Tak pc už vyhlíží čistěji
zde jsou logy
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora:
http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v: Normální režim
Uživatel: Milan [Práva správce]
Mód: Odebrat -- Datum: 04/13/2012 17:09:02
¤¤¤ Škodlivé procesy: 0 ¤¤¤
¤¤¤ Záznamy Registrů: 3 ¤¤¤
[HJ NAME] HKCU\[...]\Run : winlogon (C:\Documents and Settings\Milan\winlogon.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Winlogon : shell (explorer.exe "C:\Documents and Settings\Milan\winlogon.exe") -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
_INLINE_ : NtResumeThread -> HOOKED (Unknown @ 0x000000CC)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([INLINE] atapi.sys @ 0xB7F11852)
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: ST3500418AS +++++
--- User ---
[MBR] e9cee13456e256234b0c8bf34c35cea1
[BSP] 837236b83d0272d89eb438459ab83727 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
A Combofix
ComboFix 12-04-13.01 - Milan 13.04.2012 17:18:14.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2047.1444 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\documents and settings\Milan\Application Data\Antivirus Protection
c:\documents and settings\Milan\Application Data\Antivirus Protection\IcoActivate.ico
c:\documents and settings\Milan\Application Data\Antivirus Protection\IcoHelp.ico
c:\documents and settings\Milan\Application Data\Antivirus Protection\IcoUninstall.ico
c:\documents and settings\Milan\Application Data\Antivirus Protection\securitymanager.exe
c:\documents and settings\Milan\Application Data\Antivirus Protection\trz2.tmp
c:\documents and settings\Milan\Start Menu\Programs\Antivirus Protection
c:\documents and settings\Milan\Start Menu\Programs\Antivirus Protection.lnk
c:\documents and settings\Milan\Start Menu\Programs\Antivirus Protection\Activate Antivirus Protection.lnk
c:\documents and settings\Milan\Start Menu\Programs\AntiVirus Protection\Antivirus Protection.lnk
c:\documents and settings\Milan\Start Menu\Programs\AntiVirus Protection\Help Antivirus Protection.lnk
c:\documents and settings\Milan\Start Menu\Programs\Antivirus Protection\How to Activate Antivirus Protection.lnk
c:\documents and settings\Milan\uidsave.dat
c:\documents and settings\Milan\winlogon.exe
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rloci.bin
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\crrss.exe
c:\windows\system32\d3d10core.dll
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-13 do 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-12 22:53 . 2012-04-12 22:54 -------- d-----w- C:\rsit
2012-04-09 20:39 . 2012-04-09 20:39 -------- d-----w- C:\NVIDIA
2012-04-09 13:21 . 2012-04-09 13:21 -------- d-----r- C:\MSOCache
2012-04-09 13:17 . 2012-04-09 13:17 -------- d-----w- C:\totalcmd
2012-04-08 15:58 . 2012-04-08 15:58 -------- d-----w- C:\win rar cz full
2012-04-08 15:38 . 2012-04-08 15:38 -------- d-----w- C:\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 14:01 . 2001-08-23 11:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 10:21 . 2012-03-14 10:21 3186 ----a-w- c:\windows\system32\presetup.cmd
2012-03-14 10:21 . 2012-03-14 10:21 28672 ----a-w- c:\windows\system32\setupold.exe
2012-03-14 09:44 . 2011-10-25 12:52 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 09:44 . 2009-11-27 17:23 17920 ----a-w- c:\windows\system32\msyuv.dll
2012-03-14 09:44 . 2009-11-27 16:28 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2012-03-14 09:44 . 2008-04-22 17:03 483328 ----a-w- c:\windows\system32\wzcsvc.dll
2012-03-14 09:44 . 2008-04-14 05:42 52736 ----a-w- c:\windows\system32\wzcsapi.dll
2012-03-14 09:44 . 2008-04-14 05:42 35328 ----a-w- c:\windows\system32\pid.dll
