nefungující autorun
-
guest
- Pohlaví:
Re: nefungující autorun
Nic ve zlém, ale občas je dobré přečíst si Pravidla fóra případně návod na HijackThis. Logy se vkládají do sekce HijackThis a tam to chlapi kontrolují- pokud je to vloženo jinde, nemusejí si toho všimnout. Pak čekáte a rozčilujete se, ale zbytečně.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: nefungující autorun
Zadavatel mě určitě nekontaktoval , to je lež , očividně si přeje někoho jiného....
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: nefungující autorun
psal jsem ti zprávu!!!
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: nefungující autorun
Nic jsem neobdržel, ale je to asi tím , že jsi nevyplnil téma, nahoře, pak se stává , že se to neodešle..
Vypni rez. ochrany u ESS ( i firewall)
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Vypni rez. ochrany u ESS ( i firewall)
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: nefungující autorun
ComboFix 09-04-04.01 - Rejth 2009-04-05 23:19:38.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1518.1059 [GMT 2:00]
Spuštěný z: c:\downloads\Software\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-05 do 2009-04-05 )))))))))))))))))))))))))))))))
.
2009-04-02 18:19 . 2009-04-02 18:19 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-02 18:19 . 2009-04-02 18:19 1,409 --a------ c:\windows\QTFont.for
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\MyPhoneExplorer
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\MyPhoneExplorer
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\AD ON Multimedia
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\AD ON Multimedia
2009-04-02 18:00 . 2009-04-02 18:01 <DIR> d-------- c:\program files\MyPhoneExplorer
2009-04-02 00:18 . 2009-04-02 00:18 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\InfoTurist
2009-04-02 00:18 . 2009-04-02 00:18 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\InfoTurist
2009-04-01 14:37 . 2009-04-01 14:37 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-31 17:06 . 2009-03-31 17:06 <DIR> d-------- c:\program files\Creative
2009-03-31 16:30 . 2002-08-29 18:33 319,488 -ra------ c:\windows\system32\MafiaSetup.exe
2009-03-29 20:55 . 2009-04-02 18:22 <DIR> d-------- C:\HijackThis
2009-03-27 10:24 . 2009-03-27 10:24 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-25 16:43 . 2009-03-27 20:35 <DIR> d-------- c:\program files\DesetiPrsty
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Malwarebytes
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Malwarebytes
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-18 15:46 . 2009-03-18 15:46 428,106 --a------ c:\windows\system32\prfh0405.dat
2009-03-18 15:46 . 2009-03-18 15:46 77,796 --a------ c:\windows\system32\prfc0405.dat
2009-03-18 15:35 . 2009-03-18 15:35 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Uniblue
2009-03-18 15:35 . 2009-03-18 15:35 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Uniblue
2009-03-18 09:21 . 2009-03-26 14:36 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-17 12:22 . 2009-03-17 12:37 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-03-17 12:20 . 2004-04-27 05:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2009-03-17 12:14 . 2009-03-17 15:51 <DIR> d-------- c:\windows\Internet Logs
2009-03-13 11:44 . 2008-02-08 02:34 109,260 --a------ c:\windows\system32\MSWINSCN.OCX
2009-03-13 11:44 . 2008-02-08 11:59 109,248 --a------ c:\windows\system32\MSWINSCK.OCX
2009-03-12 17:27 . 2009-03-12 17:27 <DIR> d-------- c:\program files\Aberger
2009-03-12 17:27 . 2009-04-02 18:46 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Happy Foto
2009-03-12 17:27 . 2009-04-02 18:46 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Happy Foto
2009-03-12 13:18 . 2009-03-12 13:19 <DIR> d-------- c:\windows\uninstall\Cheat-Eye Vietcong
2009-03-12 13:18 . 2009-03-12 13:18 <DIR> d-------- c:\windows\uninstall
2009-03-10 22:01 . 2009-03-10 22:01 <DIR> d-------- C:\TS_ZEMEP
2009-03-10 22:01 . 1993-04-28 02:00 99,888 --a------ c:\windows\system\ANIBUTON.VBX
2009-03-10 14:32 . 2009-03-11 17:25 <DIR> d-------- C:\TERASOFT
2009-03-09 11:13 . 2009-03-09 11:13 <DIR> d-------- c:\program files\Empire Interactive
2009-03-06 20:04 . 2000-02-25 14:43 302,592 --a------ c:\windows\mauninst.exe
2009-03-05 10:29 . 2009-03-05 10:29 <DIR> d-------- c:\windows\system32\IOSUBSYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 21:19 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Free Download Manager
2009-04-05 21:19 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Free Download Manager
2009-04-05 15:35 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Software Informer
2009-04-05 15:35 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Software Informer
2009-04-02 16:10 --------- d-----w c:\program files\Common Files\Teleca Shared
2009-04-02 08:21 --------- d-----w c:\program files\Share Rapid Uploader
2009-04-01 22:18 --------- d-----w c:\program files\Common Files\SWF Studio
2009-04-01 12:35 --------- d-----w c:\program files\GameSpy Arcade
2009-04-01 12:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-31 06:41 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Vso
2009-03-31 06:41 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Vso
2009-03-28 18:34 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Skype
2009-03-28 18:34 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Skype
2009-03-28 18:21 --------- d-----w c:\documents and settings\Rejth\Data aplikací\skypePM
2009-03-28 18:21 --------- d-----w c:\documents and settings\Rejth\Data aplikací\skypePM
2009-03-26 17:34 --------- d-----w c:\program files\Software Informer
2009-03-21 10:57 --------- d-----w c:\program files\Yahoo!
2009-03-21 08:18 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-19 16:01 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-19 15:12 --------- d-----w c:\program files\Recepty doma
2009-03-19 11:14 --------- d-----w c:\program files\DVDFab Platinum 3
2009-03-17 10:50 --------- d-----w c:\program files\UltraISO
2009-03-16 16:53 --------- d-----w c:\program files\ICQ6
2009-03-05 08:29 --------- d-----w c:\program files\Google
2009-03-02 18:58 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-02 18:53 --------- d-----w c:\program files\CCleaner
2009-03-02 15:58 6,886 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-02 11:37 --------- d-----w c:\program files\BSP Multimedia
2009-03-02 11:22 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Apple Computer
2009-03-02 11:22 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Apple Computer
2009-03-02 10:42 --------- d-----w c:\program files\QuickTime
2009-03-02 10:42 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-02-27 12:40 --------- d-----w c:\program files\Smoky City Design
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Pro
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Pro
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Lite
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Lite
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools
2009-02-25 07:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-02-23 15:02 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-02-23 15:02 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-02-23 14:58 --------- d-----w c:\program files\Atari
2009-02-17 19:57 --------- d-----w c:\program files\Hewlett-Packard
2009-02-17 19:51 45,056 ----a-w c:\windows\NCUNINST.EXE
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-05 20:01 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-05 20:01 --------- d-----w c:\documents and settings\All Users\Data aplikací\InstallShield
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-10-20 13:10 87,608 ----a-w c:\documents and settings\Rejth\Data aplikací\ezpinst.exe
2008-10-20 13:10 87,608 ----a-w c:\documents and settings\Rejth\Data aplikací\ezpinst.exe
2008-10-20 13:10 47,360 ----a-w c:\documents and settings\Rejth\Data aplikací\pcouffin.sys
2008-10-20 13:10 47,360 ----a-w c:\documents and settings\Rejth\Data aplikací\pcouffin.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-03-24 1785925]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"SMail"="c:\email\Postak\Postak.exe" [2008-02-21 453936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" [2005-09-18 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.l3codec"= l3codecp.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"OEXPRESS"=c:\windows\OETRN.EXE
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"VVSN"=c:\program files\VVSN\VVSN.exe
"SoundMan"=SOUNDMAN.EXE
"nwiz"=nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"e:\\hry\\VIETCONG\\vietcong.exe"=
"e:\\hry\\FlatOut2\\FlatOut2.exe"=
"e:\\hry\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-08-16 13696]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-12 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c99b173630f120;Google Update Service (gupdate1c99b173630f120);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [2008-08-21 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [2008-08-21 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [2008-08-21 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [2008-08-21 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [2008-08-21 86368]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3021-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - H:\ppk.exe
\Shell\readme\command - notepad cti_mne.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3022-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - I:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3026-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - M:\MafiaLauncher.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c302d-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - T:\AUTORUN.EXE
.
