Kontrola logu-Neustálé stahování dat, vyřešeno přes ComboFix
Napsal: 11 bře 2010 21:04
Dobrý den, měl jsem problém s mordrou smrti ve windows. V nozouvem režimu se mi nakonec podařilo počítač zprovoznit, ale nastal problém, že mi to neustale stahovalo data z internetu maximální rychlosti a nešel zapnout firewall. Zapnul jsem ComboFix a problém se vyřešil, ale potřeboval bych kouknout na log jestli je v pořádku. Nijak to nespechá, počítač běží tak jak má, já jen abych měl jistotu že je to v pořádku. Děkuji
ComboFix 10-03-11.02 - Uživatel 11.03.2010 20:09:57.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.425 [GMT 1:00]
Spuštěný z: c:\combofix\ComboFix.exe
Použité ovládací přepínače :: ComboFix
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\cidrive32.exe
c:\windows\system32\crt.dat
c:\windows\system32\crt4.dll
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\kbdatat4.dll
c:\windows\system32\kboem32.dat
c:\windows\system32\kbupdate.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\windows\system32\SyncMan.exe
c:\windows\system32\update20193843.exe
c:\windows\system32\update22443984.exe
Nakažená kopie c:\windows\system32\drivers\cdrom.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\cdrom.sys
Nakažená kopie c:\windows\system32\drivers\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\ndis.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_KGOOTKIT
-------\Legacy_SSHNAS
-------\Service_KGootkit
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-11 do 2010-03-11 )))))))))))))))))))))))))))))))
.
2010-03-11 18:24 . 2010-03-11 18:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-03-11 18:23 . 2010-03-11 18:23 69248 ----a-w- c:\windows\system32\drivers\KGootkit.sys
2010-03-11 09:25 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 23:46 . 2010-03-09 23:46 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-09 23:46 . 2010-03-09 23:46 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-09 23:14 . 2010-03-09 23:14 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-03-09 23:13 . 2010-03-09 23:45 -------- d-s---w- c:\documents and settings\Administrator
2010-03-09 23:13 . 2010-03-09 23:45 -------- d-----w- c:\documents and settings\Administrator\Šablony
2010-03-09 23:13 . 2010-03-09 23:45 -------- d-----w- c:\documents and settings\Administrator\Data aplikací
2010-03-09 22:15 . 2010-03-09 23:45 -------- d-----w- C:\RECYCLER(2)
2010-03-09 21:05 . 2010-03-09 21:05 -------- d-----w- c:\program files\Alwil Software
2010-03-08 18:28 . 2010-03-08 18:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-08 18:08 . 2010-03-11 19:48 860672 ----a-w- c:\windows\system32\drivers\wubtgfx.sys
2010-03-06 00:20 . 2009-11-14 00:49 120056 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-06 00:20 . 2010-03-06 00:23 -------- d-----w- c:\program files\Google
2010-03-06 00:20 . 2010-03-06 00:20 -------- d-----w- c:\program files\DivX
2010-03-06 00:20 . 2010-03-06 00:20 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-22 11:04 . 2010-02-22 11:04 -------- d-----w- c:\program files\mpegable
2010-02-22 11:04 . 2010-02-22 11:04 47104 ------w- c:\windows\AKDeInstall.exe
2010-02-14 18:02 . 2010-02-22 09:52 -------- d-----w- c:\program files\GraphicsGale FreeEdition
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 19:44 . 2008-10-11 07:44 99768352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-11 19:44 . 2008-10-11 07:44 2263072 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-11 19:44 . 2008-10-11 07:44 218360 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-11 19:44 . 2008-10-11 07:44 1171352 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-11 19:27 . 2009-09-16 16:38 -------- d-----w- c:\program files\SeaMonkey
2010-03-09 23:34 . 2009-01-17 12:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-09 23:34 . 2008-01-25 14:35 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-09 22:32 . 2007-09-09 07:57 -------- d-----w- c:\program files\Spyware Terminator
2010-03-07 14:00 . 2006-03-02 12:00 1034240 ------w- c:\windows\explorer.exe
2010-02-22 13:07 . 2007-01-06 20:04 -------- d-----w- c:\program files\QIP
2010-02-20 11:05 . 2007-01-06 20:43 -------- d-----w- c:\program files\FlashGet
2010-02-06 12:47 . 2010-02-06 12:47 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-06 12:47 . 2010-02-06 12:47 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-06 12:47 . 2009-05-23 08:20 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-01-26 16:44 . 2010-03-09 23:43 240052 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1029.dat
2010-01-21 13:35 . 2008-02-05 19:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 11:58 . 2007-03-03 16:00 -------- d-----w- c:\program files\GameSpy Arcade
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2007-01-06 17:10 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2006-05-03 09:06 . 2008-05-28 19:49 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-05-28 19:49 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-03-21 14:09 . 2006-03-02 12:00 168371 --sha-r- c:\windows\system32\pnuelbu.dll
2007-12-17 12:43 . 2008-05-28 19:49 27648 --sh--w- c:\windows\system32\Smab0.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-03-09_19.35.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-11 19:46 . 2010-03-11 19:46 16384 c:\windows\temp\Perflib_Perfdata_7b0.dat
