Vir Win32/TrojanDropper.MultiDropper při instalaci

M4RTY · Příspěvekod **M4RTY** » 07 úno 2010 09:31

Zase ty hlášky vyskočily , promiň myslel jsem si, že to je jen jedna tak sem si to vyscreenoval dal do malovaní , vložil dal OK a vyskočila jiná viz. obrázek :wink:

ComboFix

ComboFix 10-02-06.01 - Martin 07.02.2010 9:14.16.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1641 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin.MARTIN-PC\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin.MARTIN-PC\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
* Rezidentní štít AV je zapnutý

FILE ::
"C:\bin0.bin"
"C:\subafsfile0.bin"
"c:\windows\sbacknt.bin"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bin0.bin
C:\subafsfile0.bin
c:\windows\1C4551A64743409391E41477CD655043.TMP
c:\windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll
c:\windows\sbacknt.bin

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-07 do 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-02-06 12:34 . 2010-02-06 12:34 -------- d-----w- c:\program files\TrendMicro
2010-02-05 21:29 . 2010-02-05 21:30 -------- d-s---w- c:\program files\HLSW
2010-02-05 19:14 . 2010-02-05 19:14 -------- d-----w- c:\program files\Zaparit
2010-02-02 18:39 . 2010-02-02 18:39 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-02 18:39 . 2010-02-02 18:39 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-01 16:56 . 2010-02-01 16:56 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-01 16:56 . 2010-02-01 16:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-01 16:56 . 2010-02-01 16:56 -------- d-----w- c:\program files\OpenAL
2010-02-01 15:08 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-02-01 15:08 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-02-01 14:55 . 2010-02-01 14:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-31 10:03 . 2010-02-01 19:31 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-30 20:24 . 2010-01-30 20:24 -------- d-----w- c:\program files\Moddingway
2010-01-28 13:22 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2010-01-28 13:22 . 2010-01-28 13:22 -------- d-----w- C:\Sierra
2010-01-25 17:44 . 2010-01-25 17:44 -------- d-----w- c:\program files\Lavalys
2010-01-24 16:22 . 2010-01-24 16:22 -------- d-----w- c:\program files\vSoft
2010-01-24 12:51 . 2010-01-24 12:51 -------- d-----w- c:\documents and settings\Martin.MARTIN-PC\Roaming
2010-01-24 12:51 . 2010-01-24 12:51 -------- d-----w- c:\documents and settings\Martin.MARTIN-PC\Local
2010-01-24 12:44 . 2010-01-24 12:44 -------- d-----w- c:\program files\Yahoo!
2010-01-24 09:48 . 2010-01-29 15:42 -------- d-----w- c:\program files\Google
2010-01-23 14:18 . 2010-01-24 08:44 -------- d-----w- c:\program files\TrueLaunchBar
2010-01-22 15:22 . 2010-01-22 15:22 -------- d-----w- c:\program files\FreeTime
2010-01-22 15:03 . 2010-01-22 15:03 -------- d-----w- c:\program files\StreamingStar
2010-01-21 19:11 . 2010-01-21 19:14 -------- d-----w- c:\program files\Recolored
2010-01-20 15:11 . 2010-01-20 15:11 -------- d-----w- c:\documents and settings\NeaPhetyx
2010-01-17 21:08 . 2010-01-17 21:10 -------- d-----w- c:\program files\ICQ7.0
2010-01-17 16:03 . 2010-01-17 16:03 -------- d-----w- C:\Freegames
2010-01-16 21:23 . 2010-01-16 21:24 -------- d-----w- c:\program files\IconUtils
2010-01-11 20:09 . 2010-01-11 20:09 -------- d-----w- c:\program files\MSBuild
2010-01-11 19:25 . 2010-02-06 19:59 -------- d-----w- C:\POC 2010
2010-01-09 19:23 . 2010-01-09 19:23 -------- d-----w- c:\program files\RAR Password Cracker
2010-01-09 17:18 . 2010-01-09 17:18 152904 ----a-w- c:\windows\system32\vghd.scr
2010-01-09 10:42 . 2010-01-09 10:42 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 08:17 . 2008-04-14 12:00 78746 ----a-w- c:\windows\system32\perfc005.dat
2010-02-07 08:17 . 2008-04-14 12:00 430694 ----a-w- c:\windows\system32\perfh005.dat
2010-02-02 18:39 . 2009-07-29 12:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-02 18:34 . 2009-07-28 14:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 18:50 . 2009-07-28 18:01 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-01 18:49 . 2009-07-28 18:00 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-01 14:55 . 2009-07-28 17:31 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-29 19:54 . 2009-12-25 22:10 -------- d-----w- c:\program files\Trillian
2010-01-29 19:42 . 2009-08-01 16:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-29 19:35 . 2009-12-24 17:16 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-01-29 09:34 . 2009-11-06 20:55 -------- d-----w- c:\program files\Miranda IM
2010-01-24 18:51 . 2009-08-23 15:43 -------- d-----r- c:\program files\Skype
2010-01-23 14:27 . 2009-07-30 18:11 -------- d-----w- c:\program files\Ashampoo
2010-01-20 13:00 . 2009-12-01 19:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 19:10 . 2009-08-05 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2009-08-05 21:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-08-05 21:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 17:06 . 2009-07-28 20:22 -------- d-----w- c:\program files\ICQ6.5
2010-01-02 16:16 . 2010-01-02 16:16 -------- d-----w- c:\program files\MOBILedit!
2010-01-01 12:21 . 2010-01-01 12:19 -------- d-----w- c:\program files\The KMPlayer
2010-01-01 09:01 . 2010-01-01 09:01 -------- d-----w- c:\program files\Pando Networks
2009-12-29 17:21 . 2009-12-29 17:21 -------- d-----w- c:\program files\r2 Studios
2009-12-29 16:25 . 2009-12-29 16:25 -------- d-----w- c:\program files\MKVTOAVI
2009-12-29 11:25 . 2009-08-09 14:07 -------- d-----w- c:\program files\DivX
2009-12-29 11:25 . 2009-08-09 14:07 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-28 14:18 . 2009-08-01 14:08 -------- d-----w- c:\program files\Fifa Master
2009-12-26 17:39 . 2009-12-26 17:39 -------- d-----w- c:\program files\ColorStudio 1 Trial
2009-12-26 17:29 . 2009-12-26 17:28 -------- d-----w- c:\program files\blackmagic
2009-12-24 17:20 . 2009-12-24 17:18 -------- d-----w- c:\program files\Epson Software