Obsah adresáře 'Naplánované úlohy'
2009-04-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
2009-04-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 11:13]
2008-10-01 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.desktopsmiley.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {A31EE4C9-862B-423C-B4D1-5A8BDA288295} = 172.16.0.5,172.16.10.1
FF - ProfilePath - c:\documents and settings\Rejth\Data aplikací\Mozilla\Firefox\Profiles\yw1wn5d6.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 23:20:59
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1844237615-616249376-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:90,5e,0c,aa,20,42,5a,c7,36,34,1f,cb,8f,3d,4a,73,a7,c4,73,23,0e,
71,0e,8a,92,ff,ef,cd,a0,f6,1d,8c,08,ce,23,cb,1c,d7,3e,c4,50,d2,15,39,24,bf,\
"rkeysecu"=hex:5b,2d,95,b6,76,38,9e,59,93,17,a0,b2,a8,b7,68,ad
[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\ACPI\PNP0F13\3&2411e6fe&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
Celkový čas: 2009-04-05 23:23:06
ComboFix-quarantined-files.txt 2009-04-05 21:22:26
Před spuštěním: Volných bajtů: 14 714 228 736
Po spuštění: Volných bajtů: 14,757,564,416
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
260 --- E O F --- 2009-03-18 23:49:22
Je to tady a sorry za tu správu myslel jsem ,že Ti přišla 
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1518.1059 [GMT 2:00]
Spuštěný z: c:\downloads\Software\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-05 do 2009-04-05 )))))))))))))))))))))))))))))))
.
2009-04-02 18:19 . 2009-04-02 18:19 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-02 18:19 . 2009-04-02 18:19 1,409 --a------ c:\windows\QTFont.for
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\MyPhoneExplorer
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\MyPhoneExplorer
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\AD ON Multimedia
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\AD ON Multimedia
2009-04-02 18:00 . 2009-04-02 18:01 <DIR> d-------- c:\program files\MyPhoneExplorer
2009-04-02 00:18 . 2009-04-02 00:18 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\InfoTurist
2009-04-02 00:18 . 2009-04-02 00:18 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\InfoTurist
2009-04-01 14:37 . 2009-04-01 14:37 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-31 17:06 . 2009-03-31 17:06 <DIR> d-------- c:\program files\Creative
2009-03-31 16:30 . 2002-08-29 18:33 319,488 -ra------ c:\windows\system32\MafiaSetup.exe
2009-03-29 20:55 . 2009-04-02 18:22 <DIR> d-------- C:\HijackThis
2009-03-27 10:24 . 2009-03-27 10:24 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-25 16:43 . 2009-03-27 20:35 <DIR> d-------- c:\program files\DesetiPrsty
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Malwarebytes
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Malwarebytes
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-18 15:46 . 2009-03-18 15:46 428,106 --a------ c:\windows\system32\prfh0405.dat
2009-03-18 15:46 . 2009-03-18 15:46 77,796 --a------ c:\windows\system32\prfc0405.dat
2009-03-18 15:35 . 2009-03-18 15:35 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Uniblue
2009-03-18 15:35 . 2009-03-18 15:35 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Uniblue
2009-03-18 09:21 . 2009-03-26 14:36 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-17 12:22 . 2009-03-17 12:37 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-03-17 12:20 . 2004-04-27 05:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2009-03-17 12:14 . 2009-03-17 15:51 <DIR> d-------- c:\windows\Internet Logs
2009-03-13 11:44 . 2008-02-08 02:34 109,260 --a------ c:\windows\system32\MSWINSCN.OCX
2009-03-13 11:44 . 2008-02-08 11:59 109,248 --a------ c:\windows\system32\MSWINSCK.OCX
2009-03-12 17:27 . 2009-03-12 17:27 <DIR> d-------- c:\program files\Aberger
2009-03-12 17:27 . 2009-04-02 18:46 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Happy Foto
2009-03-12 17:27 . 2009-04-02 18:46 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Happy Foto
2009-03-12 13:18 . 2009-03-12 13:19 <DIR> d-------- c:\windows\uninstall\Cheat-Eye Vietcong
2009-03-12 13:18 . 2009-03-12 13:18 <DIR> d-------- c:\windows\uninstall
2009-03-10 22:01 . 2009-03-10 22:01 <DIR> d-------- C:\TS_ZEMEP
2009-03-10 22:01 . 1993-04-28 02:00 99,888 --a------ c:\windows\system\ANIBUTON.VBX
2009-03-10 14:32 . 2009-03-11 17:25 <DIR> d-------- C:\TERASOFT
2009-03-09 11:13 . 2009-03-09 11:13 <DIR> d-------- c:\program files\Empire Interactive
2009-03-06 20:04 . 2000-02-25 14:43 302,592 --a------ c:\windows\mauninst.exe
2009-03-05 10:29 . 2009-03-05 10:29 <DIR> d-------- c:\windows\system32\IOSUBSYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 21:19 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Free Download Manager
2009-04-05 21:19 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Free Download Manager
2009-04-05 15:35 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Software Informer
2009-04-05 15:35 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Software Informer
2009-04-02 16:10 --------- d-----w c:\program files\Common Files\Teleca Shared
2009-04-02 08:21 --------- d-----w c:\program files\Share Rapid Uploader
2009-04-01 22:18 --------- d-----w c:\program files\Common Files\SWF Studio
2009-04-01 12:35 --------- d-----w c:\program files\GameSpy Arcade
2009-04-01 12:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-31 06:41 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Vso
2009-03-31 06:41 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Vso
2009-03-28 18:34 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Skype
2009-03-28 18:34 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Skype
2009-03-28 18:21 --------- d-----w c:\documents and settings\Rejth\Data aplikací\skypePM
2009-03-28 18:21 --------- d-----w c:\documents and settings\Rejth\Data aplikací\skypePM
2009-03-26 17:34 --------- d-----w c:\program files\Software Informer
2009-03-21 10:57 --------- d-----w c:\program files\Yahoo!
2009-03-21 08:18 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-19 16:01 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-19 15:12 --------- d-----w c:\program files\Recepty doma
2009-03-19 11:14 --------- d-----w c:\program files\DVDFab Platinum 3
2009-03-17 10:50 --------- d-----w c:\program files\UltraISO
2009-03-16 16:53 --------- d-----w c:\program files\ICQ6
2009-03-05 08:29 --------- d-----w c:\program files\Google
2009-03-02 18:58 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-02 18:53 --------- d-----w c:\program files\CCleaner
2009-03-02 15:58 6,886 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-02 11:37 --------- d-----w c:\program files\BSP Multimedia
2009-03-02 11:22 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Apple Computer
2009-03-02 11:22 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Apple Computer
2009-03-02 10:42 --------- d-----w c:\program files\QuickTime
2009-03-02 10:42 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-02-27 12:40 --------- d-----w c:\program files\Smoky City Design
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Pro
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Pro
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Lite
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Lite
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools
2009-02-25 07:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-02-23 15:02 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-02-23 15:02 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-02-23 14:58 --------- d-----w c:\program files\Atari
2009-02-17 19:57 --------- d-----w c:\program files\Hewlett-Packard
2009-02-17 19:51 45,056 ----a-w c:\windows\NCUNINST.EXE
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-05 20:01 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-05 20:01 --------- d-----w c:\documents and settings\All Users\Data aplikací\InstallShield
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-10-20 13:10 87,608 ----a-w c:\documents and settings\Rejth\Data aplikací\ezpinst.exe
2008-10-20 13:10 87,608 ----a-w c:\documents and settings\Rejth\Data aplikací\ezpinst.exe
2008-10-20 13:10 47,360 ----a-w c:\documents and settings\Rejth\Data aplikací\pcouffin.sys
2008-10-20 13:10 47,360 ----a-w c:\documents and settings\Rejth\Data aplikací\pcouffin.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-03-24 1785925]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"SMail"="c:\email\Postak\Postak.exe" [2008-02-21 453936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" [2005-09-18 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.l3codec"= l3codecp.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"OEXPRESS"=c:\windows\OETRN.EXE
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"VVSN"=c:\program files\VVSN\VVSN.exe
"SoundMan"=SOUNDMAN.EXE
"nwiz"=nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"e:\\hry\\VIETCONG\\vietcong.exe"=
"e:\\hry\\FlatOut2\\FlatOut2.exe"=
"e:\\hry\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-08-16 13696]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-12 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c99b173630f120;Google Update Service (gupdate1c99b173630f120);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [2008-08-21 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [2008-08-21 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [2008-08-21 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [2008-08-21 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [2008-08-21 86368]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3021-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - H:\ppk.exe
\Shell\readme\command - notepad cti_mne.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3022-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - I:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3026-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - M:\MafiaLauncher.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c302d-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - T:\AUTORUN.EXE
.
