¨ComboFix 10-02-18.07 - Owner 19.02.2010 7:32.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1616 [GMT 1:00]
Spuštěný z: d:\documents and settings\Owner\Plocha\potvora.com.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\desktop.ini
d:\docume~1\Owner\LOCALS~1\Temp\txhypa.bak
d:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
d:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
d:\documents and settings\Mio_C720_EEUT_MapUpdate\autorun.inf
d:\documents and settings\Owner\Dokumenty\cc_20090821_070415.reg
d:\documents and settings\Owner\Local Settings\Temp\txhypa.bak
d:\downloads\PC_Dracula Origin-.direct.play.-ToeD\Dracula Origin\_Install.exe
D:\Thumbs.db
d:\windows\regedit.com
d:\windows\system32\drivers\npf.sys
d:\windows\system32\Packet.dll
d:\windows\system32\taskmgr.com
d:\windows\system32\wpcap.dll
----- BITS: Možné infikované stránky -----
hxxp://lh5.ggpht.com
hxxp://lh6.ggpht.com
hxxp://lh3.ggpht.com
hxxp://lh4.ggpht.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-19 do 2010-02-19 )))))))))))))))))))))))))))))))
.
2010-02-17 14:00 . 2010-02-17 14:00 5695941 ----a-w- d:\windows\REGBK03.ZIP
2010-02-17 13:54 . 2010-02-17 13:54 -------- d---a-w- d:\windows\rundll16.exe
2010-02-17 13:54 . 2010-02-17 13:54 -------- d---a-w- d:\windows\RUNDL132.EXE
2010-02-17 13:54 . 2010-02-17 13:54 -------- d---a-w- d:\windows\logo1_.exe
2010-02-15 08:30 . 2010-02-15 08:30 -------- d-----w- d:\program files\Drahokamový míč - Dávné legendy
2010-02-12 10:29 . 2010-02-12 11:03 -------- d-----w- d:\program files\Settlement. Colossus
2010-02-09 08:57 . 2010-02-09 08:57 -------- d-----w- d:\program files\RealArcade
2010-01-26 07:06 . 2010-01-26 07:06 -------- d-----w- d:\program files\GameHouse
2010-01-20 15:34 . 2010-01-21 06:20 -------- d-----w- d:\program files\Hry.cz
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 10:20 . 2009-03-31 15:34 -------- d-----w- d:\program files\rajce
2010-01-24 08:49 . 2008-12-27 18:01 -------- d-----w- d:\program files\Nobilis
2010-01-23 19:26 . 2008-10-18 16:37 -------- d-----w- d:\program files\Opera
2010-01-21 07:03 . 2009-06-15 06:25 -------- d-----w- d:\program files\Alawar
2010-01-21 06:29 . 2009-01-11 17:13 -------- d-----w- d:\program files\Google
2010-01-16 10:32 . 2010-01-16 10:32 -------- d-----w- d:\program files\ParallelGraphics
2010-01-16 10:32 . 2010-01-16 10:32 -------- d-----w- d:\program files\Common Files\ParallelGraphics
2010-01-16 10:32 . 2010-01-16 10:32 -------- d-----w- d:\program files\Room Arranger
2010-01-15 14:09 . 2008-10-31 12:26 -------- d-----w- d:\program files\Games
2010-01-14 08:13 . 2010-01-14 07:33 -------- d-----w- d:\program files\Zuma's Revenge!