+ 2006-03-02 12:00 . 2008-04-13 18:40 62976 c:\windows\system32\drivers\cdrom.sys
+ 2010-03-11 18:24 . 2010-03-11 19:09 32768 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2007-01-06 17:17 . 2010-03-11 19:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-01-06 17:17 . 2009-10-27 11:08 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-11 19:07 . 2010-03-11 19:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010031120100312\index.dat
+ 2007-01-06 17:17 . 2010-03-11 19:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-01-06 17:17 . 2009-10-27 11:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-03-11 18:24 . 2010-03-11 19:04 13312 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{46C8AD25-2D3B-11DF-98F0-00161746AA04}.dat
- 2009-10-27 11:08 . 2009-10-27 11:08 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-27 11:08 . 2010-03-11 19:09 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-03-11 18:24 . 2010-03-11 19:09 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-10-19 08:58 . 2010-02-10 19:47 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-03-02 12:00 . 2008-04-14 03:22 3072 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Windows Server\qvxoob.dll
+ 2010-03-11 19:09 . 2010-03-11 19:09 3584 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{96F45B8B-2D41-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:07 . 2010-03-11 19:08 5120 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{45935797-2D41-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:43 . 2010-03-11 18:43 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{FE801F8E-2D3D-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:57 . 2010-03-11 18:57 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{ECDB16D8-2D3F-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:28 . 2010-03-11 18:29 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{EA6D3470-2D3B-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:35 . 2010-03-11 18:35 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{DC5FF7AE-2D3C-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:04 . 2010-03-11 19:04 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{DA5C9864-2D40-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:42 . 2010-03-11 18:42 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{D3A419AA-2D3D-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:27 . 2010-03-11 18:28 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{C535FF98-2D3B-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:56 . 2010-03-11 18:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{C3D25DDC-2D3F-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:34 . 2010-03-11 18:34 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{B6D7B2E2-2D3C-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:02 . 2010-03-11 19:03 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{B295BCDE-2D40-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:41 . 2010-03-11 18:41 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{AC4FAF04-2D3D-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:26 . 2010-03-11 18:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{9F2F5E2A-2D3B-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:55 . 2010-03-11 18:55 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{9BC8C07E-2D3F-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:09 . 2010-03-11 19:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{96F45B8C-2D41-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:33 . 2010-03-11 18:33 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{90800180-2D3C-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:01 . 2010-03-11 19:02 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{8D2A144A-2D40-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:40 . 2010-03-11 18:40 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{81C256BA-2D3D-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:25 . 2010-03-11 18:25 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{75F6F626-2D3B-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:54 . 2010-03-11 18:54 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{74DD3D51-2D3F-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:54 . 2010-03-11 18:54 6144 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{74DD3D50-2D3F-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:08 . 2010-03-11 19:08 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{7113DFBA-2D41-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:00 . 2010-03-11 19:01 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{6710600C-2D40-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:32 . 2010-03-11 18:32 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{65DD340C-2D3C-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:38 . 2010-03-11 18:39 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{5895DA78-2D3D-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:24 . 2010-03-11 18:24 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{4CDD8CB4-2D3B-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:24 . 2010-03-11 18:24 6144 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{46C8AD26-2D3B-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:07 . 2010-03-11 19:07 6144 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{4593579A-2D41-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:07 . 