Obsah adresáře 'Naplánované úlohy'
2009-04-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
2009-04-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 11:13]
2008-10-01 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.desktopsmiley.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {A31EE4C9-862B-423C-B4D1-5A8BDA288295} = 172.16.0.5,172.16.10.1
FF - ProfilePath - c:\documents and settings\Rejth\Data aplikací\Mozilla\Firefox\Profiles\yw1wn5d6.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 23:20:59
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1844237615-616249376-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:90,5e,0c,aa,20,42,5a,c7,36,34,1f,cb,8f,3d,4a,73,a7,c4,73,23,0e,
71,0e,8a,92,ff,ef,cd,a0,f6,1d,8c,08,ce,23,cb,1c,d7,3e,c4,50,d2,15,39,24,bf,\
"rkeysecu"=hex:5b,2d,95,b6,76,38,9e,59,93,17,a0,b2,a8,b7,68,ad
[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\ACPI\PNP0F13\3&2411e6fe&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
Celkový čas: 2009-04-05 23:23:06
ComboFix-quarantined-files.txt 2009-04-05 21:22:26
Před spuštěním: Volných bajtů: 14 714 228 736
Po spuštění: Volných bajtů: 14,757,564,416
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
260 --- E O F --- 2009-03-18 23:49:22
Je to tady a sorry za tu správu myslel jsem ,že Ti přišla -
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: nefungující autorun
Mě se to stalo ze začátku taky , nevyplnil jsem předmět zprávy a jemu to taky nedošlo.....
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\windows\system32\prfh0405.dat
c:\windows\system32\prfc0405.dat
Vlož sem pak odkazy výsledků.
Toto asi znáš:
C:\TS_ZEMEP ?
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c302d-6b71-11dd-b692-f4146399328c}]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\windows\system32\prfh0405.dat
c:\windows\system32\prfc0405.dat
Vlož sem pak odkazy výsledků.
Toto asi znáš:
C:\TS_ZEMEP ?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: nefungující autorun
ComboFix 09-04-04.01 - Rejth 2009-04-06 9:37:23.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1518.1051 [GMT 2:00]
Spuštěný z: c:\downloads\Software\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Rejth\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-06 do 2009-04-06 )))))))))))))))))))))))))))))))
.
2009-04-02 18:19 . 2009-04-02 18:19 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-02 18:19 . 2009-04-02 18:19 1,409 --a------ c:\windows\QTFont.for
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\MyPhoneExplorer
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\MyPhoneExplorer
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\AD ON Multimedia
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\AD ON Multimedia
2009-04-02 18:00 . 2009-04-02 18:01 <DIR> d-------- c:\program files\MyPhoneExplorer
2009-04-02 00:18 . 2009-04-02 00:18 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\InfoTurist
2009-04-02 00:18 . 2009-04-02 00:18 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\InfoTurist
2009-04-01 14:37 . 2009-04-01 14:37 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-31 17:06 . 2009-03-31 17:06 <DIR> d-------- c:\program files\Creative
2009-03-31 16:30 . 2002-08-29 18:33 319,488 -ra------ c:\windows\system32\MafiaSetup.exe
2009-03-29 20:55 . 2009-04-02 18:22 <DIR> d-------- C:\HijackThis
2009-03-27 10:24 . 2009-03-27 10:24 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-25 16:43 . 2009-03-27 20:35 <DIR> d-------- c:\program files\DesetiPrsty
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Malwarebytes
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Malwarebytes
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-18 15:46 . 2009-03-18 15:46 428,106 --a------ c:\windows\system32\prfh0405.dat
2009-03-18 15:46 . 2009-03-18 15:46 77,796 --a------ c:\windows\system32\prfc0405.dat
2009-03-18 15:35 . 2009-03-18 15:35 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Uniblue
2009-03-18 15:35 . 2009-03-18 15:35 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Uniblue
2009-03-18 09:21 . 2009-03-26 14:36 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-17 12:22 . 2009-03-17 12:37 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-03-17 12:20 . 2004-04-27 05:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2009-03-17 12:14 . 2009-03-17 15:51 <DIR> d-------- c:\windows\Internet Logs
2009-03-13 11:44 . 2008-02-08 02:34 109,260 --a------ c:\windows\system32\MSWINSCN.OCX
2009-03-13 11:44 . 2008-02-08 11:59 109,248 --a------ c:\windows\system32\MSWINSCK.OCX
2009-03-12 17:27 . 2009-03-12 17:27 <DIR> d-------- c:\program files\Aberger
2009-03-12 17:27 . 2009-04-02 18:46 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Happy Foto
2009-03-12 17:27 . 2009-04-02 18:46 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Happy Foto
2009-03-12 13:18 . 2009-03-12 13:19 <DIR> d-------- c:\windows\uninstall\Cheat-Eye Vietcong
2009-03-12 13:18 . 2009-03-12 13:18 <DIR> d-------- c:\windows\uninstall
2009-03-10 22:01 . 2009-03-10 22:01 <DIR> d-------- C:\TS_ZEMEP
2009-03-10 22:01 . 1993-04-28 02:00 99,888 --a------ c:\windows\system\ANIBUTON.VBX
2009-03-10 14:32 . 2009-03-11 17:25 <DIR> d-------- C:\TERASOFT
2009-03-09 11:13 . 2009-03-09 11:13 <DIR> d-------- c:\program files\Empire Interactive
2009-03-06 20:04 . 2000-02-25 14:43 302,592 --a------ c:\windows\mauninst.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 07:38 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Free Download Manager
2009-04-06 07:38 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Free Download Manager
2009-04-06 05:30 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Software Informer
2009-04-06 05:30 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Software Informer
2009-04-02 16:10 --------- d-----w c:\program files\Common Files\Teleca Shared
2009-04-02 08:21 --------- d-----w c:\program files\Share Rapid Uploader
2009-04-01 22:18 --------- d-----w c:\program files\Common Files\SWF Studio
2009-04-01 12:35 --------- d-----w c:\program files\GameSpy Arcade
2009-04-01 12:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-31 06:41 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Vso
2009-03-31 06:41 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Vso
2009-03-28 18:34 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Skype
2009-03-28 18:34 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Skype
2009-03-28 18:21 --------- d-----w c:\documents and settings\Rejth\Data aplikací\skypePM
2009-03-28 18:21 --------- d-----w c:\documents and settings\Rejth\Data aplikací\skypePM
2009-03-26 17:34 --------- d-----w c:\program files\Software Informer
2009-03-21 10:57 --------- d-----w c:\program files\Yahoo!
2009-03-21 08:18 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-19 16:01 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-19 15:12 --------- d-----w c:\program files\Recepty doma
2009-03-19 11:14 --------- d-----w c:\program files\DVDFab Platinum 3
2009-03-17 10:50 --------- d-----w c:\program files\UltraISO
2009-03-16 16:53 --------- d-----w c:\program files\ICQ6
2009-03-05 08:29 --------- d-----w c:\program files\Google
2009-03-02 18:58 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-02 18:53 --------- d-----w c:\program files\CCleaner
2009-03-02 15:58 6,886 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-02 11:37 --------- d-----w c:\program files\BSP Multimedia
2009-03-02 11:22 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Apple Computer
2009-03-02 11:22 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Apple Computer
2009-03-02 10:42 --------- d-----w c:\program files\QuickTime
2009-03-02 10:42 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-02-27 12:40 --------- d-----w c:\program files\Smoky City Design
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Pro
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Pro
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Lite
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Lite
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools
2009-02-25 07:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-02-23 15:02 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-02-23 15:02 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-02-23 14:58 --------- d-----w c:\program files\Atari
2009-02-17 19:57 --------- d-----w c:\program files\Hewlett-Packard
2009-02-17 19:51 45,056 ----a-w c:\windows\NCUNINST.EXE
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2008-10-20 13:10 87,608 ----a-w c:\documents and settings\Rejth\Data aplikací\ezpinst.exe
2008-10-20 13:10 87,608 ----a-w c:\documents and settings\Rejth\Data aplikací\ezpinst.exe
2008-10-20 13:10 47,360 ----a-w c:\documents and settings\Rejth\Data aplikací\pcouffin.sys
2008-10-20 13:10 47,360 ----a-w c:\documents and settings\Rejth\Data aplikací\pcouffin.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-05_23.21.21,53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-01 07:03:57 183,414 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
+ 2009-04-01 07:03:57 183,414 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat.bak
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-03-24 1785925]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"SMail"="c:\email\Postak\Postak.exe" [2008-02-21 453936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" [2005-09-18 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.l3codec"= l3codecp.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"OEXPRESS"=c:\windows\OETRN.EXE
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"VVSN"=c:\program files\VVSN\VVSN.exe
"SoundMan"=SOUNDMAN.EXE
"nwiz"=nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"e:\\hry\\VIETCONG\\vietcong.exe"=
"e:\\hry\\FlatOut2\\FlatOut2.exe"=
"e:\\hry\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-08-16 13696]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-12 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c99b173630f120;Google Update Service (gupdate1c99b173630f120);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [2008-08-21 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [2008-08-21 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [2008-08-21 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [2008-08-21 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [2008-08-21 86368]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3021-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - H:\ppk.exe
\Shell\readme\command - notepad cti_mne.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3022-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - I:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3026-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - M:\MafiaLauncher.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c302d-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - T:\AUTORUN.EXE
.
