02 13:54 . 2010-10-02 13:54 -------- d-----w- c:\windows\XTrap
2010-10-02 13:48 . 2010-10-02 13:59 -------- d-----w- c:\windows\Sound
2010-10-02 13:36 . 2010-10-02 17:13 -------- d-----w- c:\documents and settings\MrShock adámek\Local Settings\Data aplikací\PMB Files
2010-10-02 13:36 . 2010-10-02 13:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PMB Files
2010-10-02 06:58 . 2010-10-02 06:59 -------- d-----w- c:\documents and settings\MrShock adámek\Data aplikací\TeamViewer
2010-10-01 13:26 . 2004-08-17 13:49 577024 ----a-w- c:\windows\system32\aaaa
2010-10-01 13:25 . 2004-08-17 13:49 577024 ----a-w- c:\windows\system32\uuuuuuuuuuu
2010-09-29 17:02 . 2010-09-29 17:02 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-09-28 12:15 . 2010-09-28 12:15 -------- d-----w- c:\documents and settings\MrShock adámek\Local Settings\Data aplikací\Mozilla
2010-09-26 16:27 . 2010-09-26 16:27 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-26 08:21 . 2010-09-26 08:21 -------- d-----w- c:\documents and settings\MrShock adámek\Local Settings\Data aplikací\jagexlauncher
2010-09-25 11:32 . 2010-09-25 12:02 2323200 ----a-w- c:\windows\system32\TUKernel.exe
2010-09-25 05:57 . 2010-09-25 05:57 -------- d-----w- c:\windows\Sun
2010-09-24 15:40 . 2010-09-24 15:40 -------- d-----w- c:\documents and settings\MrShock adámek\Data aplikací\Real Desktop
2010-09-22 13:48 . 2010-09-22 13:49 -------- d-----w- c:\documents and settings\MrShock adámek\Data aplikací\PhotoFiltre
2010-09-22 13:46 . 2010-09-25 11:11 -------- d-----w- c:\documents and settings\MrShock adámek\Local Settings\Data aplikací\Conduit
2010-09-22 13:46 . 2010-09-22 13:46 -------- d-----w- c:\program files\Conduit
2010-09-22 13:46 . 2010-09-25 16:53 -------- d-----w- c:\documents and settings\MrShock adámek\Local Settings\Data aplikací\Softonic-Eng7
2010-09-22 13:46 . 2010-09-27 16:29 -------- d-----w- c:\program files\Softonic-Eng7
2010-09-21 16:50 . 2010-09-21 16:50 -------- d-----w- c:\documents and settings\MrShock adámek\Local Settings\Data aplikací\Apple Computer
2010-09-21 16:50 . 2010-09-21 16:50 -------- d-----w- c:\documents and settings\MrShock adámek\Data aplikací\Apple Computer
2010-09-21 16:50 . 2010-09-21 16:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2010-09-21 16:49 . 2010-09-21 16:49 -------- d-----w- c:\program files\Bonjour
2010-09-21 16:48 . 2010-09-21 16:48 -------- d-----w- c:\program files\Common Files\Apple
2010-09-21 16:47 . 2010-09-21 16:47 -------- d-----w- c:\documents and settings\MrShock adámek\Local Settings\Data aplikací\Apple
2010-09-21 16:47 . 2010-09-21 16:47 -------- d-----w- c:\program files\Apple Software Update
2010-09-21 16:47 . 2010-09-21 16:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2010-09-19 17:40 . 2010-09-19 17:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-10-25 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2004-08-17 . 6F877BF8DC01A550CD666F3BEDB2213C . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys

[-] 2001-10-25 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-10-25 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2004-08-17 . F219E27E88107A50544153898DD8178E . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2004-08-17 . F219E27E88107A50544153898DD8178E . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll

[-] 2004-08-17 . 82A362FE1D4980B71B588D9C10748511 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2004-08-17 . 82A362FE1D4980B71B588D9C10748511 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe

[-] 2004-08-17 . AF342D2781225A8769686E0D47E3123E . 198144 . . [5.1.2600.2180] . . c:\windows\system32\netman.dll
[-] 2004-08-17 . AF342D2781225A8769686E0D47E3123E . 198144 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netman.dll