2009-12-24 17:19 . 2009-12-24 17:14 -------- d-----w- c:\program files\epson
2009-12-24 17:19 . 2009-07-28 14:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-23 20:48 . 2009-12-23 20:48 -------- d-----w- c:\program files\ScreenShots
2009-12-22 19:34 . 2009-12-22 19:34 -------- d-----w- c:\program files\TechSmith
2009-12-22 12:00 . 2009-12-22 12:00 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-12-22 11:59 . 2009-09-02 18:28 -------- d-----w- c:\program files\Hamachi
2009-12-21 19:08 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 18:25 . 2009-12-20 19:29 -------- d-----w- c:\program files\AIMP2
2009-12-16 16:37 . 2009-12-16 16:37 -------- d-----w- c:\program files\MirandaPack
2009-12-06 10:44 . 2009-12-06 10:44 274523 ----a-w- c:\windows\DJ Music Mixer Uninstaller.exe
2009-11-29 21:10 . 2009-11-29 21:10 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-11-21 16:03 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 19:32 . 2009-11-20 19:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-19 20:42 . 2009-07-28 16:08 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-18 13:29 . 2009-11-18 13:29 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2009-11-17 11:25 . 2009-10-29 10:09 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-17 11:25 . 2009-10-29 10:09 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-17 11:25 . 2009-10-29 10:09 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-17 11:25 . 2009-10-29 10:09 132808 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2010-01-29 15:44 . 2010-01-29 15:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-06_21.47.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-07 08:22 . 2010-02-07 08:22 16384 c:\windows\temp\Perflib_Perfdata_4fc.dat
+ 2008-04-14 12:00 . 2010-02-07 08:17 68122 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2010-02-06 06:58 68122 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-02-07 08:17 433166 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-02-06 06:58 433166 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-01 2935480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-17 1800464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhcpserv\SYSTEM]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhcpserv\SYSTEM\CurrentControlSet]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhcpserv\SYSTEM\CurrentControlSet\Control]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhcpserv\SYSTEM\CurrentControlSet\Control\SafeBoot]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhcpserv\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DnsServ\SYSTEM]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DnsServ\SYSTEM\CurrentControlSet]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DnsServ\SYSTEM\CurrentControlSet\Control]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DnsServ\SYSTEM\CurrentControlSet\Control\SafeBoot]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DnsServ\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Martin.MARTIN-PC^Nabídka Start^Programy^Po spuštění^Yahoo! Widgets.lnk]
path=c:\documents and settings\Martin.MARTIN-PC\Nabídka Start\Programy\Po spuštění\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-01-29 15:44 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Martin\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Martin\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Martin\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Martin\\EA Sports\\FIFA 08\\FIFA08.exe"=
"c:\\Program Files\\QIP Infium30\\infium.exe"=
"c:\\Martin\\Opera\\opera.exe"=
"c:\\Martin\\KONAMI\\Pro Evolution Soccer 10\\pes2010.exe.exe"=
"c:\\Python25\\pythonw.exe"=
"e:\\Program Files\\VirtualDJ\\virtualdj_trial.exe"=
"e:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"e:\\Program Files\\2K Sports\\NBA 2K10\\nba2k10.exe"=
"e:\\Counter-Strike Source\\hl2.exe"=
"e:\\Program Files\\EA Sports\\FIFA 10\\FIFA10.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\pes6.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6ONLINEvn\\CODE\\GoalServer6.exe"=
"e:\\Program Files\\EA Games\\MOHAA\\MOHAA.exe"=
"e:\\Program Files\\EA Games\\MOHAA\\moh_Breakthrough.exe"=
"e:\\Valve\\hl.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Martin\\KONAMI\\Pro Evolution Soccer 10\\GamingAccess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Valve\\hlds.exe"=
"e:\\Program Files\\SEGA\\Vancouver 2010\\Vancouver.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56118:TCP"= 56118:TCP:Pando Media Booster
"56118:UDP"= 56118:UDP:Pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.7.2009 18:31 691696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [29.10.2009 11:09 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [29.10.2009 11:09 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5.8.2009 15:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5.8.2009 15:06 74480]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [12.9.2004 8:45 8320]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [22.10.2009 19:35 27632]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.1.2010 10:48 135664]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [27.11.2009 16:54 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [27.11.2009 16:54 8456]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [29.1.2010 16:42 30192]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [22.10.2009 19:35 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [22.10.2009 19:35 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [22.10.2009 19:35 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [22.10.2009 19:35 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [22.10.2009 19:35 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [22.10.2009 19:35 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [22.10.2009 19:35 115752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5.8.2009 15:06 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-02-07 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]