Obsah adresáře 'Naplánované úlohy'
2009-04-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
2009-04-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 11:13]
2008-10-01 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.desktopsmiley.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {A31EE4C9-862B-423C-B4D1-5A8BDA288295} = 172.16.0.5,172.16.10.1
FF - ProfilePath - c:\documents and settings\Rejth\Data aplikací\Mozilla\Firefox\Profiles\yw1wn5d6.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 09:39:12
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1844237615-616249376-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:90,5e,0c,aa,20,42,5a,c7,36,34,1f,cb,8f,3d,4a,73,a7,c4,73,23,0e,
71,0e,8a,92,ff,ef,cd,a0,f6,1d,8c,08,ce,23,cb,1c,d7,3e,c4,50,d2,15,39,24,bf,\
"rkeysecu"=hex:5b,2d,95,b6,76,38,9e,59,93,17,a0,b2,a8,b7,68,ad
[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\ACPI\PNP0F13\3&2411e6fe&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\COMRes.dll
.
Celkový čas: 2009-04-06 9:41:19
ComboFix-quarantined-files.txt 2009-04-06 07:40:41
ComboFix2.txt 2009-04-05 21:23:08
Před spuštěním: Volných bajtů: 14 788 124 672
Po spuštění: Volných bajtů: 14,776,344,576
260 --- E O F --- 2009-03-18 23:49:22
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1518.1051 [GMT 2:00]
Spuštěný z: c:\downloads\Software\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Rejth\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-06 do 2009-04-06 )))))))))))))))))))))))))))))))
.
2009-04-02 18:19 . 2009-04-02 18:19 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-02 18:19 . 2009-04-02 18:19 1,409 --a------ c:\windows\QTFont.for
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\MyPhoneExplorer
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\MyPhoneExplorer
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\AD ON Multimedia
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\AD ON Multimedia
2009-04-02 18:00 . 2009-04-02 18:01 <DIR> d-------- c:\program files\MyPhoneExplorer
2009-04-02 00:18 . 2009-04-02 00:18 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\InfoTurist
2009-04-02 00:18 . 2009-04-02 00:18 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\InfoTurist
2009-04-01 14:37 . 2009-04-01 14:37 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-31 17:06 . 2009-03-31 17:06 <DIR> d-------- c:\program files\Creative
2009-03-31 16:30 . 2002-08-29 18:33 319,488 -ra------ c:\windows\system32\MafiaSetup.exe
2009-03-29 20:55 . 2009-04-02 18:22 <DIR> d-------- C:\HijackThis
2009-03-27 10:24 . 2009-03-27 10:24 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-25 16:43 . 2009-03-27 20:35 <DIR> d-------- c:\program files\DesetiPrsty
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Malwarebytes
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Malwarebytes
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-18 15:46 . 2009-03-18 15:46 428,106 --a------ c:\windows\system32\prfh0405.dat
2009-03-18 15:46 . 2009-03-18 15:46 77,796 --a------ c:\windows\system32\prfc0405.dat
2009-03-18 15:35 . 2009-03-18 15:35 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Uniblue
2009-03-18 15:35 . 2009-03-18 15:35 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Uniblue
2009-03-18 09:21 . 2009-03-26 14:36 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-17 12:22 . 2009-03-17 12:37 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-03-17 12:20 . 2004-04-27 05:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2009-03-17 12:14 . 2009-03-17 15:51 <DIR> d-------- c:\windows\Internet Logs
2009-03-13 11:44 . 2008-02-08 02:34 109,260 --a------ c:\windows\system32\MSWINSCN.OCX
2009-03-13 11:44 . 2008-02-08 11:59 109,248 --a------ c:\windows\system32\MSWINSCK.OCX
2009-03-12 17:27 . 2009-03-12 17:27 <DIR> d-------- c:\program files\Aberger
2009-03-12 17:27 . 2009-04-02 18:46 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Happy Foto
2009-03-12 17:27 . 2009-04-02 18:46 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Happy Foto
2009-03-12 13:18 . 2009-03-12 13:19 <DIR> d-------- c:\windows\uninstall\Cheat-Eye Vietcong
2009-03-12 13:18 . 2009-03-12 13:18 <DIR> d-------- c:\windows\uninstall
2009-03-10 22:01 . 2009-03-10 22:01 <DIR> d-------- C:\TS_ZEMEP
2009-03-10 22:01 . 1993-04-28 02:00 99,888 --a------ c:\windows\system\ANIBUTON.VBX
2009-03-10 14:32 . 2009-03-11 17:25 <DIR> d-------- C:\TERASOFT
2009-03-09 11:13 . 2009-03-09 11:13 <DIR> d-------- c:\program files\Empire Interactive
2009-03-06 20:04 . 2000-02-25 14:43 302,592 --a------ c:\windows\mauninst.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 07:38 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Free Download Manager
2009-04-06 07:38 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Free Download Manager
2009-04-06 05:30 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Software Informer
2009-04-06 05:30 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Software Informer
2009-04-02 16:10 --------- d-----w c:\program files\Common Files\Teleca Shared
2009-04-02 08:21 --------- d-----w c:\program files\Share Rapid Uploader
2009-04-01 22:18 --------- d-----w c:\program files\Common Files\SWF Studio
2009-04-01 12:35 --------- d-----w c:\program files\GameSpy Arcade
2009-04-01 12:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-31 06:41 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Vso
2009-03-31 06:41 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Vso
2009-03-28 18:34 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Skype
2009-03-28 18:34 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Skype
2009-03-28 18:21 --------- d-----w c:\documents and settings\Rejth\Data aplikací\skypePM
2009-03-28 18:21 --------- d-----w c:\documents and settings\Rejth\Data aplikací\skypePM
2009-03-26 17:34 --------- d-----w c:\program files\Software Informer
2009-03-21 10:57 --------- d-----w c:\program files\Yahoo!
2009-03-21 08:18 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-19 16:01 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-19 15:12 --------- d-----w c:\program files\Recepty doma
2009-03-19 11:14 --------- d-----w c:\program files\DVDFab Platinum 3
2009-03-17 10:50 --------- d-----w c:\program files\UltraISO
2009-03-16 16:53 --------- d-----w c:\program files\ICQ6
2009-03-05 08:29 --------- d-----w c:\program files\Google
2009-03-02 18:58 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-02 18:53 --------- d-----w c:\program files\CCleaner
2009-03-02 15:58 6,886 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-02 11:37 --------- d-----w c:\program files\BSP Multimedia
2009-03-02 11:22 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Apple Computer
2009-03-02 11:22 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Apple Computer
2009-03-02 10:42 --------- d-----w c:\program files\QuickTime
2009-03-02 10:42 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-02-27 12:40 --------- d-----w c:\program files\Smoky City Design
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Pro
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Pro
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Lite
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Lite
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools
2009-02-25 07:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-02-23 15:02 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-02-23 15:02 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-02-23 14:58 --------- d-----w c:\program files\Atari
2009-02-17 19:57 --------- d-----w c:\program files\Hewlett-Packard
2009-02-17 19:51 45,056 ----a-w c:\windows\NCUNINST.EXE
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2008-10-20 13:10 87,608 ----a-w c:\documents and settings\Rejth\Data aplikací\ezpinst.exe
2008-10-20 13:10 87,608 ----a-w c:\documents and settings\Rejth\Data aplikací\ezpinst.exe
2008-10-20 13:10 47,360 ----a-w c:\documents and settings\Rejth\Data aplikací\pcouffin.sys
2008-10-20 13:10 47,360 ----a-w c:\documents and settings\Rejth\Data aplikací\pcouffin.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-05_23.21.21,53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-01 07:03:57 183,414 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
+ 2009-04-01 07:03:57 183,414 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat.bak
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-03-24 1785925]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"SMail"="c:\email\Postak\Postak.exe" [2008-02-21 453936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" [2005-09-18 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.l3codec"= l3codecp.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"OEXPRESS"=c:\windows\OETRN.EXE
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"VVSN"=c:\program files\VVSN\VVSN.exe
"SoundMan"=SOUNDMAN.EXE
"nwiz"=nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"e:\\hry\\VIETCONG\\vietcong.exe"=
"e:\\hry\\FlatOut2\\FlatOut2.exe"=
"e:\\hry\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-08-16 13696]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-12 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c99b173630f120;Google Update Service (gupdate1c99b173630f120);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [2008-08-21 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [2008-08-21 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [2008-08-21 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [2008-08-21 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [2008-08-21 86368]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3021-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - H:\ppk.exe
\Shell\readme\command - notepad cti_mne.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3022-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - I:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3026-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - M:\MafiaLauncher.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c302d-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - T:\AUTORUN.EXE
.