2010-03-11 19:07 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{45935798-2D41-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:59 . 2010-03-11 19:00 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{3E75533C-2D40-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:31 . 2010-03-11 18:31 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{3DB235C2-2D3C-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:37 . 2010-03-11 18:38 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{2E015B20-2D3D-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:58 . 2010-03-11 18:58 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{17A1A792-2D40-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:29 . 2010-03-11 18:30 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{153D4E92-2D3C-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:36 . 2010-03-11 18:36 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{055CC4E8-2D3D-11DF-98F0-00161746AA04}.dat
- 2007-10-19 08:58 . 2010-02-10 19:47 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-03-09 21:49 . 2010-03-09 21:49 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000004(2)\UsrClass.dat
+ 2010-03-09 21:49 . 2010-03-09 21:49 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000002(2)\UsrClass.dat
+ 2008-04-27 11:08 . 2010-03-09 23:46 881660 c:\windows\system32\Restore\rstrlog.dat
+ 2006-03-02 12:00 . 2008-04-13 19:20 182656 c:\windows\system32\drivers\ndis.sys
+ 2006-03-02 12:00 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\ndis.sys
- 2007-10-19 08:58 . 2010-02-10 19:47 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-03-09 21:49 . 2010-03-09 21:49 192512 c:\windows\ERDNT\subs(2)\Users(2)\00000006(2)\UsrClass.dat
+ 2010-02-04 17:11 . 2010-02-04 17:11 5526528 c:\windows\Installer\a61cf1.msp
+ 2010-01-27 16:53 . 2010-01-27 16:53 6820864 c:\windows\Installer\a61cdb.msp
+ 2010-03-09 21:49 . 2010-03-09 21:49 1429504 c:\windows\ERDNT\subs(2)\Users(2)\00000003(2)\NTUSER.DAT
+ 2010-03-09 21:49 . 2010-03-09 21:49 1429504 c:\windows\ERDNT\subs(2)\Users(2)\00000001(2)\NTUSER.DAT
+ 2007-01-07 13:06 . 2010-03-02 05:30 31648712 c:\windows\system32\MRT.exe
+ 2010-03-09 21:49 . 2010-03-09 21:49 19173376 c:\windows\ERDNT\subs(2)\Users(2)\00000005(2)\ntuser.dat
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Host\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk.disabled [2010-1-26 864]
c:\documents and settings\U§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
msconfig32.exe [2010-3-11 52736]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODDRMBS\0autocheck autochk *
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Comrade.exe"=c:\program files\GameSpy\Comrade\Comrade.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"AtiTrayTools"="c:\program files\Ray Adams\ATI Tray Tools\atitray.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"CyberPet"=d:\hostso~1\CYBERP~1\CyberPet.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"C-Media Mixer"=Mixer.exe /startup
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ c:\documents and settings\Uživatel\Local Settings\Data aplikací\Windows Server\qvxoob.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\Hry\\Need for Speed Underground 2\\speed2.exe"=
"\\\\JAROSLAV\\D\\HRY\\Game\\ac.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Hry\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\HLSW\\hlsw_1_0_0.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"d:\\Hry\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"=
"d:\\Hry\\EA GAMES\\Battlefield 2\\BF2VoipServer.exe"=
"d:\\Hry\\EA GAMES\\Battlefield 2\\BF2VoipServer_w32ded.exe"=
"d:\\Hry\\Codemasters\\Colin McRae Rally 2005\\CMR5.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\Empire Earth II\\EE2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Hry\\GRID\\GRID.exe"=
"d:\\Hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"d:\\Hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Ahead\\Nero\\nero.exe"=
"d:\\Hry\\Colin McRae Rally 2\\CMR2.exe"=
"d:\\Hry\\EA GAMES\\Battlefield 2\\BF2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:6881
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2074:TCP"= 2074:TCP:ymbrpde
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [8.9.2008 18:32 18336]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [7.2.2007 21:57 3026]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [18.8.2008 14:42 12856]
R1 Klmc;Klmc;c:\windows\system32\drivers\klmc.sys [4.8.2005 14:40 10995]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [1.4.2007 11:46 2208]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 gupdate1cabcc2d0e004e0;Služba Google Update (gupdate1cabcc2d0e004e0);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2010 1:20 133104]
S3 cpuz126;cpuz126;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\cpuz.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 SSDefrag;SSDefrag;c:\windows\system32\drivers\SSDefrag.sys [10.11.2007 10:19 37888]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\TCCpuInfo.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\TCCpuInfo.sys [?]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [5.7.2009 11:32 23600]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - wubtgfx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
cdjua
.