2010-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 09:48]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 09:48]
.
.
------- Doplňkový sken -------
.
uStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
LSP: c:\windows\system32\imon.dll
TCP: {46F288FA-1A35-4FA6-AFC1-24F703C2B251} = 10.10.10.1
FF - ProfilePath - c:\documents and settings\Martin.MARTIN-PC\Data aplikací\Mozilla\Firefox\Profiles\bder680s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-Dhcpserv\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcpserv
SafeBoot-DnsServ\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsServ

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 09:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spcx.sys >>UNKNOWN [0x8B182938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e2fb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-448539723-926492609-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-448539723-926492609-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:1c,76,f9,df,b0,d3,03,00,c8,35,c3,07,32,2b,36,78,a2,03,8a,07,b0,
bf,66,cd,83,c2,6d,e4,34,1c,d2,e6,d0,03,27,7e,23,a7,07,21,de,3c,00,ff,b2,11,\
"rkeysecu"=hex:3b,71,a0,89,a0,5c,d1,64,06,7d,b4,29,af,de,be,ca
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1200)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1312)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(180)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\TUProgSt.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2010-02-07 09:28:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-07 08:28
ComboFix2.txt 2010-02-06 21:48

Před spuštěním: 7 955 030 016
Po spuštění: 7 901 184 000

- - End Of File - - CAF83BEA2F262E8C106126F984D9308B

HJT

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:30:44, on 7.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\explorer.exe
C:\Martin\Opera\opera.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\StreamingStar\HiDownload\hidownload.exe (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{46F288FA-1A35-4FA6-AFC1-24F703C2B251}: NameServer = 10.10.10.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 8009 bytes