Obsah adresáře 'Naplánované úlohy'
2009-04-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
2009-04-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 11:13]
2008-10-01 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.desktopsmiley.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {A31EE4C9-862B-423C-B4D1-5A8BDA288295} = 172.16.0.5,172.16.10.1
FF - ProfilePath - c:\documents and settings\Rejth\Data aplikací\Mozilla\Firefox\Profiles\yw1wn5d6.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 09:39:12
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1844237615-616249376-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:90,5e,0c,aa,20,42,5a,c7,36,34,1f,cb,8f,3d,4a,73,a7,c4,73,23,0e,
71,0e,8a,92,ff,ef,cd,a0,f6,1d,8c,08,ce,23,cb,1c,d7,3e,c4,50,d2,15,39,24,bf,\
"rkeysecu"=hex:5b,2d,95,b6,76,38,9e,59,93,17,a0,b2,a8,b7,68,ad
[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\ACPI\PNP0F13\3&2411e6fe&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\COMRes.dll
.
Celkový čas: 2009-04-06 9:41:19
ComboFix-quarantined-files.txt 2009-04-06 07:40:41
ComboFix2.txt 2009-04-05 21:23:08
Před spuštěním: Volných bajtů: 14 788 124 672
Po spuštění: Volných bajtů: 14,776,344,576
260 --- E O F --- 2009-03-18 23:49:22
Re: nefungující autorun
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.04.06 -
AhnLab-V3 5.0.0.2 2009.04.06 -
AntiVir 7.9.0.138 2009.04.06 -
Antiy-AVL 2.0.3.1 2009.04.06 -
Authentium 5.1.2.4 2009.04.05 -
Avast 4.8.1335.0 2009.04.05 -
AVG 8.5.0.285 2009.04.05 -
BitDefender 7.2 2009.04.06 -
CAT-QuickHeal 10.00 2009.04.04 -
ClamAV 0.94.1 2009.04.05 -
Comodo 1100 2009.04.05 -
DrWeb 4.44.0.09170 2009.04.06 -
eSafe 7.0.17.0 2009.04.05 -
eTrust-Vet 31.6.6435 2009.04.03 -
F-Prot 4.4.4.56 2009.04.05 -
F-Secure 8.0.14470.0 2009.04.06 -
Fortinet 3.117.0.0 2009.04.06 -
GData 19 2009.04.06 -
Ikarus T3.1.1.49.0 2009.04.06 -
K7AntiVirus 7.10.692 2009.04.03 -
Kaspersky 7.0.0.125 2009.04.06 -
McAfee 5575 2009.04.05 -
McAfee+Artemis 5575 2009.04.05 -
McAfee-GW-Edition 6.7.6 2009.04.03 -
Microsoft 1.4502 2009.04.06 -
NOD32 3988 2009.04.04 -
Norman 6.00.06 2009.04.03 -
nProtect 2009.1.8.0 2009.04.06 -
Panda 10.0.0.14 2009.04.05 -
PCTools 4.4.2.0 2009.04.05 -
Prevx1 V2 2009.04.06 -
Rising 21.23.41.00 2009.04.03 -
Sophos 4.40.0 2009.04.06 -
Sunbelt 3.2.1858.2 2009.04.04 -
Symantec 1.4.4.12 2009.04.06 -
TheHacker 6.3.4.0.302 2009.04.06 -
TrendMicro 8.700.0.1004 2009.04.06 -
VBA32 3.12.10.2 2009.04.06 -
ViRobot 2009.4.6.1679 2009.04.06 -
VirusBuster 4.6.5.0 2009.04.05 -
Rozšiřující informace
File size: 428106 bytes
MD5...: 7cefc91caf06fc3f2f8fc9207642b1dd
SHA1..: de11187ac4b1bc9a8e65b9cbc75fc58f8a8f32e3
SHA256: 0811fb3030c5302276e0cbd6cdef914c9401d533380b5bb9d223aafdd190281e
SHA512: f4d811cd627d86076b985010a015e4d8dcd2af9864c5608eb638059fc4e60e56
a7c6e884e3a23cab803abd720f3151254cf00fb0859be6cb54b29fefa2b6bf32
ssdeep: 3072:a+BJVnUpu5yx2FmFNiXOJ2bJPlyhg0mVpFPULbsCsesSs7s8REfArb05Fri
luiAQ:af2nx
PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set
Další
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.04.06 -
AhnLab-V3 5.0.0.2 2009.04.06 -
AntiVir 7.9.0.138 2009.04.06 -
Antiy-AVL 2.0.3.1 2009.04.06 -
Authentium 5.1.2.4 2009.04.05 -
Avast 4.8.1335.0 2009.04.05 -
AVG 8.5.0.285 2009.04.05 -
BitDefender 7.2 2009.04.06 -
CAT-QuickHeal 10.00 2009.04.04 -
ClamAV 0.94.1 2009.04.05 -
Comodo 1100 2009.04.05 -
DrWeb 4.44.0.09170 2009.04.06 -
eSafe 7.0.17.0 2009.04.05 -
eTrust-Vet 31.6.6435 2009.04.03 -
F-Prot 4.4.4.56 2009.04.05 -
F-Secure 8.0.14470.0 2009.04.06 -
Fortinet 3.117.0.0 2009.04.06 -
GData 19 2009.04.06 -
Ikarus T3.1.1.49.0 2009.04.06 -
K7AntiVirus 7.10.692 2009.04.03 -
Kaspersky 7.0.0.125 2009.04.06 -
McAfee 5575 2009.04.05 -
McAfee+Artemis 5575 2009.04.05 -
McAfee-GW-Edition 6.7.6 2009.04.03 -
Microsoft 1.4502 2009.04.06 -
NOD32 3988 2009.04.04 -
Norman 6.00.06 2009.04.03 -
nProtect 2009.1.8.0 2009.04.06 -
Panda 10.0.0.14 2009.04.05 -
PCTools 4.4.2.0 2009.04.05 -
Prevx1 V2 2009.04.06 -
Rising 21.23.41.00 2009.04.03 -
Sophos 4.40.0 2009.04.06 -
Sunbelt 3.2.1858.2 2009.04.04 -
Symantec 1.4.4.12 2009.04.06 -
TheHacker 6.3.4.0.302 2009.04.06 -
TrendMicro 8.700.0.1004 2009.04.06 -
VBA32 3.12.10.2 2009.04.06 -
ViRobot 2009.4.6.1679 2009.04.06 -
VirusBuster 4.6.5.0 2009.04.05 -
Rozšiřující informace
File size: 77796 bytes
MD5...: 5c54e1735722399a32d270b438c506ed
SHA1..: 14eb4ba52725528200699342476e02f09ddc7fc0
SHA256: d8501b9786825821cd9d857482fee286edbc3e7d0554cd57385173b32a3907ed
SHA512: 817b63b49f1b8d805f0684692fb0def1345e129282779f4fee77767a9959eea8
a2b3dc119a0bc62d0c24aeda9702c6f3159e4f47a22e127b34bd958d4e1e4f4d
ssdeep: 384:CK8OyopU3usHD0FuIgi5X5g5F3Ntli2awYictA1HKsJYmUeLYO7qe/2fBbQM
4b2e:7G3uswFUKfMiBCRGHvGxPROAVES7m+b
PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set
-
To c:\ts_zemep -znám to je progrémek pro děti zeměpis terasoft
a-squared 4.0.0.101 2009.04.06 -
AhnLab-V3 5.0.0.2 2009.04.06 -
