http://2i.cz/54961c36e5
muzu poprosit o radu jak se toho zbavim?? diky
Trojan - Spy. Win32. years 2010 - wors + Vyřešeno
Re: Trojan - Spy. Win32. years 2010 - wors
Tak pošli tu SMS ne? Jestli máš u operátora za 2 koruny... A pak zadej ten kód
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Trojan - Spy. Win32. years 2010 - wors
Nikam nic neposílej! Je to šmejd a bude z tebe tahat peníze. Jako by se o tom nikde nepsalo a stejně se na to chytí tolik lidí 
Dostaneš se do nouzového režimu? Dá se s PC v normálním režimu něco dělat?
Dostaneš se do nouzového režimu? Dá se s PC v normálním režimu něco dělat?PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Trojan - Spy. Win32. years 2010 - wors
no to nejsu blbej abych tam neco posilal, ja ani nevim jak jsem to chytl, jsem byl 6 dnu mimo pc a byla tu svica, takze prijedu dom a vyskoci na me toto, a kdyz dam nemam kod tak jde normalne vse delat v pc...., akorat se odecte jedna moznsot na spusteni...
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Trojan - Spy. Win32. years 2010 - wors
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Trojan - Spy. Win32. years 2010 - wors
ok, ted musim na fotbal, tak az dojdu tak to udelam, diky
Re: Trojan - Spy. Win32. years 2010 - wors
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4690
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
25.9.2010 20:12:41
mbam-log-2010-09-25 (20-12-41).txt
Typ skenu: Úplný sken (A:\|C:\|D:\|E:\|F:\|G:\|I:\|)
Skenované objekty: 684544
Uplynulý čas: 5 hodina(y), 9 minuta(y), 5 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 66
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system34 (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
C:\Program Files\Microsoft Common (Trojan.Agent) -> No action taken.
Infikované soubory:
C:\Documents and Settings\Jakub\Local Settings\Temp\Dočasný adresář 1 pro keygen-cod4.zip\keygen-cod4.exe (Trojan.Agent.CK) -> No action taken.
C:\Documents and Settings\Jakub.933E2C9D93AC472\Dokumenty\zps\keygen.exe (Trojan.Dropper.PGen) -> No action taken.
C:\Documents and Settings\Jakub.933E2C9D93AC472\Plocha\Monopoly.1.0.406.Portable\GameuxInstallHelper.dll (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Jakub.933E2C9D93AC472\Plocha\TuneUp Utilities 2010 v9.0.4020 CZ\keygen.exe (Trojan.Agent.CK) -> No action taken.
C:\System Volume Information\_restore{33C84B41-6192-4DBF-A309-FF6E80158FE3}\RP571\A0222025.exe (RiskWare.Tool.CK) -> No action taken.
C:\System Volume Information\_restore{33C84B41-6192-4DBF-A309-FF6E80158FE3}\RP571\A0222028.exe (RiskWare.Tool.CK) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124491.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124492.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124494.scr (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124505.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124506.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124507.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124508.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124517.SCR (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124519.DLL (Adware.MyWeb.FunWeb) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124520.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124525.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124526.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124527.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124528.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124530.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124531.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124532.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124533.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124534.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124535.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124536.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124537.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124686.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0125205.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0125206.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0125207.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP165\A0142098.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148036.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148037.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148039.scr (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148050.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148051.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148052.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148053.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148062.SCR (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148064.DLL (Adware.MyWeb.FunWeb) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148065.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148070.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148071.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148072.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148073.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148075.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148076.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148077.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148078.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148079.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148080.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148081.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148082.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP178\A0148193.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP178\A0148194.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP178\A0148195.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP179\A0148322.dll (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP179\A0148332.dll (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP182\A0149059.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP182\A0155107.dll (Malware.Packer.Gen) -> No action taken.
I:\zoner_photo_studio\zps\keygen.exe (Trojan.Dropper.PGen) -> No action taken.
C:\Documents and Settings\Jakub\Local Settings\Temp\ie3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\sextra\Local Settings\Temp\ie3.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS.1\SoftwareProtection\systemvital.exe (Trojan.Agent) -> No action taken.
www.malwarebytes.org
Verze databáze: 4690
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
25.9.2010 20:12:41
mbam-log-2010-09-25 (20-12-41).txt
Typ skenu: Úplný sken (A:\|C:\|D:\|E:\|F:\|G:\|I:\|)
Skenované objekty: 684544
Uplynulý čas: 5 hodina(y), 9 minuta(y), 5 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 66
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system34 (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
C:\Program Files\Microsoft Common (Trojan.Agent) -> No action taken.
Infikované soubory:
C:\Documents and Settings\Jakub\Local Settings\Temp\Dočasný adresář 1 pro keygen-cod4.zip\keygen-cod4.exe (Trojan.Agent.CK) -> No action taken.
C:\Documents and Settings\Jakub.933E2C9D93AC472\Dokumenty\zps\keygen.exe (Trojan.Dropper.PGen) -> No action taken.
C:\Documents and Settings\Jakub.933E2C9D93AC472\Plocha\Monopoly.1.0.406.Portable\GameuxInstallHelper.dll (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\Jakub.933E2C9D93AC472\Plocha\TuneUp Utilities 2010 v9.0.4020 CZ\keygen.exe (Trojan.Agent.CK) -> No action taken.
C:\System Volume Information\_restore{33C84B41-6192-4DBF-A309-FF6E80158FE3}\RP571\A0222025.exe (RiskWare.Tool.CK) -> No action taken.
C:\System Volume Information\_restore{33C84B41-6192-4DBF-A309-FF6E80158FE3}\RP571\A0222028.exe (RiskWare.Tool.CK) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124491.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124492.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124494.scr (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124505.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124506.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124507.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124508.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124517.SCR (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124519.DLL (Adware.MyWeb.FunWeb) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124520.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124525.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124526.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124527.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124528.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124530.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124531.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124532.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124533.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124534.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124535.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124536.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124537.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0124686.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0125205.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0125206.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP159\A0125207.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP165\A0142098.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148036.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148037.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148039.scr (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148050.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148051.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148052.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148053.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148062.SCR (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148064.DLL (Adware.MyWeb.FunWeb) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148065.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148070.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148071.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148072.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148073.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148075.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148076.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148077.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148078.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148079.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148080.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148081.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP177\A0148082.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP178\A0148193.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP178\A0148194.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP178\A0148195.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP179\A0148322.dll (Trojan.Buzus) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP179\A0148332.dll (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP182\A0149059.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{9C2CC541-6749-4394-8A6B-98AD08A66CC4}\RP182\A0155107.dll (Malware.Packer.Gen) -> No action taken.
I:\zoner_photo_studio\zps\keygen.exe (Trojan.Dropper.PGen) -> No action taken.
C:\Documents and Settings\Jakub\Local Settings\Temp\ie3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\sextra\Local Settings\Temp\ie3.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS.1\SoftwareProtection\systemvital.exe (Trojan.Agent) -> No action taken.
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Trojan - Spy. Win32. years 2010 - wors
Ty jsi teda warezák 
Pak se div, že něco takového chytneš 
- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
pokud máš XP 32bit, tak udělej ještě tohle:
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pak se div, že něco takového chytneš - Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
pokud máš XP 32bit, tak udělej ještě tohle:
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Trojan - Spy. Win32. years 2010 - wors
ComboFix 10-09-25.03 - Jakub 26.09.2010 0:10.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.3175 [GMT 2:00]
Spuštěný z: G:\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\.#
c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\Desktopicon
c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\Desktopicon\eBay.ico
c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\Desktopicon\uninst.exe
c:\documents and settings\Jakub.933E2C9D93AC472\Dokumenty\cc_20100923_130947.reg
c:\documents and settings\Jakub\Data aplikací\Desktopicon
c:\documents and settings\Jakub\Data aplikací\Desktopicon\config.ini
c:\documents and settings\Ladislava\Plocha\Internet Explorer.lnk
c:\program files\Hide Real IP
c:\program files\Hide Real IP\ccodes.txt
c:\program files\Hide Real IP\hide-real-ip.exe.manifest
c:\program files\Hide Real IP\ProxyNew.dll
c:\program files\Internet Explorer\SET2274.tmp
c:\windows.1\system32\3gpvideoconvertera.dat
c:\windows.1\system32\3gpvideoconverterb.dat
c:\windows.1\system32\vbzlib1.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-25 do 2010-09-25 )))))))))))))))))))))))))))))))
.