Já mám sice COMODO Internet Security , už i Damned mi říkal , ať odisntaluju NOD32 , ale já mám zaplý jen firewall v tom COMODU

Reklama

Příspěvekod **jaro3** » 07 úno 2010 10:16

OK.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
C:\Windows\System32\dhcpserv.exe

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhcpserv\SYSTEM]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DnsServ\SYSTEM]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
C:\mbr.exe -f
a dej Ok.mezi mbr.exe a -f je mezera
- pokud by tě bezpečnostní software upozornil na přepsání MBR tak to povol
- počkej až program proběhne a pak restartuj Pc

Stáhni si MBR Rootkit Detector
- ulož si ho přímo na disk C a spusť ho
- za chvíli se ti vytvoří jeho log (mbr.log) vlož sem celý jeho obsah.

//////////////////////////////////////////////////////////////////////////////////////////////////
Otevři poznámkový blok (Start-spustit- napiš notepad a dej OK)
Vlož do něj následující text , zeleně zbarvený:

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

Klikni na Soubor a vyber: „uložit jako“ a vyber všechny soubory.
Název: Fix.reg a potom si ho ulož na plochu.
Poklepej na soubor na ploše a když se zeptá zda má přidat do registru , tak to potvrď.

M4RTY · Příspěvekod **M4RTY** » 07 úno 2010 10:27

Oukej , jdu na to. Mám jedno OT. Stáhl jsem si program /legální/ má 1,3 MB, nechal jsem ho otestovat na virustotalu a naslo to neco, ale nevím jesti tomu mám věřit , ptže to našli neznáme antiviráky a ty známé nenašly/i :oops:

nic

// http://www.virustotal.com/cs/analisis/f505c44925c660a76b6c31d753d482704f89f509a23c1d85fa0dfcb4829eca19-1265534571

Příspěvekod **jaro3** » 07 úno 2010 10:55

Těžko říct..podle , zda to stahuješ z Rapidshare Download , tam může být něco přidáno. Ty antiviry skutečně nejsou moc objektivní , nicméně nákaza se nedá vyloučit..

To je toto:
http://www.colorado.gov/cs/Satellite/OE ... 2927366289 ?

M4RTY · Příspěvekod **M4RTY** » 07 úno 2010 11:05

Není, to je program na editaci třeba obličejů atd. http://www.youtube.com/watch?v=dRVGN5loc4M Chtěl jsem to zkusit , ptže ten co mám tak tam ty obličeje mám "kostičkované" (ale asi to je grafikou->GeForce 9400GT)

. Na rapidshare to kontrolují ? Potom jsem si stáhl "facy" do her na megauploadu , ale mají 200MB tak to nejde zkontrolovat...je to bezpečné na megauploadu ?

Jo ten O-edit jsem stahoval zde http://www.4shared.com/file/161873334/c1466e70/O-edit.html

Příspěvekod **jaro3** » 07 úno 2010 12:49

Soubory na rapidu se nekontrolují , spíše je to na udání.(následný výmaz).

na megauploadu je to podobné.

Zde si můžeš v příslušné sekci požádat o program na úpravu obličejů na veřejných ( free) serverech.

M4RTY · Příspěvekod **M4RTY** » 07 úno 2010 15:45

DrWebCurelt nic nenašel

ZDE ComboFix

ComboFix 10-02-06.01 - Martin 07.02.2010 15:31:03.17.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1641 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin.MARTIN-PC\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin.MARTIN-PC\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
* Rezidentní štít AV je zapnutý