AntiVir 7.9.0.138 2009.04.06 -
Antiy-AVL 2.0.3.1 2009.04.06 -
Authentium 5.1.2.4 2009.04.05 -
Avast 4.8.1335.0 2009.04.05 -
AVG 8.5.0.285 2009.04.05 -
BitDefender 7.2 2009.04.06 -
CAT-QuickHeal 10.00 2009.04.04 -
ClamAV 0.94.1 2009.04.05 -
Comodo 1100 2009.04.05 -
DrWeb 4.44.0.09170 2009.04.06 -
eSafe 7.0.17.0 2009.04.05 -
eTrust-Vet 31.6.6435 2009.04.03 -
F-Prot 4.4.4.56 2009.04.05 -
F-Secure 8.0.14470.0 2009.04.06 -
Fortinet 3.117.0.0 2009.04.06 -
GData 19 2009.04.06 -
Ikarus T3.1.1.49.0 2009.04.06 -
K7AntiVirus 7.10.692 2009.04.03 -
Kaspersky 7.0.0.125 2009.04.06 -
McAfee 5575 2009.04.05 -
McAfee+Artemis 5575 2009.04.05 -
McAfee-GW-Edition 6.7.6 2009.04.03 -
Microsoft 1.4502 2009.04.06 -
NOD32 3988 2009.04.04 -
Norman 6.00.06 2009.04.03 -
nProtect 2009.1.8.0 2009.04.06 -
Panda 10.0.0.14 2009.04.05 -
PCTools 4.4.2.0 2009.04.05 -
Prevx1 V2 2009.04.06 -
Rising 21.23.41.00 2009.04.03 -
Sophos 4.40.0 2009.04.06 -
Sunbelt 3.2.1858.2 2009.04.04 -
Symantec 1.4.4.12 2009.04.06 -
TheHacker 6.3.4.0.302 2009.04.06 -
TrendMicro 8.700.0.1004 2009.04.06 -
VBA32 3.12.10.2 2009.04.06 -
ViRobot 2009.4.6.1679 2009.04.06 -
VirusBuster 4.6.5.0 2009.04.05 -
Rozšiřující informace
File size: 428106 bytes
MD5...: 7cefc91caf06fc3f2f8fc9207642b1dd
SHA1..: de11187ac4b1bc9a8e65b9cbc75fc58f8a8f32e3
SHA256: 0811fb3030c5302276e0cbd6cdef914c9401d533380b5bb9d223aafdd190281e
SHA512: f4d811cd627d86076b985010a015e4d8dcd2af9864c5608eb638059fc4e60e56
a7c6e884e3a23cab803abd720f3151254cf00fb0859be6cb54b29fefa2b6bf32
ssdeep: 3072:a+BJVnUpu5yx2FmFNiXOJ2bJPlyhg0mVpFPULbsCsesSs7s8REfArb05Fri
luiAQ:af2nx
PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set
Další
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.04.06 -
AhnLab-V3 5.0.0.2 2009.04.06 -
AntiVir 7.9.0.138 2009.04.06 -
Antiy-AVL 2.0.3.1 2009.04.06 -
Authentium 5.1.2.4 2009.04.05 -
Avast 4.8.1335.0 2009.04.05 -
AVG 8.5.0.285 2009.04.05 -
BitDefender 7.2 2009.04.06 -
CAT-QuickHeal 10.00 2009.04.04 -
ClamAV 0.94.1 2009.04.05 -
Comodo 1100 2009.04.05 -
DrWeb 4.44.0.09170 2009.04.06 -
eSafe 7.0.17.0 2009.04.05 -
eTrust-Vet 31.6.6435 2009.04.03 -
F-Prot 4.4.4.56 2009.04.05 -
F-Secure 8.0.14470.0 2009.04.06 -
Fortinet 3.117.0.0 2009.04.06 -
GData 19 2009.04.06 -
Ikarus T3.1.1.49.0 2009.04.06 -
K7AntiVirus 7.10.692 2009.04.03 -
Kaspersky 7.0.0.125 2009.04.06 -
McAfee 5575 2009.04.05 -
McAfee+Artemis 5575 2009.04.05 -
McAfee-GW-Edition 6.7.6 2009.04.03 -
Microsoft 1.4502 2009.04.06 -
NOD32 3988 2009.04.04 -
Norman 6.00.06 2009.04.03 -
nProtect 2009.1.8.0 2009.04.06 -
Panda 10.0.0.14 2009.04.05 -
PCTools 4.4.2.0 2009.04.05 -
Prevx1 V2 2009.04.06 -
Rising 21.23.41.00 2009.04.03 -
Sophos 4.40.0 2009.04.06 -
Sunbelt 3.2.1858.2 2009.04.04 -
Symantec 1.4.4.12 2009.04.06 -
TheHacker 6.3.4.0.302 2009.04.06 -
TrendMicro 8.700.0.1004 2009.04.06 -
VBA32 3.12.10.2 2009.04.06 -
ViRobot 2009.4.6.1679 2009.04.06 -
VirusBuster 4.6.5.0 2009.04.05 -
Rozšiřující informace
File size: 77796 bytes
MD5...: 5c54e1735722399a32d270b438c506ed
SHA1..: 14eb4ba52725528200699342476e02f09ddc7fc0
SHA256: d8501b9786825821cd9d857482fee286edbc3e7d0554cd57385173b32a3907ed
SHA512: 817b63b49f1b8d805f0684692fb0def1345e129282779f4fee77767a9959eea8
a2b3dc119a0bc62d0c24aeda9702c6f3159e4f47a22e127b34bd958d4e1e4f4d
ssdeep: 384:CK8OyopU3usHD0FuIgi5X5g5F3Ntli2awYictA1HKsJYmUeLYO7qe/2fBbQM
4b2e:7G3uswFUKfMiBCRGHvGxPROAVES7m+b
PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set
-
To c:\ts_zemep -znám to je progrémek pro děti zeměpis terasoft
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: nefungující autorun
Vše O.K. až na tento klíč:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c302d-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - T:\AUTORUN.EXE
Ten se nějak nesmazal, on Ti brání ten autorun...
Na té pozici:
T:\AUTORUN.EXE máš flešku nebo něco jiného?
Zkusíme ještě jeden script v CF:
Postup stejný , pak zase log z CF +HJT.
Jinak použijeme něco jiného..
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c302d-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - T:\AUTORUN.EXE
Ten se nějak nesmazal, on Ti brání ten autorun...
Na té pozici:
T:\AUTORUN.EXE máš flešku nebo něco jiného?
Zkusíme ještě jeden script v CF:
Kód: Vybrat vše
KillAll::
File::
T:\AUTORUN.EXE
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c302d-6b71-11dd-b692-f4146399328c}]Postup stejný , pak zase log z CF +HJT.
Jinak použijeme něco jiného..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: nefungující autorun
ComboFix 09-04-04.01 - Rejth 2009-04-07 19:59:33.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1518.1026 [GMT 2:00]
Spuštěný z: c:\downloads\Software\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Rejth\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
* Vytvořen nový Bod Obnovení
* Resident AV is active
FILE ::
T:\AUTORUN.EXE
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-07 do 2009-04-07 )))))))))))))))))))))))))))))))
.
