Nejde Tisk

[Myros]

http://www.virustotal.com/cs/analisis/a ... 1248307444

[Reklama]

[Myros]

http://www.virustotal.com/cs/analisis/7 ... 1248307662

[Damned]

Byla tam chybička ve scriptu. Chyběla závorka. Zkopíruj a zkus znova. Je to jen mazání těch odkazů na viry.

[Myros]

http://www.virustotal.com/cs/analisis/9 ... 1248307842

[Myros]

http://www.virustotal.com/cs/analisis/e ... 1248308059

[Myros]

Zkusil jsem to znovu přidat do registru, ale byla tam ta samá hláška.

[Damned]

Jasně, ta nejdelší hodnota musí být v jednom řádku (teď je podtržená), bez podtržení.

Doplnil jsem i ten CFSript.

[Myros]

Nemůžu to tam dostat.V poznamkovym bloku to mám v jedný řádce bez potržení a stejně to hlásí to samé.

[Damned]

Zkusíme to tedy po třídách.
*****************************************************************************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Drivers]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]

[-HKEY_CURRENT_USER\Software\Microsoft\OLE]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Drivers]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{062FDBDC-E861-4448-BBE6-B6E0D48994F1}]
*****************************************************************************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,6c,00,6c,00,00,\
00

[-HKEY_LOCAL_MACHINE\SOFTWARE\MimarSinan]

[-HKEY_LOCAL_MACHINE\Software\Magnet]

[-HKEY_LOCAL_MACHINE\Software\PTECH]
*****************************************************************************************************************************************
Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\magnet]

[-HKEY_CLASSES_ROOT\clsid\{3C78B8E2-6C4D-11D1-ADE2-0000F8754B99}]

[-HKEY_CLASSES_ROOT\clsid\{5E2121EE-0300-11D4-8D3B-444553540000}]

[-HKEY_CLASSES_ROOT\interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97}]

[-HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1]
****************************************************************************************************************************************
Ulož si je na Plochu jako fix.reg a jako typ všechny soubory ,
najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání
hodnoty do registru. Schval. Podtržený v jednom řádku bez podtržení, bez hvězdiček

[Myros]

jo díky po třídách to šlo, ale teď už musím do peří jinak ráno nevstanu, tak zatim dík večer to dokončim.

[Damned]

Jasně, já si pak topic najdu.

[Myros]

ComboFix 09-07-23.01 - Mirek 23.07.2009 22:30.5.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1488 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mirek\Plocha\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

FILE ::
"c:\windows\000001_.tmp"
"c:\windows\002576_.tmp"
"c:\windows\005121_.tmp"
"c:\windows\iun6002.exe"
"c:\windows\meta4.exe"
"c:\windows\MOTA113.exe"
"c:\windows\SET21.tmp"
"c:\windows\SET3.tmp"
"c:\windows\SET4.tmp"
"c:\windows\SET8.tmp"
"d:\documents and settings\Mirek\My Downloads\toolbar.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Winamp Toolbar
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\mediamonitor.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\rss\menu.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\rss\rss.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\rss\staf.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\about.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\addcustombutton.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\addcustombutton_confirm.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\buttons_frame.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\clearprints_confirm.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\defaultsearch.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\dropcustombutton.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\firsttimepage.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\footprints_frame.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\latest.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\olderversion.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\options_frame.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\popups_frame.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\preferences.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\renamecustombutton.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\resettoolbar.htm
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\ui\search_frame.htm
c:\windows\000001_.tmp
c:\windows\002576_.tmp
c:\windows\005121_.tmp
c:\windows\iun6002.exe
c:\windows\meta4.exe
c:\windows\MOTA113.exe
c:\windows\regedit.com
c:\windows\SET21.tmp
c:\windows\SET3.tmp
c:\windows\SET4.tmp
c:\windows\SET8.tmp
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-23 do 2009-07-23 )))))))))))))))))))))))))))))))
.