FILE ::
"c:\windows\System32\dhcpserv.exe"
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-07 do 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-02-06 12:34 . 2010-02-06 12:34 -------- d-----w- c:\program files\TrendMicro
2010-02-05 21:29 . 2010-02-05 21:30 -------- d-s---w- c:\program files\HLSW
2010-02-05 19:14 . 2010-02-05 19:14 -------- d-----w- c:\program files\Zaparit
2010-02-02 18:39 . 2010-02-02 18:39 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-02 18:39 . 2010-02-02 18:39 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-01 16:56 . 2010-02-01 16:56 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-01 16:56 . 2010-02-01 16:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-01 16:56 . 2010-02-01 16:56 -------- d-----w- c:\program files\OpenAL
2010-02-01 15:08 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-02-01 15:08 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-02-01 14:55 . 2010-02-01 14:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-31 10:03 . 2010-02-01 19:31 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-30 20:24 . 2010-01-30 20:24 -------- d-----w- c:\program files\Moddingway
2010-01-28 13:22 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2010-01-28 13:22 . 2010-01-28 13:22 -------- d-----w- C:\Sierra
2010-01-25 17:44 . 2010-01-25 17:44 -------- d-----w- c:\program files\Lavalys
2010-01-24 16:22 . 2010-01-24 16:22 -------- d-----w- c:\program files\vSoft
2010-01-24 12:51 . 2010-01-24 12:51 -------- d-----w- c:\documents and settings\Martin.MARTIN-PC\Roaming
2010-01-24 12:51 . 2010-01-24 12:51 -------- d-----w- c:\documents and settings\Martin.MARTIN-PC\Local
2010-01-24 12:44 . 2010-01-24 12:44 -------- d-----w- c:\program files\Yahoo!
2010-01-24 09:48 . 2010-01-29 15:42 -------- d-----w- c:\program files\Google
2010-01-23 14:18 . 2010-01-24 08:44 -------- d-----w- c:\program files\TrueLaunchBar
2010-01-22 15:22 . 2010-01-22 15:22 -------- d-----w- c:\program files\FreeTime
2010-01-22 15:03 . 2010-01-22 15:03 -------- d-----w- c:\program files\StreamingStar
2010-01-21 19:11 . 2010-01-21 19:14 -------- d-----w- c:\program files\Recolored
2010-01-20 15:11 . 2010-01-20 15:11 -------- d-----w- c:\documents and settings\NeaPhetyx
2010-01-17 21:08 . 2010-01-17 21:10 -------- d-----w- c:\program files\ICQ7.0
2010-01-17 16:03 . 2010-01-17 16:03 -------- d-----w- C:\Freegames
2010-01-16 21:23 . 2010-01-16 21:24 -------- d-----w- c:\program files\IconUtils
2010-01-11 20:09 . 2010-01-11 20:09 -------- d-----w- c:\program files\MSBuild
2010-01-11 19:25 . 2010-02-06 19:59 -------- d-----w- C:\POC 2010
2010-01-09 19:23 . 2010-01-09 19:23 -------- d-----w- c:\program files\RAR Password Cracker
2010-01-09 17:18 . 2010-01-09 17:18 152904 ----a-w- c:\windows\system32\vghd.scr
2010-01-09 10:42 . 2010-01-09 10:42 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 14:33 . 2008-04-14 12:00 78746 ----a-w- c:\windows\system32\perfc005.dat
2010-02-07 14:33 . 2008-04-14 12:00 430694 ----a-w- c:\windows\system32\perfh005.dat
2010-02-02 18:39 . 2009-07-29 12:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-02 18:34 . 2009-07-28 14:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 18:50 . 2009-07-28 18:01 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-01 18:49 . 2009-07-28 18:00 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-01 14:55 . 2009-07-28 17:31 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-29 19:54 . 2009-12-25 22:10 -------- d-----w- c:\program files\Trillian
2010-01-29 19:42 . 2009-08-01 16:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-29 19:35 . 2009-12-24 17:16 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-01-29 09:34 . 2009-11-06 20:55 -------- d-----w- c:\program files\Miranda IM
2010-01-24 18:51 . 2009-08-23 15:43 -------- d-----r- c:\program files\Skype
2010-01-23 14:27 . 2009-07-30 18:11 -------- d-----w- c:\program files\Ashampoo
2010-01-20 13:00 . 2009-12-01 19:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 19:10 . 2009-08-05 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2009-08-05 21:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-08-05 21:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 17:06 . 2009-07-28 20:22 -------- d-----w- c:\program files\ICQ6.5
2010-01-02 16:16 . 2010-01-02 16:16 -------- d-----w- c:\program files\MOBILedit!
2010-01-01 12:21 . 2010-01-01 12:19 -------- d-----w- c:\program files\The KMPlayer
2010-01-01 09:01 . 2010-01-01 09:01 -------- d-----w- c:\program files\Pando Networks
2009-12-29 17:21 . 2009-12-29 17:21 -------- d-----w- c:\program files\r2 Studios
2009-12-29 16:25 . 2009-12-29 16:25 -------- d-----w- c:\program files\MKVTOAVI
2009-12-29 11:25 . 2009-08-09 14:07 -------- d-----w- c:\program files\DivX
2009-12-29 11:25 . 2009-08-09 14:07 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-28 14:18 . 2009-08-01 14:08 -------- d-----w- c:\program files\Fifa Master
2009-12-26 17:39 . 2009-12-26 17:39 -------- d-----w- c:\program files\ColorStudio 1 Trial
2009-12-26 17:29 . 2009-12-26 17:28 -------- d-----w- c:\program files\blackmagic
2009-12-24 17:20 . 2009-12-24 17:18 -------- d-----w- c:\program files\Epson Software