2010-01-12 12:27 . 2008-11-06 07:24 -------- d-----w- d:\program files\LeeGTs Games
2010-01-12 12:07 . 2010-01-12 12:05 -------- d-----w- d:\program files\Mary Kay Andrews - The Fixer Upper
2010-01-03 07:13 . 2009-07-15 11:00 -------- d-----w- d:\program files\ICQ6.5
2010-01-01 15:10 . 2008-11-02 09:51 -------- d-----w- d:\program files\FreeGamePick.com
2009-12-22 06:32 . 2009-12-22 06:31 5551817 ----a-w- d:\windows\REGBK02.ZIP
2009-12-22 06:07 . 2009-12-22 06:07 -------- d-----w- d:\program files\Fighters
2009-10-22 11:47 . 2009-10-22 11:42 3162112 ----a-w- d:\program files\Lionell_Richie-Stuck_On_You.mp3
2009-02-15 17:00 . 2009-01-30 12:49 7680 --sha-w- d:\program files\Thumbs.db
2008-07-09 09:51 . 2008-07-09 09:49 55912 ----a-w- d:\program files\landa.mpg.sfk
2008-07-09 09:49 . 2008-07-09 09:48 26112 ----a-w- d:\program files\break_dance.wmv.sfk
2008-07-09 08:46 . 2008-07-09 08:45 87704 ----a-w- d:\program files\04. Snowy Wings.mp3.sfk
2008-07-09 08:43 . 2008-07-09 08:43 87808 ----a-w- d:\program files\Rhianna F. Jay-Z - Umbrella.mp3.sfk
2008-07-09 08:40 . 2008-07-09 08:40 97144 ----a-w- d:\program files\Peter Cmorik - Dážď.mp3.sfk
2007-06-01 15:31 . 2007-06-01 15:31 20093 -c--a-w- d:\program files\Rise.Against.Discography.(DEMONOID.COM).torrent
2007-06-01 15:27 . 2007-06-01 15:27 27931 -c--a-w- d:\program files\Rise+Against-Collection-6cd%27s-rl.torrent
2007-06-01 15:25 . 2007-06-01 15:25 40284 -c--a-w- d:\program files\-- Anti_Flag_Collection_11cd__s_rl.torrent
2007-06-01 15:24 . 2007-06-01 15:24 80489 -c--a-w- d:\program files\Anti Flag Discography [-www.meganova.org-].torrent
2007-06-01 10:54 . 2007-06-01 09:00 17867 ----a-w- d:\program files\Alig__In_Da_House__2_.3gp
2007-06-01 10:54 . 2007-06-01 08:52 17863 ----a-w- d:\program files\Garfield__cz_.3gp
2007-06-01 09:07 . 2007-06-01 09:07 271505 -c--a-w- d:\program files\James-1-[1][1].Bond.Casino.Royale_by_piratesxxl.wz.cz.jar
2007-06-01 09:05 . 2007-06-01 09:05 145956 -c--a-w- d:\program files\Deer Hunter 1[1].0.0.jar
2007-06-01 09:05 . 2007-06-01 09:05 196053 ----a-w- d:\program files\Pirates Of The Caribbean 2 Dead Mans Chest_6230i.jar
2007-06-01 09:01 . 2007-06-01 09:01 9 ----a-w- d:\program files\2586-Auta_2.htm
2007-06-01 08:58 . 2007-06-01 08:58 191347 -c--a-w- d:\program files\Prehistoric_Park.jar
2007-06-01 08:57 . 2007-06-01 08:57 89449 -c--a-w- d:\program files\3d_kamasutra_125.jar
2007-06-01 08:56 . 2007-06-01 08:56 319935 -c--a-w- d:\program files\LOST.jar
2007-06-01 08:56 . 2007-06-01 08:56 214090 -c--a-w- d:\program files\Mtv_jack_ass_game_by_BFLM.jar
2007-06-01 08:53 . 2007-06-01 08:53 249270 -c--a-w- d:\program files\Worms2007_240x320.jar
2007-06-01 08:53 . 2007-06-01 08:53 140387 -c--a-w- d:\program files\Bungee-Desperado-2---s60-java--176x208-.jar
2007-06-01 08:49 . 2007-06-01 08:49 101234 -c--a-w- d:\program files\opera.jar
2007-05-31 16:13 . 2007-05-31 16:13 210528 ----a-w- d:\program files\rcsetup101.exe