2009-04-06 17:29 . 2009-04-07 09:34 <DIR> d-------- c:\program files\Video Convert Master
2009-04-06 17:29 . 2004-05-26 21:37 719,872 --a------ c:\windows\system32\devil.dll
2009-04-06 17:29 . 2006-09-16 19:44 314,368 --a------ c:\windows\system32\avisynth.dll
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\MyPhoneExplorer
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\MyPhoneExplorer
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\AD ON Multimedia
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\AD ON Multimedia
2009-04-02 18:00 . 2009-04-02 18:01 <DIR> d-------- c:\program files\MyPhoneExplorer
2009-04-02 00:18 . 2009-04-02 00:18 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\InfoTurist
2009-04-02 00:18 . 2009-04-02 00:18 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\InfoTurist
2009-04-01 14:37 . 2009-04-01 14:37 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-31 17:06 . 2009-03-31 17:06 <DIR> d-------- c:\program files\Creative
2009-03-31 16:30 . 2002-08-29 18:33 319,488 -ra------ c:\windows\system32\MafiaSetup.exe
2009-03-29 20:55 . 2009-04-02 18:22 <DIR> d-------- C:\HijackThis
2009-03-27 10:24 . 2009-03-27 10:24 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-25 16:43 . 2009-03-27 20:35 <DIR> d-------- c:\program files\DesetiPrsty
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Malwarebytes
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Malwarebytes
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-18 15:46 . 2009-03-18 15:46 428,106 --a------ c:\windows\system32\prfh0405.dat
2009-03-18 15:46 . 2009-03-18 15:46 77,796 --a------ c:\windows\system32\prfc0405.dat
2009-03-18 15:35 . 2009-03-18 15:35 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Uniblue
2009-03-18 15:35 . 2009-03-18 15:35 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Uniblue
2009-03-18 09:21 . 2009-03-26 14:36 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-17 12:22 . 2009-03-17 12:37 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-03-17 12:20 . 2004-04-27 05:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2009-03-17 12:14 . 2009-03-17 15:51 <DIR> d-------- c:\windows\Internet Logs
2009-03-13 11:44 . 2008-02-08 02:34 109,260 --a------ c:\windows\system32\MSWINSCN.OCX
2009-03-13 11:44 . 2008-02-08 11:59 109,248 --a------ c:\windows\system32\MSWINSCK.OCX
2009-03-12 17:27 . 2009-03-12 17:27 <DIR> d-------- c:\program files\Aberger
2009-03-12 17:27 . 2009-04-02 18:46 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Happy Foto
2009-03-12 17:27 . 2009-04-02 18:46 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Happy Foto
2009-03-12 13:18 . 2009-03-12 13:19 <DIR> d-------- c:\windows\uninstall\Cheat-Eye Vietcong
2009-03-12 13:18 . 2009-03-12 13:18 <DIR> d-------- c:\windows\uninstall
2009-03-10 22:01 . 2009-03-10 22:01 <DIR> d-------- C:\TS_ZEMEP
2009-03-10 22:01 . 1993-04-28 02:00 99,888 --a------ c:\windows\system\ANIBUTON.VBX
2009-03-10 14:32 . 2009-03-11 17:25 <DIR> d-------- C:\TERASOFT
2009-03-09 11:13 . 2009-03-09 11:13 <DIR> d-------- c:\program files\Empire Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 17:56 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Free Download Manager
2009-04-07 17:56 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Free Download Manager
2009-04-07 14:35 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Software Informer
2009-04-07 14:35 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Software Informer
2009-04-07 09:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 15:30 81,920 ----a-w c:\documents and settings\Rejth\Data aplikací\ezpinst.exe
2009-04-06 15:30 81,920 ----a-w c:\documents and settings\Rejth\Data aplikací\ezpinst.exe
2009-04-06 15:30 47,360 ----a-w c:\documents and settings\Rejth\Data aplikací\pcouffin.sys
2009-04-06 15:30 47,360 ----a-w c:\documents and settings\Rejth\Data aplikací\pcouffin.sys
2009-04-06 15:30 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Vso
2009-04-06 15:30 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Vso
2009-04-02 16:10 --------- d-----w c:\program files\Common Files\Teleca Shared
2009-04-02 08:21 --------- d-----w c:\program files\Share Rapid Uploader
2009-04-01 22:18 --------- d-----w c:\program files\Common Files\SWF Studio
2009-04-01 12:35 --------- d-----w c:\program files\GameSpy Arcade
2009-03-28 18:34 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Skype
2009-03-28 18:34 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Skype
2009-03-28 18:21 --------- d-----w c:\documents and settings\Rejth\Data aplikací\skypePM
2009-03-28 18:21 --------- d-----w c:\documents and settings\Rejth\Data aplikací\skypePM
2009-03-26 17:34 --------- d-----w c:\program files\Software Informer
2009-03-21 10:57 --------- d-----w c:\program files\Yahoo!
2009-03-21 08:18 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-19 15:12 --------- d-----w c:\program files\Recepty doma
2009-03-19 11:14 --------- d-----w c:\program files\DVDFab Platinum 3
2009-03-17 10:50 --------- d-----w c:\program files\UltraISO
2009-03-16 16:53 --------- d-----w c:\program files\ICQ6
2009-03-05 08:29 --------- d-----w c:\program files\Google
2009-03-02 18:58 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-02 18:53 --------- d-----w c:\program files\CCleaner
2009-03-02 11:37 --------- d-----w c:\program files\BSP Multimedia
2009-03-02 11:22 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Apple Computer
2009-03-02 11:22 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Apple Computer
2009-03-02 10:42 --------- d-----w c:\program files\QuickTime
2009-03-02 10:42 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-02-27 12:40 --------- d-----w c:\program files\Smoky City Design
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Pro
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Pro
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Lite
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Lite
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools
2009-02-25 07:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-02-23 15:02 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-02-23 15:02 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-02-23 14:58 --------- d-----w c:\program files\Atari
2009-02-17 19:57 --------- d-----w c:\program files\Hewlett-Packard
2009-02-17 19:51 45,056 ----a-w c:\windows\NCUNINST.EXE
.
((((((((((((((((((((((((((((( SnapShot@2009-04-05_23.21.21,53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-01 07:03:57 183,414 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
+ 2009-04-01 07:03:57 183,414 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat.bak
+ 2009-04-07 18:03:57 16,384 ----atw c:\windows\temp\Perflib_Perfdata_2ec.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-03-24 1785925]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"SMail"="c:\email\Postak\Postak.exe" [2008-02-21 453936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" [2005-09-18 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.l3codec"= l3codecp.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"OEXPRESS"=c:\windows\OETRN.EXE
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"VVSN"=c:\program files\VVSN\VVSN.exe
"SoundMan"=SOUNDMAN.EXE
"nwiz"=nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"e:\\hry\\VIETCONG\\vietcong.exe"=
"e:\\hry\\FlatOut2\\FlatOut2.exe"=
"e:\\hry\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\hry\\Flatout\\flatout.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-08-16 13696]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-12 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c99b173630f120;Google Update Service (gupdate1c99b173630f120);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [2008-08-21 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [2008-08-21 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [2008-08-21 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [2008-08-21 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [2008-08-21 86368]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3021-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - H:\ppk.exe
\Shell\readme\command - notepad cti_mne.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3022-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - I:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3026-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - M:\MafiaLauncher.EXE
.
Obsah adresáře 'Naplánované úlohy'
2009-04-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
2009-04-07 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 11:13]
2008-10-01 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.desktopsmiley.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {A31EE4C9-862B-423C-B4D1-5A8BDA288295} = 172.16.0.5,172.16.10.1
FF - ProfilePath - c:\documents and settings\Rejth\Data aplikací\Mozilla\Firefox\Profiles\yw1wn5d6.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 20:04:08
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1844237615-616249376-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:90,5e,0c,aa,20,42,5a,c7,36,34,1f,cb,8f,3d,4a,73,a7,c4,73,23,0e,
71,0e,8a,92,ff,ef,cd,a0,f6,1d,8c,08,ce,23,cb,1c,d7,3e,c4,50,d2,15,39,24,bf,\
"rkeysecu"=hex:5b,2d,95,b6,76,38,9e,59,93,17,a0,b2,a8,b7,68,ad
[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\ACPI\PNP0F13\3&2411e6fe&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\snmp.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
.
**************************************************************************
.
Celkový čas: 2009-04-07 20:08:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-07 18:08:54
ComboFix2.txt 2009-04-06 07:41:22
ComboFix3.txt 2009-04-05 21:23:08
Před spuštěním: Volných bajtů: 13 145 624 576
Po spuštění: Volných bajtů: 13,135,196,160
268 --- E O F --- 2009-03-18 23:49:22
Tady to je sorry že totak trvalo,byl jsem mimo PC
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1518.1026 [GMT 2:00]
Spuštěný z: c:\downloads\Software\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Rejth\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
* Vytvořen nový Bod Obnovení
* Resident AV is active
FILE ::
T:\AUTORUN.EXE
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-07 do 2009-04-07 )))))))))))))))))))))))))))))))
.