Obsah adresáře 'Naplánované úlohy'
2010-03-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
2010-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 00:20]
2010-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 00:20]
2010-02-08 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\8f51n83q.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.switch.threshold - 750000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-11 20:47
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\msconfig32.exe 52736 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wubtgfx]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-746137067-1979792683-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-746137067-1979792683-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-746137067-1979792683-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:63,52,af,41,9b,da,c6,57,4c,37,70,3a,d8,65,c9,08,fc,51,d7,84,10,e2,b2,
01,a5,9b,e8,b7,75,51,c9,80,41,61,fd,fc,01,d5,a5,ab,9d,2f,83,eb,6b,07,cb,ed,\
"??"=hex:46,a1,ff,05,41,96,a8,b2,86,20,41,86,6e,83,08,98
[HKEY_USERS\S-1-5-21-746137067-1979792683-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:55,de,1a,88,c9,b3,7e,56,7f,2a,06,10,24,da,1d,34,a7,ec,c1,16,e5,
db,4a,28,1a,58,a8,c2,b3,53,ab,65,be,f6,0b,bc,24,14,a6,53,a8,d5,84,7d,d8,0c,\
"rkeysecu"=hex:b8,c8,fa,ed,6e,12,1f,bf,79,a9,73,b5,fc,35,d2,d3
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1216)
c:\documents and settings\Uživatel\Local Settings\Data aplikací\Windows Server\qvxoob.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll
- - - - - - - > 'explorer.exe'(1248)
c:\documents and settings\Uživatel\Local Settings\Data aplikací\Windows Server\qvxoob.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Celkový čas: 2010-03-11 20:51:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-11 19:51
ComboFix2.txt 2010-03-09 20:31
ComboFix3.txt 2010-03-09 19:40
Před spuštěním: Volných bajtů: 12 571 033 600
Po spuštění: Volných bajtů: 12 488 065 024
- - End Of File - - 07C2BD3CBF80A899CAD87B9411556E40
ComboFix 10-03-11.02 - Uživatel 11.03.2010 20:09:57.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.425 [GMT 1:00]
Spuštěný z: c:\combofix\ComboFix.exe
Použité ovládací přepínače :: ComboFix
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\cidrive32.exe
c:\windows\system32\crt.dat
c:\windows\system32\crt4.dll
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\kbdatat4.dll
c:\windows\system32\kboem32.dat
c:\windows\system32\kbupdate.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\windows\system32\SyncMan.exe
c:\windows\system32\update20193843.exe
c:\windows\system32\update22443984.exe
Nakažená kopie c:\windows\system32\drivers\cdrom.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\cdrom.sys
Nakažená kopie c:\windows\system32\drivers\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\ndis.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_KGOOTKIT
-------\Legacy_SSHNAS
-------\Service_KGootkit
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-11 do 2010-03-11 )))))))))))))))))))))))))))))))
.