2009-12-24 17:19 . 2009-12-24 17:14 -------- d-----w- c:\program files\epson
2009-12-24 17:19 . 2009-07-28 14:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-23 20:48 . 2009-12-23 20:48 -------- d-----w- c:\program files\ScreenShots
2009-12-22 19:34 . 2009-12-22 19:34 -------- d-----w- c:\program files\TechSmith
2009-12-22 12:00 . 2009-12-22 12:00 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-12-22 11:59 . 2009-09-02 18:28 -------- d-----w- c:\program files\Hamachi
2009-12-21 19:08 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 18:25 . 2009-12-20 19:29 -------- d-----w- c:\program files\AIMP2
2009-12-16 16:37 . 2009-12-16 16:37 -------- d-----w- c:\program files\MirandaPack
2009-12-06 10:44 . 2009-12-06 10:44 274523 ----a-w- c:\windows\DJ Music Mixer Uninstaller.exe
2009-11-29 21:10 . 2009-11-29 21:10 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-11-21 16:03 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 19:32 . 2009-11-20 19:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-19 20:42 . 2009-07-28 16:08 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-18 13:29 . 2009-11-18 13:29 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2009-11-17 11:25 . 2009-10-29 10:09 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-17 11:25 . 2009-10-29 10:09 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-17 11:25 . 2009-10-29 10:09 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-17 11:25 . 2009-10-29 10:09 132808 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2010-01-29 15:44 . 2010-01-29 15:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-06_21.47.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-07 14:39 . 2010-02-07 14:39 16384 c:\windows\temp\Perflib_Perfdata_18c.dat
+ 2008-04-14 12:00 . 2010-02-07 14:33 68122 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2010-02-06 06:58 68122 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-02-07 14:33 433166 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-02-06 06:58 433166 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-01 2935480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-17 1800464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Martin.MARTIN-PC^Nabídka Start^Programy^Po spuštění^Yahoo! Widgets.lnk]
path=c:\documents and settings\Martin.MARTIN-PC\Nabídka Start\Programy\Po spuštění\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-01-29 15:44 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Martin\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Martin\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Martin\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Martin\\EA Sports\\FIFA 08\\FIFA08.exe"=
"c:\\Program Files\\QIP Infium30\\infium.exe"=
"c:\\Martin\\Opera\\opera.exe"=
"c:\\Martin\\KONAMI\\Pro Evolution Soccer 10\\pes2010.exe.exe"=
"c:\\Python25\\pythonw.exe"=
"e:\\Program Files\\VirtualDJ\\virtualdj_trial.exe"=
"e:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"e:\\Program Files\\2K Sports\\NBA 2K10\\nba2k10.exe"=
"e:\\Counter-Strike Source\\hl2.exe"=
"e:\\Program Files\\EA Sports\\FIFA 10\\FIFA10.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\pes6.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6ONLINEvn\\CODE\\GoalServer6.exe"=
"e:\\Program Files\\EA Games\\MOHAA\\MOHAA.exe"=
"e:\\Program Files\\EA Games\\MOHAA\\moh_Breakthrough.exe"=
"e:\\Valve\\hl.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Martin\\KONAMI\\Pro Evolution Soccer 10\\GamingAccess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Valve\\hlds.exe"=
"e:\\Program Files\\SEGA\\Vancouver 2010\\Vancouver.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56118:TCP"= 56118:TCP:Pando Media Booster
"56118:UDP"= 56118:UDP:Pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.7.2009 18:31 691696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [29.10.2009 11:09 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [29.10.2009 11:09 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5.8.2009 15:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5.8.2009 15:06 74480]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [12.9.2004 8:45 8320]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [22.10.2009 19:35 27632]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.1.2010 10:48 135664]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [27.11.2009 16:54 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [27.11.2009 16:54 8456]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [29.1.2010 16:42 30192]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [22.10.2009 19:35 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [22.10.2009 19:35 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [22.10.2009 19:35 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [22.10.2009 19:35 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [22.10.2009 19:35 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [22.10.2009 19:35 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [22.10.2009 19:35 115752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5.8.2009 15:06 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-02-07 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]