2010-09-25 11:40 . 2010-09-25 11:41 -------- d-----w- c:\documents and settings\Jakub.933E2C9D93AC472\DoctorWeb
2010-09-25 11:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows.1\system32\drivers\mbamswissarmy.sys
2010-09-25 11:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows.1\system32\drivers\mbam.sys
2010-09-25 11:37 . 2010-09-25 11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 08:02 . 2010-09-23 08:03 -------- d-----w- c:\program files\CCleaner
2010-09-16 19:33 . 2010-09-16 19:33 -------- d-----w- C:\BraCa Soft
2010-09-12 08:45 . 2010-09-16 07:40 87752 ----a-w- c:\windows.1\system32\drivers\appdrv01.fs.{A7E56839-0B44-4261-8167-6DCA58E79946}.sys
2010-09-11 19:30 . 2010-09-11 19:30 3333808 ----a-w- c:\windows.1\system32\drivers\appdrv01.sys
2010-09-11 19:30 . 2010-09-11 19:30 316888 ----a-w- c:\windows.1\system32\appdrvrem01.exe
2010-09-11 11:45 . 2010-09-11 12:05 -------- d-----w- c:\program files\International Basketball Manager
2010-09-11 11:45 . 2010-09-11 11:45 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-09-10 09:43 . 2010-09-10 09:43 -------- d-----w- c:\program files\Activision Value
2010-09-09 21:36 . 2010-09-10 09:04 -------- d-----w- c:\program files\Ski Resort Extreme
2010-09-09 20:41 . 2010-09-09 20:41 -------- d-----w- c:\program files\Team17
2010-09-09 19:01 . 2010-09-09 19:01 -------- d-----w- c:\program files\Common Files\NacreWare
2010-09-09 19:01 . 2010-09-09 19:01 -------- d-----w- c:\program files\AMC2000
2010-09-09 17:00 . 2010-09-10 08:21 -------- d-----w- c:\program files\Microids
2010-09-05 09:37 . 2010-09-05 09:37 -------- d-----w- c:\program files\Activision
2010-08-31 18:12 . 2010-08-31 18:14 -------- d-----w- C:\pebuilder319
2010-08-31 18:12 . 2010-08-31 18:12 -------- d-----w- c:\program files\iWellSoft
2010-08-31 18:12 . 2008-08-07 13:31 1238456 ----a-w- c:\windows.1\system32\NMSDVDXU.dll
2010-08-31 18:12 . 2007-03-10 00:00 30208 ----a-w- c:\windows.1\system32\borlndmm.dll
2010-08-31 18:09 . 2010-08-31 18:09 -------- d-----w- c:\program files\PCWinISOBurn
2010-08-27 18:32 . 2010-09-25 20:09 -------- d-----w- c:\program files\Steam
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 22:09 . 2009-04-11 20:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-25 20:10 . 2007-12-16 13:41 -------- d-----w- c:\program files\Spyware Terminator
2010-09-25 10:55 . 2007-06-08 15:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-25 10:42 . 2008-03-08 06:25 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 3
2010-09-24 09:12 . 2009-12-19 15:31 -------- d-----w- c:\program files\BRS
2010-09-24 09:12 . 2009-12-19 15:29 445016 ----a-w- c:\windows.1\system32\wrap_oal.dll
2010-09-24 09:12 . 2009-12-19 15:29 109144 ----a-w- c:\windows.1\system32\OpenAL32.dll
2010-09-24 08:55 . 2009-12-19 15:09 -------- d-----w- c:\program files\Codemasters
2010-09-14 06:58 . 2010-05-25 06:13 664 ----a-w- c:\windows.1\system32\d3d9caps.dat
2010-09-12 16:56 . 2010-06-26 16:51 -------- d-----w- c:\program files\Electronic Arts
2010-09-11 16:48 . 2008-07-12 19:02 -------- d-----w- c:\program files\Cyanide
2010-09-11 11:49 . 2010-07-09 20:55 -------- d-----w- c:\program files\EA Sports
2010-09-10 08:12 . 2007-06-11 09:40 -------- d-----w- c:\program files\Futuremark
2010-09-10 05:49 . 2008-12-30 17:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 08:02 . 2007-11-02 21:25 -------- d-----w- c:\program files\SpeedFan
2010-08-28 21:10 . 2008-11-09 20:54 -------- d-----w- c:\program files\rajce
2010-08-27 18:35 . 2007-11-04 12:00 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-24 10:15 . 2007-12-21 16:05 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-08-24 06:56 . 2007-06-22 13:06 -------- d-----w- c:\program files\Common Files\Java
2010-08-24 06:55 . 2009-02-10 16:54 -------- d-----w- c:\program files\Java
2010-08-22 19:22 . 2007-06-22 13:02 -------- d-----w- c:\program files\Opera
2010-08-18 15:10 . 2010-09-24 09:12 809560 ----a-r- c:\windows.1\system32\tmp1C3E.tmp
2010-08-18 15:10 . 2010-09-24 09:12 809560 ----a-r- c:\windows.1\system32\tmp1C3D.tmp
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows.1\system32\spoolsv.exe
2010-08-13 19:43 . 2010-08-13 19:38 -------- d-----w- c:\program files\The KMPlayer
2010-08-13 18:20 . 2006-03-02 12:00 79534 ----a-w- c:\windows.1\system32\perfc005.dat
2010-08-13 18:20 . 2006-03-02 12:00 432880 ----a-w- c:\windows.1\system32\perfh005.dat
2010-08-08 09:17 . 2010-08-08 09:17 -------- d-----w- c:\program files\BlackBeanGames
2010-08-08 07:52 . 2010-02-17 20:51 -------- d-----w- c:\program files\Oberon Media
2010-08-08 07:50 . 2010-03-17 19:06 -------- d-----w- c:\program files\Airport Mania
2010-08-08 07:33 . 2010-08-08 07:33 -------- d-----w- c:\program files\Windows Media Components
2010-08-07 18:09 . 2010-08-07 18:09 -------- d-----w- c:\program files\PerformanceTest
2010-08-07 08:15 . 2010-08-07 08:15 -------- d-----w- c:\program files\AC3Filter
2010-08-07 06:54 . 2010-08-07 06:54 -------- d-----w- c:\program files\MultiScreen
2010-08-06 14:22 . 2007-11-06 14:44 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-06 14:22 . 2010-08-06 14:22 232968 ----a-w- c:\windows.1\system32\nvdrsdb0.bin
2010-08-06 14:22 . 2010-08-06 14:22 1 ----a-w- c:\windows.1\system32\nvdrssel.bin
2010-08-06 14:22 . 2010-08-06 14:22 232968 ----a-w- c:\windows.1\system32\nvdrsdb1.bin
2010-07-28 17:10 . 2009-12-19 15:31 1380352 ----a-w- c:\windows.1\system32\rapture3d_oal.dll
2010-07-24 10:58 . 2010-07-24 10:58 49 ----a-w- c:\program files\ScrRecX.log
2010-07-24 10:53 . 2010-07-24 10:53 12331904 ----a-w- c:\program files\aTube_Catcher.exe
2010-07-22 15:46 . 2006-03-02 12:00 590848 ----a-w- c:\windows.1\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows.1\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-05-03 15:10 423656 ----a-w- c:\windows.1\system32\deployJava1.dll
2010-07-16 07:46 . 2010-07-16 07:46 2288128 ----a-w- c:\windows.1\system32\TUKernel.exe
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows.1\system32\nvwddi.dll
2010-07-07 11:46 . 2009-02-09 15:52 604776 ----a-w- c:\windows.1\system32\NVUNINST.EXE
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows.1\system32\schannel.dll
2007-06-27 17:31 . 2010-02-01 16:45 118784 ----a-w- c:\program files\MSP_Uninstall.exe
2007-06-27 17:31 . 2010-02-01 16:45 90112 ----a-w- c:\program files\axesstel.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"Steam"="c:\program files\Steam\Steam.exe" [2009-09-14 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-15 1817600]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Gainward"="c:\windows.1\TBPanel.exe" [2008-01-29 2177576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-06 718704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows.1\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows.1\system32\NvMcTray.dll" [2010-07-09 110696]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2008-06-30 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.1\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Ladislava\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-6-25 624416]
c:\documents and settings\Jakub\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-6-25 624416]
c:\documents and settings\Jakub.933E2C9D93AC472\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
system32.lnk - c:\windows\winapp\ssh.exe [2010-9-12 28672]
c:\documents and settings\All Users.WINDOWS.1\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-6-22 966756]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 3\\firefox.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\sandra.mui"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2010\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2010\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows.1\system32\drivers\BtHidBus.sys [31.7.2008 21:45 20616]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows.1\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 appdrv01;Application Driver (01);c:\windows.1\system32\drivers\appdrv01.sys [11.9.2010 21:30 3333808]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows.1\system32\drivers\sp_rsdrv2.sys [9.2.2009 17:57 141312]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.9.2008 18:18 246520]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [25.1.2008 19:47 149352]
R2 npf;NetGroup Packet Filter Driver;c:\windows.1\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S0 uksrlg;uksrlg;c:\windows.1\system32\drivers\ojhqjrm.sys --> c:\windows.1\system32\drivers\ojhqjrm.sys [?]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows.1\System32\appdrvrem01.exe svc --> c:\windows.1\System32\appdrvrem01.exe svc [?]