2010-03-11 18:24 . 2010-03-11 18:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-03-11 18:23 . 2010-03-11 18:23 69248 ----a-w- c:\windows\system32\drivers\KGootkit.sys
2010-03-11 09:25 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 23:46 . 2010-03-09 23:46 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-09 23:46 . 2010-03-09 23:46 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-09 23:14 . 2010-03-09 23:14 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-03-09 23:13 . 2010-03-09 23:45 -------- d-s---w- c:\documents and settings\Administrator
2010-03-09 23:13 . 2010-03-09 23:45 -------- d-----w- c:\documents and settings\Administrator\Šablony
2010-03-09 23:13 . 2010-03-09 23:45 -------- d-----w- c:\documents and settings\Administrator\Data aplikací
2010-03-09 22:15 . 2010-03-09 23:45 -------- d-----w- C:\RECYCLER(2)
2010-03-09 21:05 . 2010-03-09 21:05 -------- d-----w- c:\program files\Alwil Software
2010-03-08 18:28 . 2010-03-08 18:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-08 18:08 . 2010-03-11 19:48 860672 ----a-w- c:\windows\system32\drivers\wubtgfx.sys
2010-03-06 00:20 . 2009-11-14 00:49 120056 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-06 00:20 . 2010-03-06 00:23 -------- d-----w- c:\program files\Google
2010-03-06 00:20 . 2010-03-06 00:20 -------- d-----w- c:\program files\DivX
2010-03-06 00:20 . 2010-03-06 00:20 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-22 11:04 . 2010-02-22 11:04 -------- d-----w- c:\program files\mpegable
2010-02-22 11:04 . 2010-02-22 11:04 47104 ------w- c:\windows\AKDeInstall.exe
2010-02-14 18:02 . 2010-02-22 09:52 -------- d-----w- c:\program files\GraphicsGale FreeEdition
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 19:44 . 2008-10-11 07:44 99768352 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-11 19:44 . 2008-10-11 07:44 2263072 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-11 19:44 . 2008-10-11 07:44 218360 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-11 19:44 . 2008-10-11 07:44 1171352 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-11 19:27 . 2009-09-16 16:38 -------- d-----w- c:\program files\SeaMonkey
2010-03-09 23:34 . 2009-01-17 12:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-09 23:34 . 2008-01-25 14:35 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-09 22:32 . 2007-09-09 07:57 -------- d-----w- c:\program files\Spyware Terminator
2010-03-07 14:00 . 2006-03-02 12:00 1034240 ------w- c:\windows\explorer.exe
2010-02-22 13:07 . 2007-01-06 20:04 -------- d-----w- c:\program files\QIP
2010-02-20 11:05 . 2007-01-06 20:43 -------- d-----w- c:\program files\FlashGet
2010-02-06 12:47 . 2010-02-06 12:47 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-06 12:47 . 2010-02-06 12:47 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-06 12:47 . 2009-05-23 08:20 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-01-26 16:44 . 2010-03-09 23:43 240052 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1029.dat
2010-01-21 13:35 . 2008-02-05 19:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 11:58 . 2007-03-03 16:00 -------- d-----w- c:\program files\GameSpy Arcade
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2007-01-06 17:10 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2006-05-03 09:06 . 2008-05-28 19:49 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-05-28 19:49 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-03-21 14:09 . 2006-03-02 12:00 168371 --sha-r- c:\windows\system32\pnuelbu.dll
2007-12-17 12:43 . 2008-05-28 19:49 27648 --sh--w- c:\windows\system32\Smab0.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-03-09_19.35.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-11 19:46 . 2010-03-11 19:46 16384 c:\windows\temp\Perflib_Perfdata_7b0.dat
+ 2006-03-02 12:00 . 2008-04-13 18:40 62976 c:\windows\system32\drivers\cdrom.sys
+ 2010-03-11 18:24 . 2010-03-11 19:09 32768 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2007-01-06 17:17 . 2010-03-11 19:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-01-06 17:17 . 2009-10-27 11:08 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-11 19:07 . 2010-03-11 19:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010031120100312\index.dat
+ 2007-01-06 17:17 . 2010-03-11 19:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-01-06 17:17 . 2009-10-27 11:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-03-11 18:24 . 2010-03-11 19:04 13312 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{46C8AD25-2D3B-11DF-98F0-00161746AA04}.dat
- 2009-10-27 11:08 . 2009-10-27 11:08 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-27 11:08 . 2010-03-11 19:09 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-03-11 18:24 . 2010-03-11 19:09 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-10-19 08:58 . 2010-02-10 19:47 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-03-02 12:00 . 2008-04-14 03:22 3072 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Windows Server\qvxoob.dll