[-] 2004-08-17 . E774A26610EC92674273486612C11CFC . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-08-17 . E774A26610EC92674273486612C11CFC . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2009-02-09 . C0BD34A62508BA68F146E22CE45919F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . BE27674D1CBC3214AEC84B4336A38BBF . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 2B269C916766BDB43404F043B763427D . 399360 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 2B269C916766BDB43404F043B763427D . 399360 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . BEF7BB41E666EAA34BE7E99C2B107DB8 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll

[-] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . 3D107D45CCFDB266E91D84B52CD7F430 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 4F9F7B567970B524F31D9970A23F7C24 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 4F9F7B567970B524F31D9970A23F7C24 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 33081FED75032291EE0E008D5385E86F . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe

[-] 2004-08-17 . 21B6FAA88044A41640E03EBB68BE93E8 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-17 . 21B6FAA88044A41640E03EBB68BE93E8 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2004-08-17 . F76B3003366A205E05AFC0D034C7D3E9 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2004-08-17 . 70D2A1756F4B2067658A186C963FCABD . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-17 . 70D2A1756F4B2067658A186C963FCABD . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-07-07 20:32 . 398314DF0B21338C4996B469101750D1 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:32 . 398314DF0B21338C4996B469101750D1 . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:29 . A371F11EF07653591C8DE26AFB13CE7F . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:25 . BE68EA4457E2E5717231CF91BE5448E0 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:19 . 3440C414044935B124B5821C0994B37F . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[-] 2004-08-17 . 2413635113361E54B62F0C40E4E4DAE6 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2004-08-17 . 2413635113361E54B62F0C40E4E4DAE6 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll

[-] 2009-03-21 . 9A4D2A6C4B7BD60851553C095CD71AF8 . 984576 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 9A4D2A6C4B7BD60851553C095CD71AF8 . 984576 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 545C653E8FE241CA6200798AA94FE5C7 . 988160 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . 0D8F61460F84139BBE5E391D8DE18D9A . 990208 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 8D18BA8E854890074B6FB92D7D0C02FA . 987648 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll

[-] 2004-08-17 . EE1F842DB2AE412136643B0814D770A6 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-17 . EE1F842DB2AE412136643B0814D770A6 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2004-08-17 . BFE8DC7AAE7CB1C86243D77B340DC304 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-17 . BFE8DC7AAE7CB1C86243D77B340DC304 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

[-] 2010-04-16 . A8FD7D41C70CE7AFFAAF00D586DEB2FE . 3094016 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\mshtml.dll
[-] 2010-04-16 . 3F79012C321EA541C458EFE797AFB822 . 3094528 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll
[-] 2010-04-16 . 084EF8D69026FFB75F93F00E67A66A8D . 3086336 . . [6.00.2900.3698] . . c:\windows\system32\mshtml.dll
[-] 2010-04-16 . 084EF8D69026FFB75F93F00E67A66A8D . 3086336 . . [6.00.2900.3698] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-04-16 . 318204B433A0BD37FA6B5A56877B8FB7 . 3094016 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\mshtml.dll

[-] 2004-08-17 . 91CC3E4CCDBBF8E224182C76C87E454F . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-17 . 91CC3E4CCDBBF8E224182C76C87E454F . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2004-08-17 . AB47015B67531572BE46C0C08222C84C . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2001-10-25 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2008-06-20 . 1289B7611CCD6CB27596AE92CBF03E35 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . B6CEC406351EA5EF131416D5F52D006F . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . A6E79B60AC73241E5721AB6A573D2B24 . 247296 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . A6E79B60AC73241E5721AB6A573D2B24 . 247296 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 37BABA5DBD9027837FDC27E5D6EF33E1 . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[-] 2009-02-06 . 1F43B8C0F4C767FBED89711C30E704D9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . 1F43B8C0F4C767FBED89711C30E704D9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2004-08-17 . 2591CADAEF7D2242039255028E577688 . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2004-08-17 . 2591CADAEF7D2242039255028E577688 . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2010-02-17 . 4E8268B816B2D27E711A688D6FD0E319 . 2192128 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
[-] 2010-02-16 . F24D47F956B2527F8771E38AFE750743 . 2183552 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . F24D47F956B2527F8771E38AFE750743 . 2183552 . . [5.1.2600.3670] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . F24D47F956B2527F8771E38AFE750743 . 2183552 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-02-16 . AEDD2FE6BEC6FB4E3B25DB1E15C97560 . 2189056 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . 6B2312D847BA95F4E858CB4C3B5F51E1 . 2192256 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . C424407DDD99223BF3248044CBBE91F6 . 2188288 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . F48662F55CD8DDD4DBBBCB69DE197725 . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe

[-] 2004-08-17 . 134B95A1D8FAFD74A68E4B2116DEFA7D . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2004-08-17 . 134B95A1D8FAFD74A68E4B2116DEFA7D . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2004-08-17 . 07119058D451CB7EA4317BCFDA8599A6 . 184832 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2004-08-17 . 07119058D451CB7EA4317BCFDA8599A6 . 184832 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll

[-] 2004-08-17 . 6CC2D21488333133AE0C9F44F6051CB7 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2004-08-17 . 6CC2D21488333133AE0C9F44F6051CB7 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll

[-] 2004-08-17 . DFBA2915B0BF58ABB288CD4C9318CB3F . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2004-08-17 . DFBA2915B0BF58ABB288CD4C9318CB3F . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

[-] 2004-08-17 . 37162D29CD61519E6F5EA0DE99786FF6 . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-17 . 37162D29CD61519E6F5EA0DE99786FF6 . 246272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2010-10-07 . DD8745BD08F4E00FC30ABF371A961EF1 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll
[-] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll

[-] 2004-08-17 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-08-17 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe

[-] 2010-04-16 . 9D7E8909D5A4A2EADD1154CA9E098AB2 . 668160 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\wininet.dll
[-] 2010-04-16 . 5429E4C33C10DA9A6BED641681B3D2BD . 669696 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\wininet.dll
[-] 2010-04-16 . 8B1D8121326F8E35FE4190377277393C . 663040 . . [6.00.2900.3698] . . c:\windows\system32\wininet.dll
[-] 2010-04-16 . 8B1D8121326F8E35FE4190377277393C . 663040 . . [6.00.2900.3698] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-04-16 . 18EC32B0148FD4D0DECBEF71EF6DB626 . 669696 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\wininet.dll

[-] 2004-08-17 . 382E9B87F1282E697C67AF84E34E35E2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-17 . 382E9B87F1282E697C67AF84E34E35E2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2004-08-17 . C2B86666FC44B48903AD6016D15A23DF . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
[-] 2004-08-17 . C2B86666FC44B48903AD6016D15A23DF . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll

[-] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe

[-] 2004-08-17 . 7FE54C063DDA8EF226846510852E6B1B . 1281024 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
[-] 2004-08-17 . 7FE54C063DDA8EF226846510852E6B1B . 1281024 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ole32.dll

[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-17 . 3CD57F31A64D32FDB28918B16D1E6AAC . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-17 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-17 . 9B835D4C64860B155A1701D5092EC9E4 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2004-08-17 . 6EB66066D5C0175320CFEA0A4C74C88F . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-08-17 . 6EB66066D5C0175320CFEA0A4C74C88F . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2004-08-17 . 5CA2E2BA624D6F2C7A581C91E70394CB . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-17 . 5CA2E2BA624D6F2C7A581C91E70394CB . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2004-08-17 . 8BA76BD2A943F642F267A296A15776D2 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-17 . 8BA76BD2A943F642F267A296A15776D2 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2004-08-17 . 5B21208FCF8970BB61FE98E19D828714 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2004-08-17 . 5B21208FCF8970BB61FE98E19D828714 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2004-08-17 . 29AC93307C6182DBE336BCA314947F28 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-17 . 29AC93307C6182DBE336BCA314947F28 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2004-08-17 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-17 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2004-08-17 . 2F5919F2F6EE7A845893D9C3AA2BC56A . 295936 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2004-08-17 . 2F5919F2F6EE7A845893D9C3AA2BC56A . 295936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2004-08-17 . 421184F91EAE5C6E78E653C6B32AAE84 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-17 . 421184F91EAE5C6E78E653C6B32AAE84 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2001-10-25 . AFDFF022A01F0B11C776F0860C3B282F . 11776 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-03 22:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys

[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2001-10-25 14:00 . A9D81C87BEF253D4CE3A5F8CEE2526C4 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2001-10-25 14:00 . A9D81C87BEF253D4CE3A5F8CEE2526C4 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2004-08-17 . 8B2FCBD881879B55BE40B41F12FFC431 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-17 . 8B2FCBD881879B55BE40B41F12FFC431 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-17 13:49 . E02E913B3841717A890A644EE167B9A5 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2010-02-17 . 7F87EDF3C7C626D336533D2580940A00 . 2065920 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . 27DE458FE1E1A618836ADB61873BC9E8 . 2060544 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . 27DE458FE1E1A618836ADB61873BC9E8 . 2060544 . . [5.1.2600.3670] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . 27DE458FE1E1A618836ADB61873BC9E8 . 2060544 . . [5.1.2600.3670] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-16 . 6C31566C176BC28C7D73BC6332642A58 . 2068992 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . DCC3D91A3DEDBBA9ECFFA6028D872CF5 . 2069120 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-02-10 . D721665942F74CA7FF4162A0761CBB0A . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . BB64DC108F8C4EE4D4B7998AA19E5FA7 . 2065152 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[-] 2004-08-17 13:49 . D8D2B13BA93AE830B1A637DF571D1195 . 435712 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-17 13:49 . D8D2B13BA93AE830B1A637DF571D1195 . 435712 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2004-08-17 . 984FC1518B0D5B31D76F0E63608E0500 . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
[-] 2004-08-17 . 984FC1518B0D5B31D76F0E63608E0500 . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll

[-] 2004-08-17 . 8ECC475F5BAD26DB85943F888D62E364 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[-] 2004-08-17 . 8ECC475F5BAD26DB85943F888D62E364 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll

[-] 2004-08-17 . A19F5837E52D57DB66D9DB55BFCC7796 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
[-] 2004-08-17 . A19F5837E52D57DB66D9DB55BFCC7796 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll

[-] 2004-08-17 . 0F9A5DD4503E82B085D8B1336B961A81 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
[-] 2004-08-17 . 0F9A5DD4503E82B085D8B1336B961A81 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll

[-] 2004-08-17 13:49 . 33F14F23DFAE4B43CDD4E535CD7C1963 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
[-] 2004-08-17 13:49 . 33F14F23DFAE4B43CDD4E535CD7C1963 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll

[-] 2004-08-17 . 6C08FF4B76506676617E03C34ECCFB11 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-17 . 6C08FF4B76506676617E03C34ECCFB11 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll

[-] 2004-08-17 . E472BDA53A4DCD2142143AF9FD25C99A . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
[-] 2004-08-17 . E472BDA53A4DCD2142143AF9FD25C99A . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll

[-] 2004-08-17 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-09-27 2735200]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-09-27 16:29 2735200 ----a-w- c:\program files\Softonic-Eng7\tbSof1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-09-27 2735200]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-09-27 2735200]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2010-06-28 74752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\Outspark\\WindSlayer\\WindSlayer.exe"=
"d:\\Gmod-2D\\Gmod 2D\\CounterStrike2D.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\MrShock adámek\\Dokumenty\\Stažené soubory\\P1753577.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57711:TCP"= 57711:TCP:Pando Media Booster
"57711:UDP"= 57711:UDP:Pando Media Booster
"56401:TCP"= 56401:TCP:Pando Media Booster
"56401:UDP"= 56401:UDP:Pando Media Booster

S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-10-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]

2010-10-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-08-02 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15573&l=dis
mStart Page = hxxp://www.bigseekpro.com/hypercam/{B0F75AB9-5 ... 7BEB25444D}
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\MrShock adámek\Data aplikací\Mozilla\Firefox\Profiles\3lr5f6zi.default\
FF - component: d:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-10-18 19:39:35
ComboFix-quarantined-files.txt 2010-10-18 17:39

Před spuštěním: 779 366 400
Po spuštění: 1 569 701 888

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=SQMGUM /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=SQMGUM-BAK