S2 gupdate1ca49a39755751c;Služba Google Update (gupdate1ca49a39755751c);c:\program files\Google\Update\GoogleUpdate.exe [10.10.2009 14:17 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows.1\system32\drivers\axtmvflt.sys [1.2.2010 18:45 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows.1\system32\drivers\axtmvmdm.sys [1.2.2010 18:45 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows.1\system32\drivers\axtmvprt.sys [1.2.2010 18:45 38784]
S3 COH_Mon;COH_Mon;c:\windows.1\system32\drivers\COH_Mon.sys [12.1.2008 20:32 23888]
S3 cpuz130;cpuz130;\??\c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\GPU-Z.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows.1\system32\drivers\IvtBtBus.sys [2.7.2008 15:58 26248]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows.1\System32\svchost.exe -k nosGetPlusHelper [2.3.2006 14:00 14336]
S3 RTCore32;RTCore32;\??\c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\Rar$EX00.453\RTCore32.sys --> c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\Rar$EX00.453\RTCore32.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [17.7.2010 9:41 93336]
S4 sptd;sptd;c:\windows.1\system32\drivers\sptd.sys [9.2.2009 22:04 717296]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-09-22 c:\windows.1\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-09-25 c:\windows.1\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:16]
2010-09-25 c:\windows.1\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:16]
2010-09-13 c:\windows.1\Tasks\Norton Internet Security - Prověřit tento počítač - Jakub.job
- c:\program files\Norton Internet Security\Aplikace Norton AntiVirus\Navw32.exe [2008-02-07 06:05]
2010-09-25 c:\windows.1\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15003&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
FF - ProfilePath - c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\Mozilla\Firefox\Profiles\927zy23c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... e=en_EU&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox 3 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox 3 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox 3 Beta 3\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox 3 Beta 3\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-eBay Icon - c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\Desktopicon\uninst.exe
AddRemove-Locomotion CZ - 0:\program files\Atari\Locomotion\loco_eng.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 00:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8A4AA7A8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> sfsync02.sys @ 0xf7717d60
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e710a
ParseProcedure -> TUKERNEL.EXE @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e710a
ParseProcedure -> TUKERNEL.EXE @ 0x80578f7a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-57989841-1767777339-725345543-1004\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Dokumenty\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Plocha\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006f
"UniqueID"="18-F0C5-2143"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
[HKEY_USERS\S-1-5-21-57989841-1767777339-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-57989841-1767777339-725345543-1004\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-57989841-1767777339-725345543-1004)
@Allowed: (Read) (S-1-5-21-57989841-1767777339-725345543-1004)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3a0c55e3-767e-419d-a131-5ae1b640a47a}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ba
"Therad"=dword:00000012
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):84,ba,7f,42,f3,8e,ff,d9,7c,1f,63,8d,a5,3b,a5,97,be,a4,54,dc,35,
6a,9c,c2,aa,46,1b,65,41,b2,19,9f,7e,16,ed,e8,97,47,5e,90,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.1\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.1\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-09-26 00:28:35
ComboFix-quarantined-files.txt 2010-09-25 22:28
Před spuštěním: Volných bajtů: 10 547 273 728
Po spuštění: Volných bajtů: 18 195 996 672
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer /TUTag=3RMDC8 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /usepmtimer /TUTag=3RMDC8-BAK
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - F5BE2170C91DE3066A7AC33FC212C8C8
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.3175 [GMT 2:00]
Spuštěný z: G:\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\.#
c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\Desktopicon
c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\Desktopicon\eBay.ico
c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\Desktopicon\uninst.exe
c:\documents and settings\Jakub.933E2C9D93AC472\Dokumenty\cc_20100923_130947.reg
c:\documents and settings\Jakub\Data aplikací\Desktopicon
c:\documents and settings\Jakub\Data aplikací\Desktopicon\config.ini
c:\documents and settings\Ladislava\Plocha\Internet Explorer.lnk
c:\program files\Hide Real IP
c:\program files\Hide Real IP\ccodes.txt
c:\program files\Hide Real IP\hide-real-ip.exe.manifest
c:\program files\Hide Real IP\ProxyNew.dll
c:\program files\Internet Explorer\SET2274.tmp
c:\windows.1\system32\3gpvideoconvertera.dat
c:\windows.1\system32\3gpvideoconverterb.dat
c:\windows.1\system32\vbzlib1.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-25 do 2010-09-25 )))))))))))))))))))))))))))))))
.