+ 2010-03-11 19:09 . 2010-03-11 19:09 3584 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{96F45B8B-2D41-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:07 . 2010-03-11 19:08 5120 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{45935797-2D41-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:43 . 2010-03-11 18:43 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{FE801F8E-2D3D-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:57 . 2010-03-11 18:57 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{ECDB16D8-2D3F-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:28 . 2010-03-11 18:29 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{EA6D3470-2D3B-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:35 . 2010-03-11 18:35 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{DC5FF7AE-2D3C-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:04 . 2010-03-11 19:04 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{DA5C9864-2D40-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:42 . 2010-03-11 18:42 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{D3A419AA-2D3D-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:27 . 2010-03-11 18:28 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{C535FF98-2D3B-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:56 . 2010-03-11 18:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{C3D25DDC-2D3F-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:34 . 2010-03-11 18:34 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{B6D7B2E2-2D3C-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:02 . 2010-03-11 19:03 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{B295BCDE-2D40-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:41 . 2010-03-11 18:41 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{AC4FAF04-2D3D-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:26 . 2010-03-11 18:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{9F2F5E2A-2D3B-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:55 . 2010-03-11 18:55 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{9BC8C07E-2D3F-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:09 . 2010-03-11 19:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{96F45B8C-2D41-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:33 . 2010-03-11 18:33 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{90800180-2D3C-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:01 . 2010-03-11 19:02 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{8D2A144A-2D40-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:40 . 2010-03-11 18:40 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{81C256BA-2D3D-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:25 . 2010-03-11 18:25 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{75F6F626-2D3B-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:54 . 2010-03-11 18:54 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{74DD3D51-2D3F-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:54 . 2010-03-11 18:54 6144 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{74DD3D50-2D3F-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:08 . 2010-03-11 19:08 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{7113DFBA-2D41-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:00 . 2010-03-11 19:01 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{6710600C-2D40-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:32 . 2010-03-11 18:32 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{65DD340C-2D3C-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:38 . 2010-03-11 18:39 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{5895DA78-2D3D-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:24 . 2010-03-11 18:24 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{4CDD8CB4-2D3B-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:24 . 2010-03-11 18:24 6144 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{46C8AD26-2D3B-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:07 . 2010-03-11 19:07 6144 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{4593579A-2D41-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 19:07 . 2010-03-11 19:07 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{45935798-2D41-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:59 . 2010-03-11 19:00 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{3E75533C-2D40-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:31 . 2010-03-11 18:31 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{3DB235C2-2D3C-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:37 . 2010-03-11 18:38 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{2E015B20-2D3D-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:58 . 2010-03-11 18:58 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{17A1A792-2D40-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:29 . 2010-03-11 18:30 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{153D4E92-2D3C-11DF-98F0-00161746AA04}.dat
+ 2010-03-11 18:36 . 2010-03-11 18:36 4608 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Internet Explorer\Recovery\Active\{055CC4E8-2D3D-11DF-98F0-00161746AA04}.dat
- 2007-10-19 08:58 . 2010-02-10 19:47 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-03-09 21:49 . 2010-03-09 21:49 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000004(2)\UsrClass.dat
+ 2010-03-09 21:49 . 2010-03-09 21:49 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000002(2)\UsrClass.dat
+ 2008-04-27 11:08 . 2010-03-09 23:46 881660 c:\windows\system32\Restore\rstrlog.dat
+ 2006-03-02 12:00 . 2008-04-13 19:20 182656 c:\windows\system32\drivers\ndis.sys
+ 2006-03-02 12:00 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\ndis.sys
- 2007-10-19 08:58 . 2010-02-10 19:47 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-19 08:58 . 2010-02-10 19:47 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-10-19 08:58 . 2010-03-11 12:44 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-03-09 21:49 . 2010-03-09 21:49 192512 c:\windows\ERDNT\subs(2)\Users(2)\00000006(2)\UsrClass.dat