2007-05-29 11:13 . 2007-05-29 11:11 5814084 -c--a-w- d:\program files\harddisk.wmv
2007-05-29 10:57 . 2007-05-29 10:57 15689 -c--a-w- d:\program files\Linkin Park - Videos [DVDRip] 1.torrent.torrent
2007-05-29 10:26 . 2007-05-29 10:25 3999913 ----a-w- d:\program files\Captain Jack.mp3
2007-05-28 16:47 . 2007-05-28 16:47 766665 ----a-w- d:\program files\rise_wallpaper4.jpg
2007-05-28 16:46 . 2007-05-28 16:46 818228 ----a-w- d:\program files\rise_wallpaper6.jpg
2007-05-28 16:45 . 2007-05-28 16:45 887788 ----a-w- d:\program files\rise_wallpaper1.jpg
2007-05-28 14:37 . 2007-05-28 14:37 545371 ----a-w- d:\program files\operace.exe
2007-05-28 13:34 . 2007-05-19 11:16 6094046 ----a-w- d:\program files\Peter Cmorik - Dážď.mp3
2007-05-26 17:57 . 2007-05-26 17:56 3110814 -c--a-w- d:\program files\break_dance.wmv
2007-05-26 17:53 . 2007-05-26 17:51 5066634 -c--a-w- d:\program files\podivny_dum.wmv
2007-05-26 17:49 . 2007-05-26 17:47 4956032 -c--a-w- d:\program files\landa.mpg
2007-05-26 17:24 . 2007-05-26 17:24 29863 -c--a-w- d:\program files\Rise_Against-Siren_Song_Of_The_Counter_Culture-_Retail_-2004-KzT[www.btmon.com].torrent
2007-05-26 17:21 . 2007-05-26 17:21 34692 -c--a-w- d:\program files\Rise Against - 2004 - Siren Song Of The Counter Culture (320kbps) KindMetalRG ^mininova.org^.torrent
2007-05-26 17:09 . 2007-05-26 17:09 61792 ----a-w- d:\program files\6317999B.JPG
2007-05-26 17:05 . 2007-05-26 17:05 66827 ----a-w- d:\program files\Rise_Againist_152.jpg
2007-05-26 06:39 . 2007-05-26 06:38 3151397 ----a-w- d:\program files\Xavier_Baumaxa-Fenkam-romale_rap.mp3
2007-05-26 06:37 . 2007-05-26 06:37 7470 ----a-w- d:\program files\MANOWARNessunDorma.htm
2007-05-26 06:36 . 2007-05-26 06:36 1857664 ----a-w- d:\program files\13 - I Never Told You What I Do For A Living.mp3
2007-05-25 17:47 . 2007-05-25 17:47 5107712 ----a-w- d:\program files\Lady_Sovereign_-_Blah_Blah_Blah_(Cadence_Weapon_Remix).mp3
2007-05-20 05:46 . 2007-05-18 17:27 3301376 ----a-w- d:\program files\hymna.mp3
2007-05-20 05:46 . 2007-05-16 16:25 10177482 ----a-w- d:\program files\04. Snowy Wings.mp3
2007-05-20 05:44 . 2007-05-19 15:18 1409 -c--a-w- d:\program files\making_of_wid.avi
2007-05-19 15:41 . 2007-05-19 15:41 2414312 ----a-w- d:\program files\SoundflavorDJSetup.exe
2007-05-19 15:02 . 2009-10-22 11:42 1018246 ----a-w- d:\program files\JLo ft ll cool j - all i have.mp3
2007-05-19 10:08 . 2007-05-14 16:41 2994176 ----a-w- d:\program files\dazd.mp3
2007-05-19 10:03 . 2007-05-19 10:03 809216 ----a-w- d:\program files\11_ How To Touch A Girl.mp3
2007-05-18 17:28 . 2007-05-18 17:28 2765601 ----a-w- d:\program files\15 De%9Eo m%E1 love.mp3
2007-05-18 17:05 . 2007-05-18 17:03 24333669 ----a-w- d:\program files\L.A.G.SONG.zip
2007-05-16 16:41 . 2007-05-16 16:40 3651456 ----a-w- d:\program files\No Roads Left_MtM.mp3
2007-05-16 16:39 . 2007-05-16 16:38 7854108 ----a-w- d:\program files\house.mp3
2007-05-15 11:43 . 2007-05-15 11:42 3034845 ----a-w- d:\program files\Horkýže slíže - Silný refrén.mp3