2012-03-14 09:44 . 2008-04-14 05:42 15360 ----a-w- c:\windows\system32\pjlmon.dll
2012-03-14 09:44 . 2008-04-14 05:41 20992 ----a-w- c:\windows\system32\hid.dll
2012-03-14 09:44 . 2008-04-14 05:41 52224 ----a-w- c:\windows\system32\dmutil.dll
2012-03-14 09:44 . 2008-04-14 05:41 47104 ----a-w- c:\windows\system32\cnbjmon.dll
2012-03-14 09:44 . 2008-04-14 00:30 30080 ----a-w- c:\windows\system32\drivers\modem.sys
2012-03-14 09:44 . 2008-04-14 00:26 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2012-03-14 09:44 . 2008-04-14 00:26 14592 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2012-03-14 09:44 . 2008-04-14 00:21 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys
2012-03-14 09:44 . 2008-04-14 00:21 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2012-03-14 09:44 . 2008-04-14 00:16 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys
2012-03-14 09:44 . 2008-04-14 00:15 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys
2012-03-14 09:44 . 2008-04-14 00:15 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2012-03-14 09:44 . 2008-04-14 00:15 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys
2012-03-14 09:44 . 2008-04-14 00:10 80128 ----a-w- c:\windows\system32\drivers\parport.sys
2012-03-14 09:44 . 2008-04-14 00:09 4352 ----a-w- c:\windows\system32\drivers\swenum.sys
2012-03-14 09:44 . 2008-04-14 00:09 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2012-03-14 09:44 . 2008-04-14 00:06 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2012-03-14 09:44 . 2008-04-14 00:06 63744 ----a-w- c:\windows\system32\drivers\mf.sys
2012-03-14 09:44 . 2008-04-14 00:01 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
2012-03-14 09:44 . 2008-04-14 00:01 37376 ----a-w- c:\windows\system32\drivers\amdk6.sys
2012-03-14 09:44 . 2008-04-14 00:01 36736 ----a-w- c:\windows\system32\drivers\crusoe.sys
2012-03-14 09:44 . 2008-04-14 00:01 42752 ----a-w- c:\windows\system32\drivers\p3.sys
2012-03-14 09:44 . 2008-04-14 00:01 35840 ----a-w- c:\windows\system32\drivers\processr.sys
2012-03-14 09:41 . 2009-11-27 16:28 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2012-03-14 09:41 . 2001-08-17 22:37 77891 ----a-w- c:\windows\system32\usrmlnka.exe
2012-03-14 09:41 . 2001-08-17 22:37 69700 ----a-w- c:\windows\system32\usrshuta.exe
2012-03-14 09:41 . 2001-08-17 22:37 61508 ----a-w- c:\windows\system32\usrprbda.exe
2012-03-14 09:41 . 2001-08-17 22:36 55296 ----a-w- c:\windows\system32\dvdplay.exe
2012-03-14 09:41 . 2001-08-17 22:36 3200 ----a-w- c:\windows\system32\wowfax.dll
2012-03-14 09:41 . 2001-08-17 22:36 13824 ----a-w- c:\windows\system32\wowfaxui.dll
2012-03-14 09:41 . 2001-08-17 22:36 86073 ----a-w- c:\windows\system32\usrfaxa.dll
2012-03-14 09:41 . 2001-08-17 22:36 77890 ----a-w- c:\windows\system32\usrdpa.dll
2012-03-14 09:41 . 2001-08-17 22:36 77883 ----a-w- c:\windows\system32\usrrtosa.dll
2012-03-14 09:41 . 2001-08-17 22:36 69699 ----a-w- c:\windows\system32\usrcoina.dll
2012-03-14 09:41 . 2001-08-17 22:36 61500 ----a-w- c:\windows\system32\usrcntra.dll
2012-03-14 09:41 . 2001-08-17 22:36 53305 ----a-w- c:\windows\system32\usrlbva.dll
2012-03-14 09:41 . 2001-08-17 22:36 49211 ----a-w- c:\windows\system32\usrvpa.dll
2012-03-14 09:41 . 2001-08-17 22:36 49211 ----a-w- c:\windows\system32\usrsdpia.dll
2012-03-14 09:41 . 2001-08-17 22:36 49209 ----a-w- c:\windows\system32\usrv80a.dll
2012-03-14 09:41 . 2001-08-17 22:36 45116 ----a-w- c:\windows\system32\usrvoica.dll
2012-03-14 09:41 . 2001-08-17 22:36 41019 ----a-w- c:\windows\system32\usrsvpia.dll
2012-03-14 09:41 . 2001-08-17 22:36 323641 ----a-w- c:\windows\system32\usrdtea.dll
2012-03-14 09:41 . 2001-08-17 22:36 102457 ----a-w- c:\windows\system32\usrv42a.dll