2010-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 09:48]

2010-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 09:48]
.
.
------- Doplňkový sken -------
.
uStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
LSP: c:\windows\system32\imon.dll
TCP: {46F288FA-1A35-4FA6-AFC1-24F703C2B251} = 10.10.10.1
FF - ProfilePath - c:\documents and settings\Martin.MARTIN-PC\Data aplikací\Mozilla\Firefox\Profiles\bder680s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
FF - plugin: c:\martin\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\martin\Opera\program\plugins\NPOFFICE.DLL
FF - plugin: c:\martin\Opera\program\plugins\NPSWF32.dll
FF - plugin: c:\martin\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 15:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkk.sys >>UNKNOWN [0x8B182938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e2fb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-448539723-926492609-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-448539723-926492609-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:1c,76,f9,df,b0,d3,03,00,c8,35,c3,07,32,2b,36,78,a2,03,8a,07,b0,
bf,66,cd,83,c2,6d,e4,34,1c,d2,e6,d0,03,27,7e,23,a7,07,21,de,3c,00,ff,b2,11,\
"rkeysecu"=hex:3b,71,a0,89,a0,5c,d1,64,06,7d,b4,29,af,de,be,ca
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1204)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\ACTIVEDS.dll

- - - - - - - > 'lsass.exe'(1340)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3304)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\TUProgSt.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Eset\nod32kui.exe
c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
**************************************************************************
.
Celkový čas: 2010-02-07 15:44:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-07 14:44
ComboFix2.txt 2010-02-07 08:28
ComboFix3.txt 2010-02-06 21:48

Před spuštěním: 7 777 947 648
Po spuštění: 7 738 486 784

- - End Of File - - 4D555B0FA58CDD661A96710882F6AD36

mbr.exe => Systém windows nemůže najít a napíšeš mi prosím odkaz na MBR Rootkit Detector, díky :wink:

Příspěvekod **jaro3** » 07 úno 2010 15:51

Ty hlášky by se už vyskytovat neměly.

ComboFix se odinstaluje takto:

Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Vlož ještě nový log z HJT+info o chování PC.

M4RTY · Příspěvekod **M4RTY** » 07 úno 2010 15:58

A ty kroky s MBR Rootkit Detector a s tím registrem nemám teda dělat ?

Příspěvekod **jaro3** » 07 úno 2010 16:02

Jo , ty udělej taky.

M4RTY · Příspěvekod **M4RTY** » 07 úno 2010 16:09

Oka

Tady to je snad to je celé , nic víc jsem tam ale neměl

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Příspěvekod **jaro3** » 07 úno 2010 16:29

Tak je to OK.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

Vir Win32/TrojanDropper.MultiDropper při instalaci

Re: Vir Win32/TrojanDropper.MultiDropper při instalaci

Re: Vir Win32/TrojanDropper.MultiDropper při instalaci

Re: Vir Win32/TrojanDropper.MultiDropper při instalaci

Re: Vir Win32/TrojanDropper.MultiDropper při instalaci

Re: Vir Win32/TrojanDropper.MultiDropper při instalaci

Re: Vir Win32/TrojanDropper.MultiDropper při instalaci

Re: Vir Win32/TrojanDropper.MultiDropper při instalaci

Re: Vir Win32/TrojanDropper.MultiDropper při instalaci

Re: Vir Win32/TrojanDropper.MultiDropper při instalaci

Re: Vir Win32/TrojanDropper.MultiDropper při instalaci

Re: Vir Win32/TrojanDropper.MultiDropper při instalaci

Re: Vir Win32/TrojanDropper.MultiDropper při instalaci

Kdo je online