2009-04-06 17:29 . 2009-04-07 09:34 <DIR> d-------- c:\program files\Video Convert Master
2009-04-06 17:29 . 2004-05-26 21:37 719,872 --a------ c:\windows\system32\devil.dll
2009-04-06 17:29 . 2006-09-16 19:44 314,368 --a------ c:\windows\system32\avisynth.dll
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\MyPhoneExplorer
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\MyPhoneExplorer
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\AD ON Multimedia
2009-04-02 18:01 . 2009-04-02 18:01 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\AD ON Multimedia
2009-04-02 18:00 . 2009-04-02 18:01 <DIR> d-------- c:\program files\MyPhoneExplorer
2009-04-02 00:18 . 2009-04-02 00:18 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\InfoTurist
2009-04-02 00:18 . 2009-04-02 00:18 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\InfoTurist
2009-04-01 14:37 . 2009-04-01 14:37 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-31 17:06 . 2009-03-31 17:06 <DIR> d-------- c:\program files\Creative
2009-03-31 16:30 . 2002-08-29 18:33 319,488 -ra------ c:\windows\system32\MafiaSetup.exe
2009-03-29 20:55 . 2009-04-02 18:22 <DIR> d-------- C:\HijackThis
2009-03-27 10:24 . 2009-03-27 10:24 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-25 16:43 . 2009-03-27 20:35 <DIR> d-------- c:\program files\DesetiPrsty
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Malwarebytes
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Malwarebytes
2009-03-19 11:20 . 2009-03-19 11:20 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-18 15:46 . 2009-03-18 15:46 428,106 --a------ c:\windows\system32\prfh0405.dat
2009-03-18 15:46 . 2009-03-18 15:46 77,796 --a------ c:\windows\system32\prfc0405.dat
2009-03-18 15:35 . 2009-03-18 15:35 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Uniblue
2009-03-18 15:35 . 2009-03-18 15:35 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Uniblue
2009-03-18 09:21 . 2009-03-26 14:36 <DIR> d-a------ c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-17 12:22 . 2009-03-17 12:37 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-03-17 12:20 . 2004-04-27 05:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2009-03-17 12:14 . 2009-03-17 15:51 <DIR> d-------- c:\windows\Internet Logs
2009-03-13 11:44 . 2008-02-08 02:34 109,260 --a------ c:\windows\system32\MSWINSCN.OCX
2009-03-13 11:44 . 2008-02-08 11:59 109,248 --a------ c:\windows\system32\MSWINSCK.OCX
2009-03-12 17:27 . 2009-03-12 17:27 <DIR> d-------- c:\program files\Aberger
2009-03-12 17:27 . 2009-04-02 18:46 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Happy Foto
2009-03-12 17:27 . 2009-04-02 18:46 <DIR> d-------- c:\documents and settings\Rejth\Data aplikací\Happy Foto
2009-03-12 13:18 . 2009-03-12 13:19 <DIR> d-------- c:\windows\uninstall\Cheat-Eye Vietcong
2009-03-12 13:18 . 2009-03-12 13:18 <DIR> d-------- c:\windows\uninstall
2009-03-10 22:01 . 2009-03-10 22:01 <DIR> d-------- C:\TS_ZEMEP
2009-03-10 22:01 . 1993-04-28 02:00 99,888 --a------ c:\windows\system\ANIBUTON.VBX
2009-03-10 14:32 . 2009-03-11 17:25 <DIR> d-------- C:\TERASOFT
2009-03-09 11:13 . 2009-03-09 11:13 <DIR> d-------- c:\program files\Empire Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 17:56 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Free Download Manager
2009-04-07 17:56 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Free Download Manager
2009-04-07 14:35 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Software Informer
2009-04-07 14:35 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Software Informer
2009-04-07 09:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 15:30 81,920 ----a-w c:\documents and settings\Rejth\Data aplikací\ezpinst.exe
2009-04-06 15:30 81,920 ----a-w c:\documents and settings\Rejth\Data aplikací\ezpinst.exe
2009-04-06 15:30 47,360 ----a-w c:\documents and settings\Rejth\Data aplikací\pcouffin.sys
2009-04-06 15:30 47,360 ----a-w c:\documents and settings\Rejth\Data aplikací\pcouffin.sys
2009-04-06 15:30 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Vso
2009-04-06 15:30 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Vso
2009-04-02 16:10 --------- d-----w c:\program files\Common Files\Teleca Shared
2009-04-02 08:21 --------- d-----w c:\program files\Share Rapid Uploader
2009-04-01 22:18 --------- d-----w c:\program files\Common Files\SWF Studio
2009-04-01 12:35 --------- d-----w c:\program files\GameSpy Arcade
2009-03-28 18:34 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Skype
2009-03-28 18:34 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Skype
2009-03-28 18:21 --------- d-----w c:\documents and settings\Rejth\Data aplikací\skypePM
2009-03-28 18:21 --------- d-----w c:\documents and settings\Rejth\Data aplikací\skypePM
2009-03-26 17:34 --------- d-----w c:\program files\Software Informer
2009-03-21 10:57 --------- d-----w c:\program files\Yahoo!
2009-03-21 08:18 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-19 15:12 --------- d-----w c:\program files\Recepty doma
2009-03-19 11:14 --------- d-----w c:\program files\DVDFab Platinum 3
2009-03-17 10:50 --------- d-----w c:\program files\UltraISO
2009-03-16 16:53 --------- d-----w c:\program files\ICQ6
2009-03-05 08:29 --------- d-----w c:\program files\Google
2009-03-02 18:58 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-02 18:53 --------- d-----w c:\program files\CCleaner
2009-03-02 11:37 --------- d-----w c:\program files\BSP Multimedia
2009-03-02 11:22 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Apple Computer
2009-03-02 11:22 --------- d-----w c:\documents and settings\Rejth\Data aplikací\Apple Computer
2009-03-02 10:42 --------- d-----w c:\program files\QuickTime
2009-03-02 10:42 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-02-27 12:40 --------- d-----w c:\program files\Smoky City Design
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Pro
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Pro
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Lite
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools Lite
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools
2009-02-25 07:46 --------- d-----w c:\documents and settings\Rejth\Data aplikací\DAEMON Tools
2009-02-25 07:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-02-23 15:02 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-02-23 15:02 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-02-23 14:58 --------- d-----w c:\program files\Atari
2009-02-17 19:57 --------- d-----w c:\program files\Hewlett-Packard
2009-02-17 19:51 45,056 ----a-w c:\windows\NCUNINST.EXE
.
((((((((((((((((((((((((((((( SnapShot@2009-04-05_23.21.21,53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-01 07:03:57 183,414 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
+ 2009-04-01 07:03:57 183,414 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat.bak
+ 2009-04-07 18:03:57 16,384 ----atw c:\windows\temp\Perflib_Perfdata_2ec.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-03-24 1785925]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"SMail"="c:\email\Postak\Postak.exe" [2008-02-21 453936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" [2005-09-18 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.l3codec"= l3codecp.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"OEXPRESS"=c:\windows\OETRN.EXE
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"VVSN"=c:\program files\VVSN\VVSN.exe
"SoundMan"=SOUNDMAN.EXE
"nwiz"=nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"e:\\hry\\VIETCONG\\vietcong.exe"=
"e:\\hry\\FlatOut2\\FlatOut2.exe"=
"e:\\hry\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\hry\\Flatout\\flatout.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-08-16 13696]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-12 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c99b173630f120;Google Update Service (gupdate1c99b173630f120);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [2008-08-21 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [2008-08-21 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [2008-08-21 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [2008-08-21 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [2008-08-21 86368]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3021-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - H:\ppk.exe
\Shell\readme\command - notepad cti_mne.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3022-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - I:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da7c3026-6b71-11dd-b692-f4146399328c}]
\Shell\AutoRun\command - M:\MafiaLauncher.EXE
.
Obsah adresáře 'Naplánované úlohy'
2009-04-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
2009-04-07 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 11:13]
2008-10-01 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 14:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.desktopsmiley.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {A31EE4C9-862B-423C-B4D1-5A8BDA288295} = 172.16.0.5,172.16.10.1
FF - ProfilePath - c:\documents and settings\Rejth\Data aplikací\Mozilla\Firefox\Profiles\yw1wn5d6.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 20:04:08
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1844237615-616249376-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:90,5e,0c,aa,20,42,5a,c7,36,34,1f,cb,8f,3d,4a,73,a7,c4,73,23,0e,
71,0e,8a,92,ff,ef,cd,a0,f6,1d,8c,08,ce,23,cb,1c,d7,3e,c4,50,d2,15,39,24,bf,\
"rkeysecu"=hex:5b,2d,95,b6,76,38,9e,59,93,17,a0,b2,a8,b7,68,ad
[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\ACPI\PNP0F13\3&2411e6fe&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\snmp.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
.
**************************************************************************
.
Celkový čas: 2009-04-07 20:08:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-07 18:08:54
ComboFix2.txt 2009-04-06 07:41:22
ComboFix3.txt 2009-04-05 21:23:08
Před spuštěním: Volných bajtů: 13 145 624 576
Po spuštění: Volných bajtů: 13,135,196,160
268 --- E O F --- 2009-03-18 23:49:22
Tady to je sorry že totak trvalo,byl jsem mimo PC
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: nefungující autorun
Nic se neděje..
Tak snad je to pryč, ještě vlož nový log z HJT.
Tak snad je to pryč, ještě vlož nový log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: nefungující autorun
Promiň,ala teď nevím co po mě chseš 
jaký nový log??? A co to je HTJ 
jaký nový log??? A co to je HTJ Zpět na “Windows 11, 10, 8...”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 12 hostů