+ 2010-02-04 17:11 . 2010-02-04 17:11 5526528 c:\windows\Installer\a61cf1.msp
+ 2010-01-27 16:53 . 2010-01-27 16:53 6820864 c:\windows\Installer\a61cdb.msp
+ 2010-03-09 21:49 . 2010-03-09 21:49 1429504 c:\windows\ERDNT\subs(2)\Users(2)\00000003(2)\NTUSER.DAT
+ 2010-03-09 21:49 . 2010-03-09 21:49 1429504 c:\windows\ERDNT\subs(2)\Users(2)\00000001(2)\NTUSER.DAT
+ 2007-01-07 13:06 . 2010-03-02 05:30 31648712 c:\windows\system32\MRT.exe
+ 2010-03-09 21:49 . 2010-03-09 21:49 19173376 c:\windows\ERDNT\subs(2)\Users(2)\00000005(2)\ntuser.dat
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Host\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk.disabled [2010-1-26 864]
c:\documents and settings\U§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
msconfig32.exe [2010-3-11 52736]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODDRMBS\0autocheck autochk *
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Comrade.exe"=c:\program files\GameSpy\Comrade\Comrade.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"AtiTrayTools"="c:\program files\Ray Adams\ATI Tray Tools\atitray.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"CyberPet"=d:\hostso~1\CYBERP~1\CyberPet.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"C-Media Mixer"=Mixer.exe /startup
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ c:\documents and settings\Uživatel\Local Settings\Data aplikací\Windows Server\qvxoob.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\Hry\\Need for Speed Underground 2\\speed2.exe"=
"\\\\JAROSLAV\\D\\HRY\\Game\\ac.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Hry\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\HLSW\\hlsw_1_0_0.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"d:\\Hry\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"=
"d:\\Hry\\EA GAMES\\Battlefield 2\\BF2VoipServer.exe"=
"d:\\Hry\\EA GAMES\\Battlefield 2\\BF2VoipServer_w32ded.exe"=
"d:\\Hry\\Codemasters\\Colin McRae Rally 2005\\CMR5.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\Empire Earth II\\EE2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Hry\\GRID\\GRID.exe"=
"d:\\Hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"d:\\Hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Ahead\\Nero\\nero.exe"=
"d:\\Hry\\Colin McRae Rally 2\\CMR2.exe"=
"d:\\Hry\\EA GAMES\\Battlefield 2\\BF2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:6881
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2074:TCP"= 2074:TCP:ymbrpde
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [8.9.2008 18:32 18336]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [7.2.2007 21:57 3026]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [18.8.2008 14:42 12856]
R1 Klmc;Klmc;c:\windows\system32\drivers\klmc.sys [4.8.2005 14:40 10995]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [1.4.2007 11:46 2208]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 gupdate1cabcc2d0e004e0;Služba Google Update (gupdate1cabcc2d0e004e0);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2010 1:20 133104]
S3 cpuz126;cpuz126;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\cpuz.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 SSDefrag;SSDefrag;c:\windows\system32\drivers\SSDefrag.sys [10.11.2007 10:19 37888]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\TCCpuInfo.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\TCCpuInfo.sys [?]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [5.7.2009 11:32 23600]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - wubtgfx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
cdjua
.
Obsah adresáře 'Naplánované úlohy'
2010-03-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
2010-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 00:20]
2010-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 00:20]
2010-02-08 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\8f51n83q.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.switch.threshold - 750000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-11 20:47
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\msconfig32.exe 52736 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wubtgfx]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-746137067-1979792683-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-746137067-1979792683-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-746137067-1979792683-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:63,52,af,41,9b,da,c6,57,4c,37,70,3a,d8,65,c9,08,fc,51,d7,84,10,e2,b2,
01,a5,9b,e8,b7,75,51,c9,80,41,61,fd,fc,01,d5,a5,ab,9d,2f,83,eb,6b,07,cb,ed,\
"??"=hex:46,a1,ff,05,41,96,a8,b2,86,20,41,86,6e,83,08,98
[HKEY_USERS\S-1-5-21-746137067-1979792683-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:55,de,1a,88,c9,b3,7e,56,7f,2a,06,10,24,da,1d,34,a7,ec,c1,16,e5,
db,4a,28,1a,58,a8,c2,b3,53,ab,65,be,f6,0b,bc,24,14,a6,53,a8,d5,84,7d,d8,0c,\
"rkeysecu"=hex:b8,c8,fa,ed,6e,12,1f,bf,79,a9,73,b5,fc,35,d2,d3
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1216)
c:\documents and settings\Uživatel\Local Settings\Data aplikací\Windows Server\qvxoob.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll
- - - - - - - > 'explorer.exe'(1248)
c:\documents and settings\Uživatel\Local Settings\Data aplikací\Windows Server\qvxoob.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Celkový čas: 2010-03-11 20:51:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-11 19:51
ComboFix2.txt 2010-03-09 20:31
ComboFix3.txt 2010-03-09 19:40
Před spuštěním: Volných bajtů: 12 571 033 600
Po spuštění: Volných bajtů: 12 488 065 024
- - End Of File - - 07C2BD3CBF80A899CAD87B9411556E40