2010-09-25 11:40 . 2010-09-25 11:41 -------- d-----w- c:\documents and settings\Jakub.933E2C9D93AC472\DoctorWeb
2010-09-25 11:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows.1\system32\drivers\mbamswissarmy.sys
2010-09-25 11:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows.1\system32\drivers\mbam.sys
2010-09-25 11:37 . 2010-09-25 11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 08:02 . 2010-09-23 08:03 -------- d-----w- c:\program files\CCleaner
2010-09-16 19:33 . 2010-09-16 19:33 -------- d-----w- C:\BraCa Soft
2010-09-12 08:45 . 2010-09-16 07:40 87752 ----a-w- c:\windows.1\system32\drivers\appdrv01.fs.{A7E56839-0B44-4261-8167-6DCA58E79946}.sys
2010-09-11 19:30 . 2010-09-11 19:30 3333808 ----a-w- c:\windows.1\system32\drivers\appdrv01.sys
2010-09-11 19:30 . 2010-09-11 19:30 316888 ----a-w- c:\windows.1\system32\appdrvrem01.exe
2010-09-11 11:45 . 2010-09-11 12:05 -------- d-----w- c:\program files\International Basketball Manager
2010-09-11 11:45 . 2010-09-11 11:45 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-09-10 09:43 . 2010-09-10 09:43 -------- d-----w- c:\program files\Activision Value
2010-09-09 21:36 . 2010-09-10 09:04 -------- d-----w- c:\program files\Ski Resort Extreme
2010-09-09 20:41 . 2010-09-09 20:41 -------- d-----w- c:\program files\Team17
2010-09-09 19:01 . 2010-09-09 19:01 -------- d-----w- c:\program files\Common Files\NacreWare
2010-09-09 19:01 . 2010-09-09 19:01 -------- d-----w- c:\program files\AMC2000
2010-09-09 17:00 . 2010-09-10 08:21 -------- d-----w- c:\program files\Microids
2010-09-05 09:37 . 2010-09-05 09:37 -------- d-----w- c:\program files\Activision
2010-08-31 18:12 . 2010-08-31 18:14 -------- d-----w- C:\pebuilder319
2010-08-31 18:12 . 2010-08-31 18:12 -------- d-----w- c:\program files\iWellSoft
2010-08-31 18:12 . 2008-08-07 13:31 1238456 ----a-w- c:\windows.1\system32\NMSDVDXU.dll
2010-08-31 18:12 . 2007-03-10 00:00 30208 ----a-w- c:\windows.1\system32\borlndmm.dll
2010-08-31 18:09 . 2010-08-31 18:09 -------- d-----w- c:\program files\PCWinISOBurn
2010-08-27 18:32 . 2010-09-25 20:09 -------- d-----w- c:\program files\Steam
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 22:09 . 2009-04-11 20:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-25 20:10 . 2007-12-16 13:41 -------- d-----w- c:\program files\Spyware Terminator
2010-09-25 10:55 . 2007-06-08 15:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-25 10:42 . 2008-03-08 06:25 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 3
2010-09-24 09:12 . 2009-12-19 15:31 -------- d-----w- c:\program files\BRS
2010-09-24 09:12 . 2009-12-19 15:29 445016 ----a-w- c:\windows.1\system32\wrap_oal.dll
2010-09-24 09:12 . 2009-12-19 15:29 109144 ----a-w- c:\windows.1\system32\OpenAL32.dll
2010-09-24 08:55 . 2009-12-19 15:09 -------- d-----w- c:\program files\Codemasters
2010-09-14 06:58 . 2010-05-25 06:13 664 ----a-w- c:\windows.1\system32\d3d9caps.dat
2010-09-12 16:56 . 2010-06-26 16:51 -------- d-----w- c:\program files\Electronic Arts
2010-09-11 16:48 . 2008-07-12 19:02 -------- d-----w- c:\program files\Cyanide
2010-09-11 11:49 . 2010-07-09 20:55 -------- d-----w- c:\program files\EA Sports
2010-09-10 08:12 . 2007-06-11 09:40 -------- d-----w- c:\program files\Futuremark
2010-09-10 05:49 . 2008-12-30 17:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 08:02 . 2007-11-02 21:25 -------- d-----w- c:\program files\SpeedFan
2010-08-28 21:10 . 2008-11-09 20:54 -------- d-----w- c:\program files\rajce
2010-08-27 18:35 . 2007-11-04 12:00 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-24 10:15 . 2007-12-21 16:05 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-08-24 06:56 . 2007-06-22 13:06 -------- d-----w- c:\program files\Common Files\Java
2010-08-24 06:55 . 2009-02-10 16:54 -------- d-----w- c:\program files\Java
2010-08-22 19:22 . 2007-06-22 13:02 -------- d-----w- c:\program files\Opera
2010-08-18 15:10 . 2010-09-24 09:12 809560 ----a-r- c:\windows.1\system32\tmp1C3E.tmp
2010-08-18 15:10 . 2010-09-24 09:12 809560 ----a-r- c:\windows.1\system32\tmp1C3D.tmp
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows.1\system32\spoolsv.exe
2010-08-13 19:43 . 2010-08-13 19:38 -------- d-----w- c:\program files\The KMPlayer
2010-08-13 18:20 . 2006-03-02 12:00 79534 ----a-w- c:\windows.1\system32\perfc005.dat
2010-08-13 18:20 . 2006-03-02 12:00 432880 ----a-w- c:\windows.1\system32\perfh005.dat
2010-08-08 09:17 . 2010-08-08 09:17 -------- d-----w- c:\program files\BlackBeanGames
2010-08-08 07:52 . 2010-02-17 20:51 -------- d-----w- c:\program files\Oberon Media
2010-08-08 07:50 . 2010-03-17 19:06 -------- d-----w- c:\program files\Airport Mania
2010-08-08 07:33 . 2010-08-08 07:33 -------- d-----w- c:\program files\Windows Media Components
2010-08-07 18:09 . 2010-08-07 18:09 -------- d-----w- c:\program files\PerformanceTest
2010-08-07 08:15 . 2010-08-07 08:15 -------- d-----w- c:\program files\AC3Filter
2010-08-07 06:54 . 2010-08-07 06:54 -------- d-----w- c:\program files\MultiScreen
2010-08-06 14:22 . 2007-11-06 14:44 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-06 14:22 . 2010-08-06 14:22 232968 ----a-w- c:\windows.1\system32\nvdrsdb0.bin
2010-08-06 14:22 . 2010-08-06 14:22 1 ----a-w- c:\windows.1\system32\nvdrssel.bin
2010-08-06 14:22 . 2010-08-06 14:22 232968 ----a-w- c:\windows.1\system32\nvdrsdb1.bin
2010-07-28 17:10 . 2009-12-19 15:31 1380352 ----a-w- c:\windows.1\system32\rapture3d_oal.dll
2010-07-24 10:58 . 2010-07-24 10:58 49 ----a-w- c:\program files\ScrRecX.log
2010-07-24 10:53 . 2010-07-24 10:53 12331904 ----a-w- c:\program files\aTube_Catcher.exe
2010-07-22 15:46 . 2006-03-02 12:00 590848 ----a-w- c:\windows.1\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows.1\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-05-03 15:10 423656 ----a-w- c:\windows.1\system32\deployJava1.dll
2010-07-16 07:46 . 2010-07-16 07:46 2288128 ----a-w- c:\windows.1\system32\TUKernel.exe
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows.1\system32\nvwddi.dll
2010-07-07 11:46 . 2009-02-09 15:52 604776 ----a-w- c:\windows.1\system32\NVUNINST.EXE
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows.1\system32\schannel.dll
2007-06-27 17:31 . 2010-02-01 16:45 118784 ----a-w- c:\program files\MSP_Uninstall.exe
2007-06-27 17:31 . 2010-02-01 16:45 90112 ----a-w- c:\program files\axesstel.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"Steam"="c:\program files\Steam\Steam.exe" [2009-09-14 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-15 1817600]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Gainward"="c:\windows.1\TBPanel.exe" [2008-01-29 2177576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-06 718704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows.1\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows.1\system32\NvMcTray.dll" [2010-07-09 110696]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2008-06-30 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.1\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Ladislava\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-6-25 624416]
c:\documents and settings\Jakub\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-6-25 624416]
c:\documents and settings\Jakub.933E2C9D93AC472\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
system32.lnk - c:\windows\winapp\ssh.exe [2010-9-12 28672]
c:\documents and settings\All Users.WINDOWS.1\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-6-22 966756]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 3\\firefox.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\sandra.mui"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2010\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2010\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows.1\system32\drivers\BtHidBus.sys [31.7.2008 21:45 20616]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows.1\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 appdrv01;Application Driver (01);c:\windows.1\system32\drivers\appdrv01.sys [11.9.2010 21:30 3333808]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows.1\system32\drivers\sp_rsdrv2.sys [9.2.2009 17:57 141312]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.9.2008 18:18 246520]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [25.1.2008 19:47 149352]
R2 npf;NetGroup Packet Filter Driver;c:\windows.1\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S0 uksrlg;uksrlg;c:\windows.1\system32\drivers\ojhqjrm.sys --> c:\windows.1\system32\drivers\ojhqjrm.sys [?]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows.1\System32\appdrvrem01.exe svc --> c:\windows.1\System32\appdrvrem01.exe svc [?]