2007-05-12 06:54 . 2007-05-12 06:54 7134921 ----a-w- d:\program files\Rhianna F. Jay-Z - Umbrella.mp3
2007-05-09 18:15 . 2007-05-09 18:15 3131060 ----a-w- d:\program files\UDG - Predmesti.mp3
2007-05-08 16:59 . 2007-05-08 16:59 15504 ----a-w- d:\program files\+-Demonoid.com-+_Enrique_Iglesias_3_Albums_1620360.7628 =mininova.org=.torrent
2007-05-07 18:11 . 2007-05-07 18:10 6753816 ----a-w- d:\program files\winamp534_full_emusic-7plus.exe
2007-05-07 18:02 . 2007-05-07 18:01 22538622 ----a-w- d:\program files\Avi2Dvd_Setup_043.exe
2007-05-07 18:00 . 2007-05-07 17:59 15824321 ----a-w- d:\program files\MediaCoder-0.6.0-pre9.exe
2007-05-07 14:05 . 2007-05-07 14:05 15451 ----a-w- d:\program files\U2 - U218 Singles [UK Bonus Tracks].torrent
2007-05-07 10:01 . 2007-05-07 10:00 17372875 ----a-w- d:\program files\stellarium-0.8.2.exe
2007-05-06 17:52 . 2007-05-06 17:52 12204 -c--a-w- d:\program files\Linkin+Park+-+Minutes+to+Midnight+%5BRock%5D%5B2007%5D%5Bwww+bitmp3+com%5D.torrent
2007-05-06 17:51 . 2007-05-06 17:51 12146 -c--a-w- d:\program files\mininova.org Linkin Park - Minutes to Midnight [Rock][2007][www bitmp3 com].torrent
2007-05-06 12:50 . 2007-05-06 12:50 2763802 ----a-w- d:\program files\nhl2006-nocd-1_0-ENG.zip
2007-05-05 16:07 . 2007-05-05 16:06 25787976 ----a-w- d:\program files\wmp11-windowsxp-x86-CS-CZ.exe
2007-05-05 12:08 . 2007-05-05 12:08 12419 ----a-w- d:\program files\Linkin.Park.-.Minutes.to.Midnight.torrent
2007-05-05 08:41 . 2007-05-05 08:41 190064 ----a-w- d:\program files\Morpheus.exe
2007-05-05 08:34 . 2007-05-05 08:34 374272 ----a-w- d:\program files\P2PTurbo.exe
2007-03-04 08:38 . 2007-03-04 08:38 9554 ----a-w- d:\program files\love_hina-02_[totan].zip
2007-03-02 10:20 . 2007-03-02 10:20 31813 ----a-w- d:\program files\a4e.Love.Hina.01.ass
2007-02-02 21:43 . 2007-07-03 08:12 763751909 ----a-w- d:\program files\9DSetup_USA_OB_v3.exe
2006-12-29 11:19 . 2007-02-25 11:20 19570 ----a-w- d:\program files\AnyDVD v6.1.0.0 Crack by MaBi.zip
2006-12-28 13:13 . 2007-02-25 11:20 1259008 ----a-w- d:\program files\AnyDVD v6.1.0.0 Setup.exe
2006-12-23 23:00 . 2007-01-27 08:28 9673273 ----a-w- d:\program files\game.dll
2006-12-23 23:00 . 2007-01-27 08:28 13342265 ----a-w- d:\program files\engine.dll
2006-11-23 00:21 . 2006-11-23 00:21 2038963 ----a-w- d:\program files\CRACK.zip
2006-11-18 13:57 . 2006-11-18 13:57 14336 ----a-w- d:\program files\ipodpatcher.exe
2006-08-28 23:29 . 2006-08-28 23:29 339811956 -c--a-w- d:\program files\a4e.Love.Hina.01.mkv
2005-09-10 09:55 . 2005-09-10 09:55 6070272 ----a-w- d:\program files\nhl06.exe
2004-12-07 08:11 . 2007-07-03 08:12 258352 ----a-w- d:\program files\unicows.dll
2004-10-20 09:35 . 2004-10-20 09:35 62 -c--a-w- d:\program files\common_filelist.txt
2010-01-21 06:30 . 2010-01-21 06:29 119808 ----a-w- d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-03-12 09:10 . 2007-04-21 15:12 54376 -c--a-w- d:\program files\mozilla firefox\components\js3250.dll
.