- - End Of File - - B23AF8183C5DD88870F9DB6F8EE17D16

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Folder::
  c:\windows\system32\jjjjjjj
  c:\windows\system32\uuuuuuuuuuu
  c:\windows\system32\aaaa
  :\windows\system32\wwwwwwwwwww
  c:\program files\Ask.com
  
  File::
  c:\program files\Softonic-Eng7\tbSof1.dll
  c:\windows\Tasks\AppleSoftwareUpdate.job
  c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"=-
  [-HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"=-
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  "{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"=-
  [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Adobe ARM"=-
  "SunJavaUpdateSched"=-
  "WinampAgent"=-
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "c:\\Documents and Settings\\MrShock adámek\\Dokumenty\\Stažené soubory\\P1753577.JPG-www.facebook.exe"=-
  
  Collect::
  c:\\Documents and Settings\\MrShock adámek\\Dokumenty\\Stažené soubory\\P1753577.JPG-www.facebook.exe
  c:\windows\system32\XDva344.sys
  c:\\WINDOWS\\nvsvc32.exe
  
  Driver::
  XDva344
  
  DDS::
  
  uStart Page = hxxp://eu.ask.com?o=15573&l=dis
  mStart Page = hxxp://www.bigseekpro.com/hypercam/{B0F75AB9-516F-4368-ACAB-E87BEB25444D}
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Lubka]

Dobrý den potřebuju poradit Mam vir ktery automaticky sam posle vsem pratelum na skypu tuto spravu Foto (adresa webu s virem) klidne 10x za 5min tomu samemu a nejde odstranit mam antivir Avast Prosim poradte jak ho mam dat pryc vubec nejde dekuji.

[vyosek]

Lubka: Zdravim a pekny den preji

Prectete si pravidla fora

Do rozpracovanych temat se neleze, zalozte si sve vlastni, tady by se to motalo

Do sveho tematu popiste problem a dejte prislusny log dle pravidel fora

Tento topic si zalozil MrShock a on si zde bude svuj problem resit...

[MrShock]

Pane vyosek ja uz ten vir nemam .... protoze mi to uz neposila ty zpravy. Děkuji vám za pomoc

[vyosek]

Prosim provedte ten krok se skriptem pro ComboFix a log pak dejte sem - vypada to ze mate velmi naboreny system, jelikoz mnoho souboru neproslo pres kontrolu digitalniho podpisu a tudiz bude nutna zrejme oprava, jinak Vam muze system kdykoliv udela papa

[MrShock]

Jak myslíte ... A mám opět vše vypnout (Antivir, aplikace atd?)
Nechci přijít o počítač ...

[vyosek]

Ano, vypnete vsechny bezpecnostni aplikace...Log z ComboFixu co jsem (i pres upozorneni) dal Lubka, jsem nechal moderatory smazat, at nas to tu neplete

[Lubka]

Ano, vypnete vsechny bezpecnostni aplikace...Log z ComboFixu co jsem (i pres upozorneni) dal Lubka, jsem nechal moderatory smazat, at nas to tu neplete

A kam to mam dat ? tak mi prosim poradte

[vyosek]

Lubka:
Staci cist pravidla fora

Zde mate sve tema http://www.viry.cz/forum/viewtopic.php?f=13&t=105696 tak pokracujte tam

Navic jsem Vam psal at date log dle pravidel fora, v pravidlech fora je RSIT nikoliv CF a jeste k tomu s nejakym buhvijakym skriptem Ted jen cekejte az se Vam nekdo z radcu ci modu zacne venovat

Zde je pro vas

[Lubka]

Lubka:
Staci cist pravidla fora

Zde mate sve tema http://www.viry.cz/forum/viewtopic.php?f=13&t=105696 tak pokracujte tam

Navic jsem Vam psal at date log dle pravidel fora, v pravidlech fora je RSIT nikoliv CF a jeste k tomu s nejakym buhvijakym skriptem Ted jen cekejte az se Vam nekdo z radcu ci modu zacne venovat

Zde je pro vas

Ja jse vam zavse omlouvam ale potrebuju moc pomoct a script jsem vam dal normal co me vyjelo v tom Combofix udelal jsem vse co jste napsal aby me vyjel Log a kdyz jsem zalozil tema a vy otom vite tak proc jse nato nekouknete ?