2012-03-14 09:41 . 2001-08-17 22:36 8192 ----a-w- c:\windows\system32\streamci.dll
2012-03-14 09:41 . 2001-08-17 22:36 72192 ----a-w- c:\windows\system32\sprio800.dll
2012-03-14 09:41 . 2001-08-17 22:36 70656 ----a-w- c:\windows\system32\sprio600.dll
2012-03-14 09:41 . 2001-08-17 22:36 69632 ----a-w- c:\windows\system32\spnike.dll
2012-03-14 09:41 . 2001-08-17 22:36 157696 ----a-w- c:\windows\system32\paqsp.dll
2012-03-14 09:41 . 2001-08-17 22:36 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2012-03-14 09:41 . 2001-08-17 14:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2012-03-14 09:41 . 2001-08-17 14:02 262528 ----a-w- c:\windows\system32\drivers\cinemst2.sys
2012-03-14 09:41 . 2001-08-17 14:02 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys
2012-03-14 09:41 . 2001-08-17 14:01 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys
2012-03-14 09:41 . 2001-08-17 13:57 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2012-03-14 09:41 . 2001-08-17 13:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2012-03-14 09:41 . 2001-08-17 13:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-03-14 09:41 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2012-03-14 09:41 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2012-03-14 09:41 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2012-03-14 09:41 . 2001-08-17 13:24 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys
2012-03-14 09:30 . 2012-03-14 09:30 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-14 09:30 . 2012-03-14 09:30 218624 ----a-w- c:\windows\system32\uxtheme.dll
2012-03-14 09:30 . 2012-03-14 09:30 140288 ----a-w- c:\windows\system32\sfc_os.dll
2012-03-14 09:29 . 2012-03-14 10:38 990208 ----a-w- c:\windows\system32\syssetup.dll
2012-03-14 09:28 . 2012-03-14 09:28 398416 ----a-w- c:\windows\system\VBRUN300.DLL
2012-03-14 09:28 . 2012-03-14 09:28 722192 ----a-w- c:\windows\system\VB40032.DLL
2012-03-14 09:28 . 2012-03-14 09:28 356992 ----a-w- c:\windows\system\VBRUN200.DLL
2012-03-14 09:28 . 2012-03-14 09:28 271264 ----a-w- c:\windows\system\VBRUN100.DLL
2012-03-14 09:28 . 2012-03-14 09:28 935632 ----a-w- c:\windows\system\VB40016.DLL
2012-03-14 09:28 . 2012-03-14 09:28 210944 ----a-w- c:\windows\system32\msvcrt10.dll
2012-03-14 09:28 . 2012-03-14 09:28 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-03-14 09:28 . 2012-03-14 09:28 44536 ----a-w- c:\windows\system32\wups2.dll
2012-03-14 09:28 . 2012-03-14 09:28 223232 ----a-w- c:\windows\system32\wksprt.exe
2012-03-14 09:28 . 2012-03-14 09:28 12800 ----a-w- c:\windows\system32\wksprtps.dll
2012-03-14 09:28 . 2001-08-23 11:00 21496 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-03-14 09:28 . 2001-08-23 11:00 17400 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-03-14 09:28 . 2001-08-23 11:00 14840 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-03-14 09:28 . 2001-08-23 11:00 14840 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-03-14 09:28 . 2012-03-14 09:28 29184 ----a-w- c:\windows\system32\drivers\usbccid.sys
2012-03-14 09:28 . 2001-08-23 11:00 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2012-03-14 09:28 . 2012-03-14 09:28 57344 ----a-w- c:\windows\system32\uexfat.dll
2012-03-14 09:28 . 2012-03-14 09:28 46080 ----a-w- c:\windows\system32\tswbprxy.exe
2012-03-14 09:28 . 2001-08-23 11:00 192912 ----a-w- c:\windows\system32\SecProc_ssp_isv.dll
2012-03-14 09:28 . 2001-08-23 11:00 562064 ----a-w- c:\windows\system32\SecProc_isv.dll
2012-03-14 09:28 . 2001-08-23 11:00 192904 ----a-w- c:\windows\system32\SecProc_ssp.dll
2012-03-14 09:28 . 2012-03-14 09:28 62848 ----a-w- c:\windows\system32\drivers\rspndr.sys