2009-07-22 23:15 . 2009-07-23 16:47 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-07-22 18:40 . 2009-07-22 18:40 -------- d---a-w- c:\windows\system32\runouce.exe
2009-07-22 18:38 . 2009-07-22 18:38 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-07-22 18:38 . 2009-07-22 18:38 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-07-22 18:38 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2009-07-22 18:38 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2009-07-22 18:38 . 2009-07-22 18:38 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-07-21 16:21 . 2009-07-22 06:17 -------- d-----w- c:\program files\HP
2009-07-20 21:47 . 2009-07-20 21:51 20458 ----a-w- c:\windows\hpoins01.dat
2009-07-20 21:47 . 2003-04-07 19:40 16622 ------w- c:\windows\hpomdl01.dat
2009-07-18 14:52 . 2009-07-18 14:52 -------- d-----w- c:\program files\Nero
2009-07-17 21:41 . 2009-07-17 21:42 7926318 ----a-w- c:\windows\REGBK00.ZIP
2009-07-17 21:28 . 2009-07-17 21:28 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-07-16 20:23 . 2009-07-16 20:23 -------- d-----w- c:\program files\Trend Micro
2009-07-15 22:35 . 2009-07-15 22:35 -------- d-----w- c:\program files\XP Codec Pack
2009-07-13 20:38 . 2009-07-13 20:38 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-07-13 16:09 . 2003-04-07 19:32 94208 ----a-r- c:\windows\system32\HPZipt12.dll
2009-07-13 16:09 . 2005-10-21 17:58 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2009-07-13 16:09 . 2003-04-07 19:32 57344 ----a-r- c:\windows\system32\HPZisn12.dll
2009-07-13 16:09 . 2003-04-07 19:32 65795 ----a-r- c:\windows\system32\HPZipm12.exe
2009-07-13 16:09 . 2003-04-07 19:32 61699 ----a-r- c:\windows\system32\HPZinw12.exe
2009-07-13 16:09 . 2003-04-07 19:32 233528 ----a-r- c:\windows\system32\HPZidr12.dll
2009-07-13 16:09 . 2003-04-07 19:32 167936 ----a-r- c:\windows\system32\HPZipr12.dll
2009-07-13 16:09 . 2005-10-21 17:58 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2009-07-13 16:08 . 2005-10-22 05:22 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2009-07-13 14:51 . 2009-07-13 16:30 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-07-13 14:48 . 2009-07-13 17:41 -------- d-----w- c:\program files\Gigabyte
2009-07-13 14:46 . 2009-07-13 14:46 -------- d-----w- c:\windows\Cache
2009-07-12 22:14 . 2009-07-20 21:37 -------- d-----w- c:\temp\HP All-in-One Series Web Release
2009-07-12 22:14 . 2009-07-17 16:16 -------- d-----w- C:\temp
2009-07-12 21:24 . 2009-07-12 21:24 -------- d-----w- c:\program files\CyberLink
2009-07-12 21:13 . 2005-11-14 03:49 57344 ------w- c:\windows\system32\CardID.dll
2009-07-12 12:37 . 2009-07-20 21:51 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2009-07-11 13:25 . 2009-07-15 12:39 -------- d-----w- c:\program files\ICQ6.5
2009-07-11 12:24 . 2009-07-11 12:26 -------- d-----w- c:\program files\DVD Shrink
2009-07-11 12:10 . 2009-07-11 12:10 -------- d-----w- c:\program files\DVD Decrypter
2009-07-10 11:47 . 2009-07-10 11:49 -------- dc-h--w- c:\windows\ie8
2009-07-10 00:04 . 2006-03-02 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-07-09 13:49 . 2009-07-09 13:49 -------- d-----w- c:\program files\GamePark
2009-06-25 21:17 . 2009-06-25 21:17 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 20:29 . 2008-11-20 06:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-18 14:53 . 2008-09-19 05:26 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-16 14:53 . 2008-09-26 21:17 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-07-13 17:41 . 2008-09-17 12:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 15:00 . 2008-09-17 12:06 16608 ----a-w- c:\windows\gdrv.sys
2009-07-13 14:54 . 2008-09-17 12:08 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-12 21:35 . 2006-03-02 12:00 85756 ----a-w- c:\windows\system32\perfc005.dat
2009-07-12 21:35 . 2006-03-02 12:00 445226 ----a-w- c:\windows\system32\perfh005.dat
2009-07-12 21:15 . 2008-09-20 10:38 -------- d-----w- c:\program files\AVerTV 6.0
2009-07-12 16:50 . 2008-09-20 10:50 -------- d-----w- c:\program files\Creative
2009-07-12 12:37 . 2008-09-20 10:31 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-12 09:10 . 2009-06-02 18:37 -------- d-----w- c:\program files\Google
2009-07-11 12:36 . 2008-09-20 13:27 -------- d-----w- c:\program files\Windows Doctor
2009-07-10 05:44 . 2009-06-28 10:25 -------- d-----w- c:\program files\Winamp
2009-07-10 05:23 . 2008-09-20 13:34 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2009-07-10 00:51 . 2008-09-24 16:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-10 00:42 . 2008-09-20 13:07 -------- d-----w- c:\program files\uTorrent
2009-07-08 18:53 . 2009-03-15 14:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-01 16:54 . 2008-09-19 05:57 138016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-01 16:54 . 2008-09-19 05:57 189448 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-28 20:09 . 2008-09-19 05:28 -------- d-----w- c:\program files\IrfanView
2009-06-22 10:06 . 2009-06-22 10:06 -------- d-----w- c:\program files\BlackBeanGames
2009-06-21 00:18 . 2009-06-21 00:18 -------- d-----w- c:\program files\Codemasters
2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-10 19:24 . 2008-10-23 20:46 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-10 11:53 . 2008-09-27 08:44 -------- d-----w- c:\program files\Nokia
2009-06-10 11:52 . 2009-06-10 11:51 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-06-10 11:50 . 2008-09-27 08:45 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-07 09:42 . 2009-06-07 09:42 -------- d-----w- c:\program files\FormatFactory
2009-06-03 19:11 . 2006-03-02 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 09:36 . 2009-05-25 09:34 -------- d-----w- c:\program files\TmNationsForever
2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-24 21:31 . 2009-05-24 21:31 -------- d-----w- c:\program files\Activision Value
2009-05-21 22:49 . 2009-05-21 22:49 3950 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-05-17 23:47 . 2009-05-17 23:47 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 05:05 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2006-03-02 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
2009-07-17 23:58 . 2008-12-26 14:36 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-31 20:47 . 2008-12-26 14:36 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-06-12 20002856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"PD0620 STISvc"="P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-20 16860672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Mirek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 428544]