S2 gupdate1ca49a39755751c;Služba Google Update (gupdate1ca49a39755751c);c:\program files\Google\Update\GoogleUpdate.exe [10.10.2009 14:17 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows.1\system32\drivers\axtmvflt.sys [1.2.2010 18:45 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows.1\system32\drivers\axtmvmdm.sys [1.2.2010 18:45 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows.1\system32\drivers\axtmvprt.sys [1.2.2010 18:45 38784]
S3 COH_Mon;COH_Mon;c:\windows.1\system32\drivers\COH_Mon.sys [12.1.2008 20:32 23888]
S3 cpuz130;cpuz130;\??\c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\GPU-Z.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows.1\system32\drivers\IvtBtBus.sys [2.7.2008 15:58 26248]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows.1\System32\svchost.exe -k nosGetPlusHelper [2.3.2006 14:00 14336]
S3 RTCore32;RTCore32;\??\c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\Rar$EX00.453\RTCore32.sys --> c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\Rar$EX00.453\RTCore32.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [17.7.2010 9:41 93336]
S4 sptd;sptd;c:\windows.1\system32\drivers\sptd.sys [9.2.2009 22:04 717296]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-09-22 c:\windows.1\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-09-25 c:\windows.1\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:16]
2010-09-25 c:\windows.1\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:16]
2010-09-13 c:\windows.1\Tasks\Norton Internet Security - Prověřit tento počítač - Jakub.job
- c:\program files\Norton Internet Security\Aplikace Norton AntiVirus\Navw32.exe [2008-02-07 06:05]
2010-09-25 c:\windows.1\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15003&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
FF - ProfilePath - c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\Mozilla\Firefox\Profiles\927zy23c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... e=en_EU&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox 3 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox 3 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox 3 Beta 3\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox 3 Beta 3\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-eBay Icon - c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\Desktopicon\uninst.exe
AddRemove-Locomotion CZ - 0:\program files\Atari\Locomotion\loco_eng.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 00:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8A4AA7A8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> sfsync02.sys @ 0xf7717d60
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e710a
ParseProcedure -> TUKERNEL.EXE @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e710a
ParseProcedure -> TUKERNEL.EXE @ 0x80578f7a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-57989841-1767777339-725345543-1004\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Dokumenty\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Plocha\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006f
"UniqueID"="18-F0C5-2143"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
[HKEY_USERS\S-1-5-21-57989841-1767777339-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-57989841-1767777339-725345543-1004\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-57989841-1767777339-725345543-1004)
@Allowed: (Read) (S-1-5-21-57989841-1767777339-725345543-1004)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3a0c55e3-767e-419d-a131-5ae1b640a47a}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ba
"Therad"=dword:00000012
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):84,ba,7f,42,f3,8e,ff,d9,7c,1f,63,8d,a5,3b,a5,97,be,a4,54,dc,35,
6a,9c,c2,aa,46,1b,65,41,b2,19,9f,7e,16,ed,e8,97,47,5e,90,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.1\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.1\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-09-26 00:28:35
ComboFix-quarantined-files.txt 2010-09-25 22:28
Před spuštěním: Volných bajtů: 10 547 273 728
Po spuštění: Volných bajtů: 18 195 996 672
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer /TUTag=3RMDC8 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /usepmtimer /TUTag=3RMDC8-BAK
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - F5BE2170C91DE3066A7AC33FC212C8C8
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan - Spy. Win32. years 2010 - wors +
Odinstaluj:
SpywareTerminator
ICQ Toolbar
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows.1\system32\drivers\appdrv01.fs.{A7E56839-0B44-4261-8167-6DCA58E79946}.sys
c:\windows.1\system32\drivers\appdrv01.sys
c:\windows.1\system32\appdrvrem01.exe
c:\windows.1\system32\spoolsv.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
SpywareTerminator
ICQ Toolbar
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows.1\system32\d3d9caps.dat
c:\windows.1\system32\tmp1C3E.tmp
c:\windows.1\system32\tmp1C3D.tmp
c:\windows.1\system32\perfc005.dat
c:\windows.1\system32\perfh005.dat
c:\windows.1\Tasks\Scheduled Update for Ask Toolbar.job
c:\program files\Ask.com\UpdateTask.exe
Folder::
c:\program files\Ask.com
Driver::
ojhqjrm
uksrlg
appdrvrem01
cpuz130
GPU-Z
RTCore32
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
DDS::
uStart Page = hxxp://eu.ask.com?o=15003&l=dis
uInternet Settings,ProxyOverride = local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
Firefox::
FF - ProfilePath - c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\Mozilla\Firefox\Profiles\927zy23c.default\
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... e=en_EU&q=
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3a0c55e3-767e-419d-a131-5ae1b640a47a}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows.1\system32\drivers\appdrv01.fs.{A7E56839-0B44-4261-8167-6DCA58E79946}.sys
c:\windows.1\system32\drivers\appdrv01.sys
c:\windows.1\system32\appdrvrem01.exe
c:\windows.1\system32\spoolsv.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trojan - Spy. Win32. years 2010 - wors +
pred kazdym spustenim combofix se mi objevi hlaska ze byl objeven rootkit a restartne se mi pc...
ComboFix 10-09-25.03 - Jakub 26.09.2010 10:05:54.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.3187 [GMT 2:00]
Spuštěný z: G:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FILE ::
"c:\program files\Ask.com\UpdateTask.exe"
"c:\windows.1\system32\d3d9caps.dat"
"c:\windows.1\system32\perfc005.dat"
"c:\windows.1\system32\perfh005.dat"
"c:\windows.1\system32\tmp1C3D.tmp"
"c:\windows.1\system32\tmp1C3E.tmp"
"c:\windows.1\Tasks\Scheduled Update for Ask Toolbar.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows.1\system32\d3d9caps.dat
c:\windows.1\system32\perfc005.dat
c:\windows.1\system32\perfh005.dat
c:\windows.1\system32\tmp1C3D.tmp
c:\windows.1\system32\tmp1C3E.tmp
c:\windows.1\Tasks\Scheduled Update for Ask Toolbar.job
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-26 do 2010-09-26 )))))))))))))))))))))))))))))))
.