Kód: Vybrat vše
<pre>
d:\program files\Restorator 2.51 cz\RESTORATOR .EXE
</pre>(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BitComet"="d:\program files\BitComet\BitComet.exe" [2008-02-01 2194744]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ICQ"="d:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="d:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"RemoteControl"="d:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-11-22 136600]
"PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"ISUSPM"="d:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2008-12-09 4289280]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2008-12-09 58112]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Google Desktop Search"="d:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-21 30192]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
WinZip Quick Pick.lnk - d:\program files\WinZip\WZQKPICK.EXE [2007-2-28 389120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=d:\docume~1\Owner\LOCALS~1\Temp\txhypa.bak 2nHAPKGEHD
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\THQ\\Juiced2_HIN\\Juiced2_HIN.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"d:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15941:TCP"= 15941:TCP:BitComet 15941 TCP
"15941:UDP"= 15941:UDP:BitComet 15941 UDP
"10626:TCP"= 10626:TCP:BitComet 10626 TCP
"10626:UDP"= 10626:UDP:BitComet 10626 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);d:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [29.12.2008 15:13 717296]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;d:\windows\system32\drivers\cmdguard.sys [19.10.2008 6:04 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;d:\windows\system32\drivers\cmdhlp.sys [19.10.2008 6:04 24208]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 9:16 472280]
R2 ICQ Service;ICQ Service;d:\program files\ICQ6Toolbar\ICQ Service.exe [13.3.2009 19:35 222456]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;d:\windows\system32\drivers\atl01_xp.sys [18.10.2008 18:08 38656]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;d:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21.1.2010 7:29 30192]
S3 NPF;Netgroup Packet Filter;d:\windows\system32\drivers\npf.sys --> d:\windows\system32\drivers\npf.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-12 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
uSearchAssistant = hxxp://www.google.com/ie
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Google Search - d:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - d:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - d:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Si&milar Pages - d:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Stáhnout odkaz s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Translate into English - d:\program files\Google\googletoolbar.dll/cmtrans.html
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - d:\program files\Stylish Profile\ct.htm
FF - ProfilePath - d:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\t5rc6vpj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: d:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: d:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-Book of Legends1.0.0.8 - d:\windows\Book of Legends\uninstall.exe
AddRemove-Mayan Maze ScreenSaver - d:\program files\MayanMaze Screen Saver\uninst.exe
AddRemove-Mystery Stories - Berlin Nights FINAL 1.00 - d:\program files\Games\Mystery Stories - Berlin Nights FINAL\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 07:48
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys JGOGO.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8A6BD4B8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28
\Driver\ACPI -> ACPI.sys @ 0xf7246cb8
\Driver\atapi -> 0x8a3af1e0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1168)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4056)
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\drivers\KodakCCS.exe
d:\program files\Common Files\Motive\McciCMService.exe
d:\windows\RTHDCPL.EXE
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\windows\system32\ScsiAccess.EXE
d:\program files\Microsoft ActiveSync\Wcescomm.exe
d:\progra~1\MI3AA1~1\rapimgr.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\program files\iPod\bin\iPodService.exe
d:\windows\system32\wscntfy.exe
d:\windows\system32\wbem\wmiapsrv.exe
c:\program files\BOINC\boinc.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\boinc.freehal.org_projects_freehal_at_home\freehalboinc_1.28_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\boinc.freehal.org_projects_freehal_at_home\freehalboinc_1.28_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\boinc.freehal.org_projects_freehal_at_home\freehalboinc_1.28_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\boinc.freehal.org_projects_freehal_at_home\freehalboinc_1.28_windows_intelx86.exe
c:\documents and settings\All Users\Data aplikací\BOINC\projects\www.worldcommunitygrid.org\wcg_rice_6.17_windows_intelx86
c:\documents and settings\All Users\Data aplikací\BOINC\projects\www.worldcommunitygrid.org\wcg_rice_6.17_windows_intelx86
.
**************************************************************************
.
Celkový čas: 2010-02-19 07:57:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-19 06:57
Před spuštěním: Volných bajtů: 57 309 245 440
Po spuštění: Volných bajtů: 57 363 595 264
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
- - End Of File - - 7635746B296C7F4D7334E74EE596EAEC