c:\documents and settings\Mˇra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 148992]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 428544]

c:\documents and settings\Mirek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 428544]

c:\documents and settings\Mirek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 428544]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

c:\documents and settings\Mirek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 428544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\half-life 2\\Half-life 2\\hl2.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13028:TCP"= 13028:TCP:BitComet 13028 TCP
"13028:UDP"= 13028:UDP:BitComet 13028 UDP
"21607:TCP"= 21607:TCP:72.20.34.145
"25811:TCP"= 25811:TCP:BitComet 25811 TCP
"25811:UDP"= 25811:UDP:BitComet 25811 UDP

R2 FAH-01;Folding Service #01;c:\program files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [30.6.2008 21:38 253952]
R2 FAH-02;Folding Service #02;c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [30.6.2008 21:38 253952]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18.2.2008 13:37 149352]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [18.9.2008 16:46 93696]
R3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [20.9.2008 12:39 519680]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12.3.2009 8:26 101936]
S2 gupdate1ca0229542b02a0;Služba Google Update (gupdate1ca0229542b02a0);c:\program files\Google\Update\GoogleUpdate.exe [11.7.2009 15:13 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12.1.2008 20:32 23888]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25.9.2007 16:59 15152]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-20 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8248126707.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

2009-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 13:12]

2009-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 13:12]
.
.
------- Doplňkový sken -------
.
IE: &Download All by FlashGet
IE: &Download by FlashGet
FF - ProfilePath - c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\hbhcdojv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 22:33
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1220945662-839522115-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1220945662-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0104B0DA-339C-3BB5-1A6A-B4A6B98A3E7C}*]
"bbneikndhbagoemlpacbkmccpbkgeejgegkp"=hex:61,61,00,00
"abneikndhbagoemlpabbpeodnaopobeapp"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-1409082233-1220945662-839522115-1005\Software\SecuROM\License information*]
"datasecu"=hex:95,34,79,ad,d6,05,54,14,88,ee,4a,b8,d9,d3,f4,21,30,cb,89,86,4a,
f0,d3,b8,46,ad,6e,e0,32,4d,8b,91,f8,f7,94,45,c7,ad,31,37,0a,8e,dd,81,b4,f1,\
"rkeysecu"=hex:b3,d0,1e,75,1a,e0,5e,a2,08,ee,e5,39,05,f8,0c,3c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-07-23 22:34
ComboFix-quarantined-files.txt 2009-07-23 20:34

Před spuštěním: Volných bajtů: 41 955 553 280
Po spuštění: Volných bajtů: 42 538 430 464

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
324 --- E O F --- 2009-07-15 11:10