2010-09-25 11:40 . 2010-09-25 11:41 -------- d-----w- c:\documents and settings\Jakub.933E2C9D93AC472\DoctorWeb
2010-09-25 11:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows.1\system32\drivers\mbamswissarmy.sys
2010-09-25 11:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows.1\system32\drivers\mbam.sys
2010-09-25 11:37 . 2010-09-25 11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 08:02 . 2010-09-23 08:03 -------- d-----w- c:\program files\CCleaner
2010-09-16 19:33 . 2010-09-16 19:33 -------- d-----w- C:\BraCa Soft
2010-09-12 08:45 . 2010-09-16 07:40 87752 ----a-w- c:\windows.1\system32\drivers\appdrv01.fs.{A7E56839-0B44-4261-8167-6DCA58E79946}.sys
2010-09-11 19:30 . 2010-09-11 19:30 3333808 ----a-w- c:\windows.1\system32\drivers\appdrv01.sys
2010-09-11 19:30 . 2010-09-11 19:30 316888 ----a-w- c:\windows.1\system32\appdrvrem01.exe
2010-09-11 11:45 . 2010-09-11 12:05 -------- d-----w- c:\program files\International Basketball Manager
2010-09-11 11:45 . 2010-09-11 11:45 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-09-10 09:43 . 2010-09-10 09:43 -------- d-----w- c:\program files\Activision Value
2010-09-09 21:36 . 2010-09-10 09:04 -------- d-----w- c:\program files\Ski Resort Extreme
2010-09-09 20:41 . 2010-09-09 20:41 -------- d-----w- c:\program files\Team17
2010-09-09 19:01 . 2010-09-09 19:01 -------- d-----w- c:\program files\Common Files\NacreWare
2010-09-09 19:01 . 2010-09-09 19:01 -------- d-----w- c:\program files\AMC2000
2010-09-09 17:00 . 2010-09-10 08:21 -------- d-----w- c:\program files\Microids
2010-09-05 09:37 . 2010-09-05 09:37 -------- d-----w- c:\program files\Activision
2010-08-31 18:12 . 2010-08-31 18:14 -------- d-----w- C:\pebuilder319
2010-08-31 18:12 . 2010-08-31 18:12 -------- d-----w- c:\program files\iWellSoft
2010-08-31 18:12 . 2008-08-07 13:31 1238456 ----a-w- c:\windows.1\system32\NMSDVDXU.dll
2010-08-31 18:12 . 2007-03-10 00:00 30208 ----a-w- c:\windows.1\system32\borlndmm.dll
2010-08-31 18:09 . 2010-08-31 18:09 -------- d-----w- c:\program files\PCWinISOBurn
2010-08-27 18:32 . 2010-09-26 08:23 -------- d-----w- c:\program files\Steam
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 07:53 . 2009-04-11 20:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-25 10:55 . 2007-06-08 15:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-25 10:42 . 2008-03-08 06:25 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 3
2010-09-24 09:12 . 2009-12-19 15:31 -------- d-----w- c:\program files\BRS
2010-09-24 09:12 . 2009-12-19 15:29 445016 ----a-w- c:\windows.1\system32\wrap_oal.dll
2010-09-24 09:12 . 2009-12-19 15:29 109144 ----a-w- c:\windows.1\system32\OpenAL32.dll
2010-09-24 08:55 . 2009-12-19 15:09 -------- d-----w- c:\program files\Codemasters
2010-09-12 16:56 . 2010-06-26 16:51 -------- d-----w- c:\program files\Electronic Arts
2010-09-11 16:48 . 2008-07-12 19:02 -------- d-----w- c:\program files\Cyanide
2010-09-11 11:49 . 2010-07-09 20:55 -------- d-----w- c:\program files\EA Sports
2010-09-10 08:12 . 2007-06-11 09:40 -------- d-----w- c:\program files\Futuremark
2010-09-10 05:49 . 2008-12-30 17:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 08:02 . 2007-11-02 21:25 -------- d-----w- c:\program files\SpeedFan
2010-08-28 21:10 . 2008-11-09 20:54 -------- d-----w- c:\program files\rajce
2010-08-27 18:35 . 2007-11-04 12:00 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-24 10:15 . 2007-12-21 16:05 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-08-24 06:56 . 2007-06-22 13:06 -------- d-----w- c:\program files\Common Files\Java
2010-08-24 06:55 . 2009-02-10 16:54 -------- d-----w- c:\program files\Java
2010-08-22 19:22 . 2007-06-22 13:02 -------- d-----w- c:\program files\Opera
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows.1\system32\spoolsv.exe
2010-08-13 19:43 . 2010-08-13 19:38 -------- d-----w- c:\program files\The KMPlayer
2010-08-08 09:17 . 2010-08-08 09:17 -------- d-----w- c:\program files\BlackBeanGames
2010-08-08 07:52 . 2010-02-17 20:51 -------- d-----w- c:\program files\Oberon Media
2010-08-08 07:50 . 2010-03-17 19:06 -------- d-----w- c:\program files\Airport Mania
2010-08-08 07:33 . 2010-08-08 07:33 -------- d-----w- c:\program files\Windows Media Components
2010-08-07 18:09 . 2010-08-07 18:09 -------- d-----w- c:\program files\PerformanceTest
2010-08-07 08:15 . 2010-08-07 08:15 -------- d-----w- c:\program files\AC3Filter
2010-08-07 06:54 . 2010-08-07 06:54 -------- d-----w- c:\program files\MultiScreen
2010-08-06 14:22 . 2007-11-06 14:44 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-06 14:22 . 2010-08-06 14:22 232968 ----a-w- c:\windows.1\system32\nvdrsdb0.bin
2010-08-06 14:22 . 2010-08-06 14:22 1 ----a-w- c:\windows.1\system32\nvdrssel.bin
2010-08-06 14:22 . 2010-08-06 14:22 232968 ----a-w- c:\windows.1\system32\nvdrsdb1.bin
2010-07-28 17:10 . 2009-12-19 15:31 1380352 ----a-w- c:\windows.1\system32\rapture3d_oal.dll
2010-07-24 10:58 . 2010-07-24 10:58 49 ----a-w- c:\program files\ScrRecX.log
2010-07-24 10:53 . 2010-07-24 10:53 12331904 ----a-w- c:\program files\aTube_Catcher.exe
2010-07-22 15:46 . 2006-03-02 12:00 590848 ----a-w- c:\windows.1\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows.1\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-05-03 15:10 423656 ----a-w- c:\windows.1\system32\deployJava1.dll
2010-07-16 07:46 . 2010-07-16 07:46 2288128 ----a-w- c:\windows.1\system32\TUKernel.exe
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows.1\system32\nvwddi.dll
2010-07-07 11:46 . 2009-02-09 15:52 604776 ----a-w- c:\windows.1\system32\NVUNINST.EXE
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows.1\system32\schannel.dll
2007-06-27 17:31 . 2010-02-01 16:45 118784 ----a-w- c:\program files\MSP_Uninstall.exe
2007-06-27 17:31 . 2010-02-01 16:45 90112 ----a-w- c:\program files\axesstel.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"Steam"="c:\program files\Steam\Steam.exe" [2009-09-14 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Gainward"="c:\windows.1\TBPanel.exe" [2008-01-29 2177576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-06 718704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows.1\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows.1\system32\NvMcTray.dll" [2010-07-09 110696]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2008-06-30 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.1\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Ladislava\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-6-25 624416]
c:\documents and settings\Jakub\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-6-25 624416]
c:\documents and settings\Jakub.933E2C9D93AC472\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
system32.lnk - c:\windows\winapp\ssh.exe [2010-9-12 28672]
c:\documents and settings\All Users.WINDOWS.1\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-6-22 966756]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 3\\firefox.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\sandra.mui"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2010\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2010\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows.1\system32\drivers\BtHidBus.sys [31.7.2008 21:45 20616]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows.1\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 appdrv01;Application Driver (01);c:\windows.1\system32\drivers\appdrv01.sys [11.9.2010 21:30 3333808]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [25.1.2008 19:47 149352]
R2 npf;NetGroup Packet Filter Driver;c:\windows.1\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25.9.2010 21:36 102448]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S0 uksrlg;uksrlg;c:\windows.1\system32\drivers\ojhqjrm.sys --> c:\windows.1\system32\drivers\ojhqjrm.sys [?]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows.1\System32\appdrvrem01.exe svc --> c:\windows.1\System32\appdrvrem01.exe svc [?]