2012-03-14 09:28 . 2012-03-14 09:28 558984 ----a-w- c:\windows\system32\SecProc.dll
2012-03-14 09:28 . 2012-03-14 09:28 10752 ----a-w- c:\windows\system32\rspndr.exe
2012-03-14 09:28 . 2001-08-23 11:00 361872 ----a-w- c:\windows\system32\RmActivate_ssp_isv.exe
2012-03-14 09:28 . 2001-08-23 11:00 575880 ----a-w- c:\windows\system32\RmActivate_isv.exe
2012-03-14 09:28 . 2001-08-23 11:00 362888 ----a-w- c:\windows\system32\RmActivate_ssp.exe
2012-03-13 04:38 . 2012-04-08 13:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-03-14 . 474D3DCCB57DEFCD917311EEC47204B9 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2012-03-14 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2012-2-25 495104]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-04-10 11:51 137536 ----atw- c:\documents and settings\Milan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\Milan\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56200:TCP"= 56200:TCP:Pando Media Booster
"56200:UDP"= 56200:UDP:Pando Media Booster
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [31.1.2012 20:27 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [31.1.2012 20:27 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [31.1.2012 20:27 13616]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.4.2012 15:46 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.4.2012 15:46 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.4.2012 15:46 20696]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [9.4.2012 22:40 2253120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 20:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.4.2012 15:46 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8.4.2012 15:08 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8.4.2012 15:56 1691480]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8.4.2012 15:46 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 20:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 14:01]
.
2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-436374069-1801674531-1003Core.job
- c:\documents and settings\Milan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-04-10 11:51]
.
2012-04-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-436374069-1801674531-1003UA.job
- c:\documents and settings\Milan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-04-10 11:51]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-08 13:46]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-08 13:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Milan\Application Data\Mozilla\Firefox\Profiles\12zqd9kg.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-crrss - c:\windows\system32\crrss.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Antivirus Protection 2012 SM - c:\documents and settings\Milan\Application Data\Antivirus Protection\securitymanager.exe
MSConfigStartUp-tbcphcuwf54c - c:\docume~1\Milan\LOCALS~1\Temp\921E.tmp
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
AddRemove-Antivirus Protection - c:\documents and settings\Milan\Application Data\Antivirus Protection\securityhelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-04-13 17:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(736)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_449d3952\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-04-13 17:24:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-13 15:24
.
Před spuštěním: 478 950 744 064 bytes free
Po spuštění: 479 004 798 976 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 51D175E1B2B757C408200E3474C02B8B
Jelikoz nevime o Vasem PC nic a z kristalove koule se spatne vesti, navic je noc a tak neni nic videt 
Cela zoo i s babkou pokladni 