S2 gupdate1ca49a39755751c;Služba Google Update (gupdate1ca49a39755751c);c:\program files\Google\Update\GoogleUpdate.exe [10.10.2009 14:17 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows.1\system32\drivers\axtmvflt.sys [1.2.2010 18:45 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows.1\system32\drivers\axtmvmdm.sys [1.2.2010 18:45 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows.1\system32\drivers\axtmvprt.sys [1.2.2010 18:45 38784]
S3 COH_Mon;COH_Mon;c:\windows.1\system32\drivers\COH_Mon.sys [12.1.2008 20:32 23888]
S3 cpuz130;cpuz130;\??\c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\GPU-Z.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows.1\system32\drivers\IvtBtBus.sys [2.7.2008 15:58 26248]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows.1\System32\svchost.exe -k nosGetPlusHelper [2.3.2006 14:00 14336]
S3 RTCore32;RTCore32;\??\c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\Rar$EX00.453\RTCore32.sys --> c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\Rar$EX00.453\RTCore32.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [17.7.2010 9:41 93336]
S4 sptd;sptd;c:\windows.1\system32\drivers\sptd.sys [9.2.2009 22:04 717296]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-09-22 c:\windows.1\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-09-26 c:\windows.1\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:16]
2010-09-25 c:\windows.1\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:16]
2010-09-13 c:\windows.1\Tasks\Norton Internet Security - Prověřit tento počítač - Jakub.job
- c:\program files\Norton Internet Security\Aplikace Norton AntiVirus\Navw32.exe [2008-02-07 06:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15003&l=dis
uInternet Connection Wizard,ShellNext = iexplore
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: {3B9227E7-579B-4608-AAD8-2525C9BF3B66} = 194.228.41.113 160.218.161.54
FF - ProfilePath - c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\Mozilla\Firefox\Profiles\927zy23c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... e=en_EU&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox 3 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox 3 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox 3 Beta 3\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox 3 Beta 3\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 10:23
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8A4A9B68]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> sfsync02.sys @ 0xf7717d60
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e710a
ParseProcedure -> TUKERNEL.EXE @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e710a
ParseProcedure -> TUKERNEL.EXE @ 0x80578f7a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-57989841-1767777339-725345543-1004\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Dokumenty\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Plocha\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006f
"UniqueID"="18-F0C5-2143"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
[HKEY_USERS\S-1-5-21-57989841-1767777339-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-57989841-1767777339-725345543-1004\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-57989841-1767777339-725345543-1004)
@Allowed: (Read) (S-1-5-21-57989841-1767777339-725345543-1004)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3a0c55e3-767e-419d-a131-5ae1b640a47a}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ba
"Therad"=dword:00000012
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):84,ba,7f,42,f3,8e,ff,d9,7c,1f,63,8d,a5,3b,a5,97,be,a4,54,dc,35,
6a,9c,c2,aa,46,1b,65,41,b2,19,9f,7e,16,ed,e8,97,47,5e,90,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.1\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.1\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3804)
c:\program files\MultiScreen\ServiceHook.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows.1\system32\webcheck.dll
c:\windows.1\system32\WPDShServiceObj.dll
c:\windows.1\system32\PortableDeviceTypes.dll
c:\windows.1\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows.1\system32\nvsvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows.1\system32\PnkBstrA.exe
c:\windows.1\system32\PnkBstrB.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows.1\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2010-09-26 10:36:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-26 08:35
ComboFix2.txt 2010-09-25 22:28
Před spuštěním: Volných bajtů: 18 201 272 320
Po spuštění: Volných bajtů: 18 202 185 728
- - End Of File - - 85FDD083F4AA399FF6FC626B50C87004
ComboFix 10-09-25.03 - Jakub 26.09.2010 10:05:54.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.3187 [GMT 2:00]
Spuštěný z: G:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FILE ::
"c:\program files\Ask.com\UpdateTask.exe"
"c:\windows.1\system32\d3d9caps.dat"
"c:\windows.1\system32\perfc005.dat"
"c:\windows.1\system32\perfh005.dat"
"c:\windows.1\system32\tmp1C3D.tmp"
"c:\windows.1\system32\tmp1C3E.tmp"
"c:\windows.1\Tasks\Scheduled Update for Ask Toolbar.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows.1\system32\d3d9caps.dat
c:\windows.1\system32\perfc005.dat
c:\windows.1\system32\perfh005.dat
c:\windows.1\system32\tmp1C3D.tmp
c:\windows.1\system32\tmp1C3E.tmp
c:\windows.1\Tasks\Scheduled Update for Ask Toolbar.job
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-26 do 2010-09-26 )))))))))))))))))))))))))))))))
.
2010-09-25 11:40 . 2010-09-25 11:41 -------- d-----w- c:\documents and settings\Jakub.933E2C9D93AC472\DoctorWeb
2010-09-25 11:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows.1\system32\drivers\mbamswissarmy.sys
2010-09-25 11:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows.1\system32\drivers\mbam.sys
2010-09-25 11:37 . 2010-09-25 11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 08:02 . 2010-09-23 08:03 -------- d-----w- c:\program files\CCleaner
2010-09-16 19:33 . 2010-09-16 19:33 -------- d-----w- C:\BraCa Soft
2010-09-12 08:45 . 2010-09-16 07:40 87752 ----a-w- c:\windows.1\system32\drivers\appdrv01.fs.{A7E56839-0B44-4261-8167-6DCA58E79946}.sys
2010-09-11 19:30 . 2010-09-11 19:30 3333808 ----a-w- c:\windows.1\system32\drivers\appdrv01.sys
2010-09-11 19:30 . 2010-09-11 19:30 316888 ----a-w- c:\windows.1\system32\appdrvrem01.exe
2010-09-11 11:45 . 2010-09-11 12:05 -------- d-----w- c:\program files\International Basketball Manager
2010-09-11 11:45 . 2010-09-11 11:45 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-09-10 09:43 . 2010-09-10 09:43 -------- d-----w- c:\program files\Activision Value
2010-09-09 21:36 . 2010-09-10 09:04 -------- d-----w- c:\program files\Ski Resort Extreme
2010-09-09 20:41 . 2010-09-09 20:41 -------- d-----w- c:\program files\Team17
2010-09-09 19:01 . 2010-09-09 19:01 -------- d-----w- c:\program files\Common Files\NacreWare
2010-09-09 19:01 . 2010-09-09 19:01 -------- d-----w- c:\program files\AMC2000
2010-09-09 17:00 . 2010-09-10 08:21 -------- d-----w- c:\program files\Microids
2010-09-05 09:37 . 2010-09-05 09:37 -------- d-----w- c:\program files\Activision
2010-08-31 18:12 . 2010-08-31 18:14 -------- d-----w- C:\pebuilder319
2010-08-31 18:12 . 2010-08-31 18:12 -------- d-----w- c:\program files\iWellSoft
2010-08-31 18:12 . 2008-08-07 13:31 1238456 ----a-w- c:\windows.1\system32\NMSDVDXU.dll
2010-08-31 18:12 . 2007-03-10 00:00 30208 ----a-w- c:\windows.1\system32\borlndmm.dll
2010-08-31 18:09 . 2010-08-31 18:09 -------- d-----w- c:\program files\PCWinISOBurn
2010-08-27 18:32 . 2010-09-26 08:23 -------- d-----w- c:\program files\Steam
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 07:53 . 2009-04-11 20:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-25 10:55 . 2007-06-08 15:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-25 10:42 . 2008-03-08 06:25 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 3
2010-09-24 09:12 . 2009-12-19 15:31 -------- d-----w- c:\program files\BRS
2010-09-24 09:12 . 2009-12-19 15:29 445016 ----a-w- c:\windows.1\system32\wrap_oal.dll
2010-09-24 09:12 . 2009-12-19 15:29 109144 ----a-w- c:\windows.1\system32\OpenAL32.dll
2010-09-24 08:55 . 2009-12-19 15:09 -------- d-----w- c:\program files\Codemasters
2010-09-12 16:56 . 2010-06-26 16:51 -------- d-----w- c:\program files\Electronic Arts
2010-09-11 16:48 . 2008-07-12 19:02 -------- d-----w- c:\program files\Cyanide
2010-09-11 11:49 . 2010-07-09 20:55 -------- d-----w- c:\program files\EA Sports
2010-09-10 08:12 . 2007-06-11 09:40 -------- d-----w- c:\program files\Futuremark
2010-09-10 05:49 . 2008-12-30 17:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 08:02 . 2007-11-02 21:25 -------- d-----w- c:\program files\SpeedFan
2010-08-28 21:10 . 2008-11-09 20:54 -------- d-----w- c:\program files\rajce
2010-08-27 18:35 . 2007-11-04 12:00 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-24 10:15 . 2007-12-21 16:05 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-08-24 06:56 . 2007-06-22 13:06 -------- d-----w- c:\program files\Common Files\Java
2010-08-24 06:55 . 2009-02-10 16:54 -------- d-----w- c:\program files\Java
2010-08-22 19:22 . 2007-06-22 13:02 -------- d-----w- c:\program files\Opera
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows.1\system32\spoolsv.exe
2010-08-13 19:43 . 2010-08-13 19:38 -------- d-----w- c:\program files\The KMPlayer
2010-08-08 09:17 . 2010-08-08 09:17 -------- d-----w- c:\program files\BlackBeanGames
2010-08-08 07:52 . 2010-02-17 20:51 -------- d-----w- c:\program files\Oberon Media
2010-08-08 07:50 . 2010-03-17 19:06 -------- d-----w- c:\program files\Airport Mania
2010-08-08 07:33 . 2010-08-08 07:33 -------- d-----w- c:\program files\Windows Media Components
2010-08-07 18:09 . 2010-08-07 18:09 -------- d-----w- c:\program files\PerformanceTest
2010-08-07 08:15 . 2010-08-07 08:15 -------- d-----w- c:\program files\AC3Filter
2010-08-07 06:54 . 2010-08-07 06:54 -------- d-----w- c:\program files\MultiScreen
2010-08-06 14:22 . 2007-11-06 14:44 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-06 14:22 . 2010-08-06 14:22 232968 ----a-w- c:\windows.1\system32\nvdrsdb0.bin
2010-08-06 14:22 . 2010-08-06 14:22 1 ----a-w- c:\windows.1\system32\nvdrssel.bin
2010-08-06 14:22 . 2010-08-06 14:22 232968 ----a-w- c:\windows.1\system32\nvdrsdb1.bin
2010-07-28 17:10 . 2009-12-19 15:31 1380352 ----a-w- c:\windows.1\system32\rapture3d_oal.dll
2010-07-24 10:58 . 2010-07-24 10:58 49 ----a-w- c:\program files\ScrRecX.log
2010-07-24 10:53 . 2010-07-24 10:53 12331904 ----a-w- c:\program files\aTube_Catcher.exe
2010-07-22 15:46 . 2006-03-02 12:00 590848 ----a-w- c:\windows.1\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows.1\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-05-03 15:10 423656 ----a-w- c:\windows.1\system32\deployJava1.dll
2010-07-16 07:46 . 2010-07-16 07:46 2288128 ----a-w- c:\windows.1\system32\TUKernel.exe
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows.1\system32\nvwddi.dll
2010-07-07 11:46 . 2009-02-09 15:52 604776 ----a-w- c:\windows.1\system32\NVUNINST.EXE
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows.1\system32\schannel.dll
2007-06-27 17:31 . 2010-02-01 16:45 118784 ----a-w- c:\program files\MSP_Uninstall.exe
2007-06-27 17:31 . 2010-02-01 16:45 90112 ----a-w- c:\program files\axesstel.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"Steam"="c:\program files\Steam\Steam.exe" [2009-09-14 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Gainward"="c:\windows.1\TBPanel.exe" [2008-01-29 2177576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-06 718704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows.1\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows.1\system32\NvMcTray.dll" [2010-07-09 110696]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2008-06-30 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.1\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Ladislava\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-6-25 624416]
c:\documents and settings\Jakub\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-6-25 624416]
c:\documents and settings\Jakub.933E2C9D93AC472\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
system32.lnk - c:\windows\winapp\ssh.exe [2010-9-12 28672]
c:\documents and settings\All Users.WINDOWS.1\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-6-22 966756]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 3\\firefox.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\sandra.mui"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\The Settlers 7 - Paths to a Kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2010\\PCM.exe"=
"c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2010\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows.1\system32\drivers\BtHidBus.sys [31.7.2008 21:45 20616]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows.1\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 appdrv01;Application Driver (01);c:\windows.1\system32\drivers\appdrv01.sys [11.9.2010 21:30 3333808]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [25.1.2008 19:47 149352]
R2 npf;NetGroup Packet Filter Driver;c:\windows.1\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25.9.2010 21:36 102448]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S0 uksrlg;uksrlg;c:\windows.1\system32\drivers\ojhqjrm.sys --> c:\windows.1\system32\drivers\ojhqjrm.sys [?]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows.1\System32\appdrvrem01.exe svc --> c:\windows.1\System32\appdrvrem01.exe svc [?]
S2 gupdate1ca49a39755751c;Služba Google Update (gupdate1ca49a39755751c);c:\program files\Google\Update\GoogleUpdate.exe [10.10.2009 14:17 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows.1\system32\drivers\axtmvflt.sys [1.2.2010 18:45 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows.1\system32\drivers\axtmvmdm.sys [1.2.2010 18:45 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows.1\system32\drivers\axtmvprt.sys [1.2.2010 18:45 38784]
S3 COH_Mon;COH_Mon;c:\windows.1\system32\drivers\COH_Mon.sys [12.1.2008 20:32 23888]
S3 cpuz130;cpuz130;\??\c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\GPU-Z.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows.1\system32\drivers\IvtBtBus.sys [2.7.2008 15:58 26248]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows.1\System32\svchost.exe -k nosGetPlusHelper [2.3.2006 14:00 14336]
S3 RTCore32;RTCore32;\??\c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\Rar$EX00.453\RTCore32.sys --> c:\docume~1\JAKUB~1.933\LOCALS~1\Temp\Rar$EX00.453\RTCore32.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [17.7.2010 9:41 93336]
S4 sptd;sptd;c:\windows.1\system32\drivers\sptd.sys [9.2.2009 22:04 717296]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-09-22 c:\windows.1\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-09-26 c:\windows.1\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:16]
2010-09-25 c:\windows.1\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:16]
2010-09-13 c:\windows.1\Tasks\Norton Internet Security - Prověřit tento počítač - Jakub.job
- c:\program files\Norton Internet Security\Aplikace Norton AntiVirus\Navw32.exe [2008-02-07 06:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15003&l=dis
uInternet Connection Wizard,ShellNext = iexplore
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: {3B9227E7-579B-4608-AAD8-2525C9BF3B66} = 194.228.41.113 160.218.161.54
FF - ProfilePath - c:\documents and settings\Jakub.933E2C9D93AC472\Data aplikací\Mozilla\Firefox\Profiles\927zy23c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... e=en_EU&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox 3 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox 3 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox 3 Beta 3\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox 3 Beta 3\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 10:23
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8A4A9B68]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> sfsync02.sys @ 0xf7717d60
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e710a
ParseProcedure -> TUKERNEL.EXE @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e710a
ParseProcedure -> TUKERNEL.EXE @ 0x80578f7a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-57989841-1767777339-725345543-1004\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Dokumenty\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Dokumenty\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Dokumenty\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Documents and Settings\\Jakub.933E2C9D93AC472\\Plocha\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006f
"UniqueID"="18-F0C5-2143"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
[HKEY_USERS\S-1-5-21-57989841-1767777339-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-57989841-1767777339-725345543-1004\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-57989841-1767777339-725345543-1004)
@Allowed: (Read) (S-1-5-21-57989841-1767777339-725345543-1004)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3a0c55e3-767e-419d-a131-5ae1b640a47a}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ba
"Therad"=dword:00000012
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):84,ba,7f,42,f3,8e,ff,d9,7c,1f,63,8d,a5,3b,a5,97,be,a4,54,dc,35,
6a,9c,c2,aa,46,1b,65,41,b2,19,9f,7e,16,ed,e8,97,47,5e,90,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.1\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.1\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3804)
c:\program files\MultiScreen\ServiceHook.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows.1\system32\webcheck.dll
c:\windows.1\system32\WPDShServiceObj.dll
c:\windows.1\system32\PortableDeviceTypes.dll
c:\windows.1\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows.1\system32\nvsvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows.1\system32\PnkBstrA.exe
c:\windows.1\system32\PnkBstrB.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows.1\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2010-09-26 10:36:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-26 08:35
ComboFix2.txt 2010-09-25 22:28
Před spuštěním: Volných bajtů: 18 201 272 320
Po spuštění: Volných bajtů: 18 202 185 728
- - End Of File - - 85FDD083F4AA399FF6FC626B50C87004
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan - Spy. Win32. years 2010 - wors +
Ten script je třeba zkopírovat myší celý ( je tam vpravo posuvník) !
Udělej to ještě znovu.
A Ty soubory na VirusTotal taky nevidím..
Udělej to ještě znovu.
A Ty soubory na VirusTotal taky nevidím..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti