Dobry den,
mam problem s Win32/Rustock trojský kůň, ktery mi detekval Nod32. Zkousel jsem jiz prepsat registry, ale pri normalnim spusteni PC mi nejde nic prepsat. Prepisu to jen v nouzovem rezimu, ale po restartu to tam je opet s "fystem".
Tady je log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Matura Miroslav at 2010-04-06 21:49:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (17%) free of 30 GB
Total RAM: 1023 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:56, on 6.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\ADS.Services.Main.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Sony Ericsson\Application Launcher\Application Launcher.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
D:\AAA.Matura\hunter trojan\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Matura Miroslav\Plocha\RSIT.exe
C:\Program Files\trend micro\Matura Miroslav.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Windows Internet Explorer: Aktuálně.cz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" -nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [THGuard] "D:\AAA.Matura\hunter trojan\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.9.0.18) Gecko/2010020220 Firefox/3.0.18 (.NET CLR 3.5.30729)" -"http://diverzanti.webdevelopers.cz/docu ... osphor.htm"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - ?p=ZC
O8 - Extra context menu item: wikikomentáře google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\icq 6\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\icq 6\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Bleskově - {0A636B0A-A00D-4B8E-A72C-2057C3551A7C} - http://www.bleskove.cz (file missing) (HKCU)
O9 - Extra button: Počasí - {0A9BCE0B-5D04-4AF1-B01F-C9829C729198} - http://pocasi.centrum.cz (file missing) (HKCU)
O9 - Extra button: Fotoalba - {31951240-909B-47A1-A9FD-F472F470CC17} - http://www.fotoalba.cz (file missing) (HKCU)
O9 - Extra button: Xchat.cz - {34F943FC-3EA9-4A98-B827-A247CE4FD5D5} - http://www.xchat.cz (file missing) (HKCU)
O9 - Extra button: Stahuj.cz - {45AE9397-FB9E-4BBB-91D6-F772743CCF7B} - http://www.stahuj.cz (file missing) (HKCU)
O9 - Extra button: Slovníky - {54FA0101-ECA3-458C-A29B-5447D346C9E5} - http://slovniky.centrum.cz (file missing) (HKCU)
O9 - Extra button: Supermapy - {6ECB93F0-ADE2-45E0-B1C4-757D39614123} - http://www.supermapy.cz (file missing) (HKCU)
O9 - Extra button: Aktuálně - {A33ADBB9-1BFC-4B11-AFBB-36553A2D15C6} - http://aktualne.centrum.cz (file missing) (HKCU)
O9 - Extra button: Centrum.cz - {C9E81618-51CE-4A79-B914-2D93212F0237} - http://www.centrum.cz (file missing) (HKCU)
O9 - Extra button: Žena.cz - {D8BD4726-3088-49D0-B7E6-18854579084D} - http://www.zena.cz (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 9284011125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9283996484
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: TP-LINK Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ADS Main Service (ADSMainSvc) - Unknown owner - C:\WINDOWS\system32\ADS.Services.Main.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - FirebirdSQL Project - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: Firebird Server (InterBaseServer) - FirebirdSQL Project - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (omsi download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: CD Guard Drivers Auto Removal (v2) (psrem02) - Protection Technology - C:\WINDOWS\system32\psrem02.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MATURA~1/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
--
End of file - 15550 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Matura Miroslav.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18df081c-e8ad-4283-a596-fa578c2ebdc3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-14 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa58ed58-01dd-4d91-8333-cf10577473f7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-02 279664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af69de43-7d58-4638-b6fa-ce66b5ad205d}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-02 812528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-14 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-14 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eee6c35c-6118-11dc-9c72-001320c79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - C:\Program Files\Seznam\Postak\SRank.dll [2005-05-17 266240]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-02 279664]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-05-24 344064]
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2005-05-04 282624]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"SMail"=C:\Program Files\Seznam\Postak\Postak.exe [2005-11-30 450560]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe [2004-03-11 406016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-14 136600]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"snp2std"=C:\WINDOWS\vsnp2std.exe [2005-11-16 344064]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Application Launcher\Application Launcher.exe [2007-03-28 593920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-08-26 111928]
"TWCU"=C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe [2009-08-14 569427]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"THGuard"=D:\AAA.Matura\hunter trojan\TrojanHunter 4.2\THGuard.exe [2005-02-19 1089024]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Spamihilator"=C:\Program Files\Spamihilator\spamihilator.exe [2007-01-24 619008]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2006-11-24 20058152]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-28 68856]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1204224]
"Magentic"=C:\PROGRA~1\Magentic\bin\Magentic.exe [2008-08-04 488808]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2009-01-16 460216]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
C:\Documents and Settings\Matura Miroslav\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-10-29 47616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=FF000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Hry\Aphex.exe"="D:\Hry\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"
"D:\Hry\Call of Duty\CoDUOMP.exe"="D:\Hry\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Hry\Call of Duty\CoDMP.exe"="D:\Hry\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"D:\skype\Phone\Skype.exe"="D:\skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Matura Miroslav\Local Settings\Temporary Internet Files\Content.IE5\MD5MF21C\incredimail_install[1].exe"="C:\Documents and Settings\Matura Miroslav\Local Settings\Temporary Internet Files\Content.IE5\MD5MF21C\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"D:\stahuj\StrongDC.exe"="D:\stahuj\StrongDC.exe:*:Enabled:StrongDC++"
"D:\Hry\Half life 2\Half-Life 2\hl2.exe"="D:\Hry\Half life 2\Half-Life 2\hl2.exe:*:Enabled:hl2"
"D:\Hry\need for speed\nfs3.exe"="D:\Hry\need for speed\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\halo complet\halo.exe"="D:\Hry\halo complet\halo.exe:*:Enabled:Halo"
"D:\Hry\worms 2\frontend.exe"="D:\Hry\worms 2\frontend.exe:*:Enabled:Worms 2 Frontend"
"D:\Hry\counter strike\hl.exe"="D:\Hry\counter strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe"="C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"
"C:\Documents and Settings\Matura Miroslav\Local Settings\Temporary Internet Files\Content.IE5\UL0VCPSL\marias2005[1].exe"="C:\Documents and Settings\Matura Miroslav\Local Settings\Temporary Internet Files\Content.IE5\UL0VCPSL\marias2005[1].exe:*:Enabled:marias2005[1]"
"D:\hryII\GC 2\gcii.exe"="D:\hryII\GC 2\gcii.exe:*:Disabled:Ground Control II"
"D:\Hry III\Commandos 3\Commandos3.exe"="D:\Hry III\Commandos 3\Commandos3.exe:*:Enabled:Commandos3"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"D:\icq\ICQ6\ICQ.exe"="D:\icq\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\hry IV\pán prstenů\game.dat"="D:\hry IV\pán prstenů\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"D:\Hry\Emergency 3\Rar$EX00.265\StrongDC.exe"="D:\Hry\Emergency 3\Rar$EX00.265\StrongDC.exe:*:Enabled:StrongDC++"
"D:\Hry\Emergency 3\Rar$EX00.188\StrongDC.exe"="D:\Hry\Emergency 3\Rar$EX00.188\StrongDC.exe:*:Enabled:StrongDC++"
"D:\Hry\Emergency 3\Rar$EX00.531\sdc204\StrongDC.exe"="D:\Hry\Emergency 3\Rar$EX00.531\sdc204\StrongDC.exe:*:Enabled:StrongDC++"
"D:\Hry\Emergency 3\Rar$EX00.578\sdc204\StrongDC.exe"="D:\Hry\Emergency 3\Rar$EX00.578\sdc204\StrongDC.exe:*:Enabled:StrongDC++"
"D:\Hry\Emergency 3\Rar$EX09.046\sdc204\StrongDC.exe"="D:\Hry\Emergency 3\Rar$EX09.046\sdc204\StrongDC.exe:*:Enabled:StrongDC++"
"D:\Hry\Emergency 3\Rar$EX00.625\sdc204\StrongDC.exe"="D:\Hry\Emergency 3\Rar$EX00.625\sdc204\StrongDC.exe:*:Enabled:StrongDC++"
"D:\strong dc++\sdc204\StrongDC.exe"="D:\strong dc++\sdc204\StrongDC.exe:*:Enabled:StrongDC++"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"D:\hry V\castle strike\Castlestrike.exe"="D:\hry V\castle strike\Castlestrike.exe:*:Enabled:Castle Strike Engine"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"D:\Hry VIII\counter strike\hl.exe"="D:\Hry VIII\counter strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"D:\icq 6\ICQ6\ICQ.exe"="D:\icq 6\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\Matura Miroslav\Plocha\Graffiti Studio 2.0\Graffiti Studio.exe"="C:\Documents and Settings\Matura Miroslav\Plocha\Graffiti Studio 2.0\Graffiti Studio.exe:*:Enabled:Macromedia Projector"
"D:\strong dc++\sdc213\StrongDC.exe"="D:\strong dc++\sdc213\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\hry X\age of castles\AgeOfCastles\Age-of-Castles.exe"="D:\hry X\age of castles\AgeOfCastles\Age-of-Castles.exe:*:Enabled:Age of Castles "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Hry XII\TM\TrackMania Sunrise\TmSunrise.exe"="D:\Hry XII\TM\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"D:\Hry XII\Aphex.exe"="D:\Hry XII\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"
"C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"
"C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"
"D:\hry V\Warrcraft\Warcraft III\Warcraft III.exe"="D:\hry V\Warrcraft\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\icq 6\ICQ6.5\ICQ.exe"="D:\icq 6\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\hry XIII\metin 2\metin2.bin"="D:\hry XIII\metin 2\metin2.bin:*:Enabled:metin2"
"D:\hry XIII\warcraft of the lich king\World of Warcraft\Launcher.exe"="D:\hry XIII\warcraft of the lich king\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\hry XIII\Warcraft 1\Warcraft III\Warcraft III.exe"="D:\hry XIII\Warcraft 1\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\hry XIII\metin 2\metin2client.bin"="D:\hry XIII\metin 2\metin2client.bin:*:Enabled:metin2client"
"D:\hry XIV\Silverfall\Silverfall\Silverfall.exe"="D:\hry XIV\Silverfall\Silverfall\Silverfall.exe:*:Enabled:Silverfall"
"D:\hry XIII\Halo\halo.exe"="D:\hry XIII\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\hry V\Warrcraft\Warcraft III\war3.exe"="D:\hry V\Warrcraft\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"D:\AAB.Jirka\Graffiti Studio 2.0\Graffiti Studio.exe"="D:\AAB.Jirka\Graffiti Studio 2.0\Graffiti Studio.exe:*:Enabled:Macromedia Projector"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55aaecc6-b7c0-11de-b45b-0013d366bab5}]
shell\autorun\command - G:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ea47b66-c6b5-11dd-b291-0013d366bab5}]
shell\autorun\command - G:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9364f425-4a6c-11dc-afc6-0013d366bab5}]
shell\AutoRun\command - F:\LaunchBFII.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9fe39bc-ff5e-11dd-b302-0013d366bab5}]
shell\autorun\command - G:\InstallSeagateManager.exe
======List of files/folders created in the last 1 months======
2010-04-06 21:49:35 ----D---- C:\Program Files\trend micro
2010-04-06 21:49:34 ----D---- C:\rsit
2010-04-06 21:15:16 ----A---- C:\WINDOWS\ntbtlog.txt
======List of files/folders modified in the last 1 months======
2010-04-06 21:49:41 ----D---- C:\WINDOWS\Prefetch
2010-04-06 21:49:36 ----D---- C:\WINDOWS\Temp
2010-04-06 21:49:35 ----RD---- C:\Program Files
2010-04-06 21:26:28 ----D---- C:\Documents and Settings\Matura Miroslav\Data aplikací\Skype
2010-04-06 21:25:50 ----AD---- C:\WINDOWS
2010-04-06 21:25:31 ----D---- C:\Program Files\Mozilla Firefox
2010-04-06 21:14:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-06 20:12:21 ----D---- C:\Program Files\Spamihilator
2010-04-06 20:11:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-02 13:27:42 ----A---- C:\WINDOWS\wincmd.ini
2010-04-02 13:04:30 ----R---- C:\WINDOWS\streamhlp.dll
2010-04-02 12:56:03 ----SHD---- C:\WINDOWS\Installer
2010-04-02 12:56:02 ----SHD---- C:\Config.Msi
2010-04-02 12:55:43 ----D---- C:\WINDOWS\system32
2010-03-31 19:36:50 ----D---- C:\Program Files\ICQToolbar
2010-03-29 15:24:10 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-12 20:35:17 ----D---- C:\WINDOWS\system32\DirectX
2010-03-12 20:35:16 ----RSD---- C:\WINDOWS\assembly
2010-03-12 20:29:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-12 11:48:19 ----D---- C:\Program Files\Garena
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 WFPVRENC;WinFast PVR2000 MPEG Encoder(PAL); C:\WINDOWS\system32\drivers\wfpvrenc.sys [2005-04-14 297728]
R2 WFPVRTUNER;WinFast PVR2000 WDM Tuner; C:\WINDOWS\system32\drivers\wfpvrtun.sys [2005-04-14 31744]
R2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture; C:\WINDOWS\system32\drivers\wfpvrcap.sys [2005-04-14 163584]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 ar9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2009-08-14 1668352]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-01-10 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-10-29 1391104]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-24 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-24 12928]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-12-09 47360]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
R3 WFPVRBAR;WinFast PVR2000 WDM Crossbar; C:\WINDOWS\system32\drivers\WFPVRBAR.sys [2005-04-14 9600]
R3 wsimd;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2009-08-14 58208]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cel90xbe;cel90xbe; \??\C:\DOCUME~1\MATURA~1\LOCALS~1\Temp\cel90xbe.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 garenapengine;GarenaPEngine; \??\C:\DOCUME~1\MATURA~1\LOCALS~1\Temp\JYF166.tmp []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536]
S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360]
S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704]
S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 10192896]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usb2vcom;USB Data Cable; C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-02-19 29152]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
S3 wpdusb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 acs;TP-LINK Configuration Service; C:\WINDOWS\system32\acs.exe [2009-08-14 495700]
R2 ADSMainSvc;ADS Main Service; C:\WINDOWS\system32\ADS.Services.Main.exe [2005-05-23 40960]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-10-29 389120]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 InterBaseGuardian;Firebird Guardian Service; C:\Program Files\Borland\InterBase\bin\ibguard.exe [2002-12-12 32768]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-14 152984]
R2 omsi download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-19 66872]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 InterBaseServer;Firebird Server; C:\Program Files\Borland\InterBase\bin\ibserver.exe [2002-12-12 1748992]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-10-28 520192]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
S2 psrem02;CD Guard Drivers Auto Removal (v2); C:\WINDOWS\system32\psrem02.exe [2006-05-11 358008]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 ehttpsrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getplushelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
infiltrace Win32/Rustock trojský kůň
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119403
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: infiltrace Win32/Rustock trojský kůň
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: infiltrace Win32/Rustock trojský kůň
ComboFix 10-04-05.06 - Matura Miroslav 06.04.2010 23:02:29.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.655 [GMT 2:00]
Spuštěný z: c:\documents and settings\Matura Miroslav\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\documents and settings\All Users\Data aplikací\hpe4F.dll
c:\windows\system32\drivers\d0bc6b31.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINCOM32
-------\Service_d0bc6b31
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-06 do 2010-04-06 )))))))))))))))))))))))))))))))
.
2010-04-06 19:49 . 2010-04-06 19:49 -------- d-----w- c:\program files\trend micro
2010-04-06 19:49 . 2010-04-06 19:49 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 18:12 . 2006-02-07 17:34 -------- d-----w- c:\program files\Spamihilator
2010-03-31 17:36 . 2006-07-22 09:56 -------- d-----w- c:\program files\ICQToolbar
2010-03-29 13:24 . 2004-08-18 12:00 459410 ----a-w- c:\windows\system32\perfh005.dat
2010-03-29 13:24 . 2004-08-18 12:00 92034 ----a-w- c:\windows\system32\perfc005.dat
2010-03-12 18:29 . 2005-12-17 22:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 09:48 . 2009-12-19 16:46 -------- d-----w- c:\program files\Garena
2010-03-06 12:01 . 2010-03-06 12:01 -------- d-----w- c:\program files\EACOM
2010-03-06 12:01 . 2010-03-06 12:01 475 ----a-w- c:\windows\eReg.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eee6c35c-6118-11dc-9c72-001320c79847}]
2009-05-20 13:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2007-01-24 619008]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-11-24 20058152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 344064]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-05-04 282624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-11-30 450560]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"snp2std"="c:\windows\vsnp2std.exe" [2005-11-16 344064]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Application Launcher\Application Launcher.exe" [2007-03-27 593920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-08-26 111928]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2009-08-14 569427]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"THGuard"="d:\aaa.matura\hunter trojan\TrojanHunter 4.2\THGuard.exe" [2005-02-19 1089024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Matura Miroslav\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"d:\\hryII\\GC 2\\gcii.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\hry IV\\pán prstenů\\game.dat"=
"d:\\strong dc++\\sdc204\\StrongDC.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\hry V\\castle strike\\Castlestrike.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Hry VIII\\counter strike\\hl.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"d:\\strong dc++\\sdc213\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Hry XII\\TM\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"d:\\hry V\\Warrcraft\\Warcraft III\\Warcraft III.exe"=
"d:\\icq 6\\ICQ6.5\\ICQ.exe"=
"d:\\hry XIII\\metin 2\\metin2.bin"=
"d:\\hry XIII\\metin 2\\metin2client.bin"=
"d:\\hry XIV\\Silverfall\\Silverfall\\Silverfall.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"d:\\hry V\\Warrcraft\\Warcraft III\\war3.exe"=
"d:\\AAB.Jirka\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"19794:TCP"= 19794:TCP:BitComet 19794 TCP
"19794:UDP"= 19794:UDP:BitComet 19794 UDP
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [14.8.2007 15:42 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [14.8.2007 15:42 5248]
R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\system32\drivers\psdrv02.sys [11.9.2006 14:01 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\system32\drivers\pssync05.sys [3.11.2006 10:24 61312]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 94360]
R2 ADSMainSvc;ADS Main Service;c:\windows\system32\ADS.Services.Main.exe [31.10.2006 19:52 40960]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.3.2009 14:17 222456]
R2 omsi download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [26.12.2009 10:58 90112]
R2 WFPVRENC;WinFast PVR2000 MPEG Encoder(PAL);c:\windows\system32\drivers\wfpvrenc.sys [1.4.2006 8:23 297728]
R2 WFPVRTUNER;WinFast PVR2000 WDM Tuner;c:\windows\system32\drivers\wfpvrtun.sys [1.4.2006 8:24 31744]
R2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture;c:\windows\system32\drivers\wfpvrcap.sys [1.4.2006 8:22 163584]
R3 ar9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [25.12.2009 10:14 1668352]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [26.12.2009 10:59 27632]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [1.4.2006 8:50 9446]
R3 WFPVRBAR;WinFast PVR2000 WDM Crossbar;c:\windows\system32\drivers\WFPVRBAR.sys [1.4.2006 8:45 9600]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.12.2005 11:22 685816]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2.2.2010 17:37 135664]
S2 psrem02;CD Guard Drivers Auto Removal (v2);c:\windows\system32\psrem02.exe svc --> c:\windows\system32\psrem02.exe svc [?]
S3 cel90xbe;cel90xbe;\??\c:\docume~1\MATURA~1\LOCALS~1\Temp\cel90xbe.sys --> c:\docume~1\MATURA~1\LOCALS~1\Temp\cel90xbe.sys [?]
S3 garenapengine;GarenaPEngine;\??\c:\docume~1\MATURA~1\LOCALS~1\Temp\JYF166.tmp --> c:\docume~1\MATURA~1\LOCALS~1\Temp\JYF166.tmp [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [11.8.2009 20:14 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [11.8.2009 20:14 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [11.8.2009 20:14 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [11.8.2009 20:14 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [11.8.2009 20:14 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [11.8.2009 20:14 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [11.8.2009 20:14 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [11.8.2009 20:14 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [11.8.2009 20:14 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [11.8.2009 20:14 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [11.8.2009 20:14 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [11.8.2009 20:14 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [11.8.2009 20:14 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [11.8.2009 20:14 109736]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [22.5.2008 15:36 29152]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 15:37]
2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 15:37]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://google.icq.com/search/search_frame.php
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: wikikomentáře google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
FF - ProfilePath - c:\documents and settings\Matura Miroslav\Data aplikací\Mozilla\Firefox\Profiles\54rzowec.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
ActiveSetup-{C91AE67B-E03D-7E97-4EA7-81E2C1041722} - c:\windows\service.exe
AddRemove-Need For Speed III - d:\hry\need for speed\DeIsL2.isu
AddRemove-Podnikový a domácí právník 7 - DEMO - c:\program files\legis\PDP7\demo\DeIsL1.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 23:09
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86D12C28]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7690f28
\Driver\ACPI -> ACPI.sys @ 0xf74f3cb8
\Driver\atapi -> 0x86d12c28
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\garenapengine]
"ImagePath"="\??\c:\docume~1\MATURA~1\LOCALS~1\Temp\JYF166.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-790525478-1677128483-839522115-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b
[HKEY_USERS\S-1-5-21-790525478-1677128483-839522115-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:00000003
[HKEY_USERS\S-1-5-21-790525478-1677128483-839522115-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:00000003
[HKEY_USERS\S-1-5-21-790525478-1677128483-839522115-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:00000007
[HKEY_USERS\S-1-5-21-790525478-1677128483-839522115-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000002
[HKEY_USERS\S-1-5-21-790525478-1677128483-839522115-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c9,35,04,44,80,d1,c3,31,1d,4e,b7,13,72,7c,b7,eb,3c,d1,d9,25,88,f4,80,
42,e5,d3,88,46,ac,c2,5e,c1,72,14,1c,8c,85,4c,55,eb,44,d8,b4,b0,32,f9,15,54,\
"??"=hex:74,a9,40,06,88,36,80,d8,9d,94,ca,07,23,07,a9,05
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\athgina.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3060)
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Borland\InterBase\bin\ibguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Borland\InterBase\bin\ibserver.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\progra~1\Magentic\bin\MgApp.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2010-04-06 23:14:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-06 21:14
Před spuštěním: 6 613 921 792
Po spuštění: 6 647 308 288
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 53CDC77F5AB5BB99B8D33D00CD176B38
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.655 [GMT 2:00]
Spuštěný z: c:\documents and settings\Matura Miroslav\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\documents and settings\All Users\Data aplikací\hpe4F.dll
c:\windows\system32\drivers\d0bc6b31.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINCOM32
-------\Service_d0bc6b31
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-06 do 2010-04-06 )))))))))))))))))))))))))))))))
.
2010-04-06 19:49 . 2010-04-06 19:49 -------- d-----w- c:\program files\trend micro
2010-04-06 19:49 . 2010-04-06 19:49 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 18:12 . 2006-02-07 17:34 -------- d-----w- c:\program files\Spamihilator
2010-03-31 17:36 . 2006-07-22 09:56 -------- d-----w- c:\program files\ICQToolbar
2010-03-29 13:24 . 2004-08-18 12:00 459410 ----a-w- c:\windows\system32\perfh005.dat
2010-03-29 13:24 . 2004-08-18 12:00 92034 ----a-w- c:\windows\system32\perfc005.dat
2010-03-12 18:29 . 2005-12-17 22:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 09:48 . 2009-12-19 16:46 -------- d-----w- c:\program files\Garena
2010-03-06 12:01 . 2010-03-06 12:01 -------- d-----w- c:\program files\EACOM
2010-03-06 12:01 . 2010-03-06 12:01 475 ----a-w- c:\windows\eReg.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eee6c35c-6118-11dc-9c72-001320c79847}]
2009-05-20 13:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2007-01-24 619008]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-11-24 20058152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 344064]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-05-04 282624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-11-30 450560]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"snp2std"="c:\windows\vsnp2std.exe" [2005-11-16 344064]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Application Launcher\Application Launcher.exe" [2007-03-27 593920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-08-26 111928]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2009-08-14 569427]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"THGuard"="d:\aaa.matura\hunter trojan\TrojanHunter 4.2\THGuard.exe" [2005-02-19 1089024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Matura Miroslav\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"d:\\hryII\\GC 2\\gcii.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\hry IV\\pán prstenů\\game.dat"=
"d:\\strong dc++\\sdc204\\StrongDC.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\hry V\\castle strike\\Castlestrike.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Hry VIII\\counter strike\\hl.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"d:\\strong dc++\\sdc213\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Hry XII\\TM\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"d:\\hry V\\Warrcraft\\Warcraft III\\Warcraft III.exe"=
"d:\\icq 6\\ICQ6.5\\ICQ.exe"=
"d:\\hry XIII\\metin 2\\metin2.bin"=
"d:\\hry XIII\\metin 2\\metin2client.bin"=
"d:\\hry XIV\\Silverfall\\Silverfall\\Silverfall.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"d:\\hry V\\Warrcraft\\Warcraft III\\war3.exe"=
"d:\\AAB.Jirka\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"19794:TCP"= 19794:TCP:BitComet 19794 TCP
"19794:UDP"= 19794:UDP:BitComet 19794 UDP
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [14.8.2007 15:42 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [14.8.2007 15:42 5248]
R0 psdrv02;CD Guard Environment Driver (v2);c:\windows\system32\drivers\psdrv02.sys [11.9.2006 14:01 67960]
R0 pssync05;CD Guard Synchronization Driver (v5);c:\windows\system32\drivers\pssync05.sys [3.11.2006 10:24 61312]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 94360]
R2 ADSMainSvc;ADS Main Service;c:\windows\system32\ADS.Services.Main.exe [31.10.2006 19:52 40960]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.3.2009 14:17 222456]
R2 omsi download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [26.12.2009 10:58 90112]
R2 WFPVRENC;WinFast PVR2000 MPEG Encoder(PAL);c:\windows\system32\drivers\wfpvrenc.sys [1.4.2006 8:23 297728]
R2 WFPVRTUNER;WinFast PVR2000 WDM Tuner;c:\windows\system32\drivers\wfpvrtun.sys [1.4.2006 8:24 31744]
R2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture;c:\windows\system32\drivers\wfpvrcap.sys [1.4.2006 8:22 163584]
R3 ar9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [25.12.2009 10:14 1668352]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [26.12.2009 10:59 27632]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [1.4.2006 8:50 9446]
R3 WFPVRBAR;WinFast PVR2000 WDM Crossbar;c:\windows\system32\drivers\WFPVRBAR.sys [1.4.2006 8:45 9600]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.12.2005 11:22 685816]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2.2.2010 17:37 135664]
S2 psrem02;CD Guard Drivers Auto Removal (v2);c:\windows\system32\psrem02.exe svc --> c:\windows\system32\psrem02.exe svc [?]
S3 cel90xbe;cel90xbe;\??\c:\docume~1\MATURA~1\LOCALS~1\Temp\cel90xbe.sys --> c:\docume~1\MATURA~1\LOCALS~1\Temp\cel90xbe.sys [?]
S3 garenapengine;GarenaPEngine;\??\c:\docume~1\MATURA~1\LOCALS~1\Temp\JYF166.tmp --> c:\docume~1\MATURA~1\LOCALS~1\Temp\JYF166.tmp [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [11.8.2009 20:14 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [11.8.2009 20:14 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [11.8.2009 20:14 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [11.8.2009 20:14 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [11.8.2009 20:14 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [11.8.2009 20:14 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [11.8.2009 20:14 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [11.8.2009 20:14 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [11.8.2009 20:14 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [11.8.2009 20:14 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [11.8.2009 20:14 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [11.8.2009 20:14 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [11.8.2009 20:14 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [11.8.2009 20:14 109736]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [22.5.2008 15:36 29152]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 15:37]
2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 15:37]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://google.icq.com/search/search_frame.php
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: wikikomentáře google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
FF - ProfilePath - c:\documents and settings\Matura Miroslav\Data aplikací\Mozilla\Firefox\Profiles\54rzowec.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
ActiveSetup-{C91AE67B-E03D-7E97-4EA7-81E2C1041722} - c:\windows\service.exe
AddRemove-Need For Speed III - d:\hry\need for speed\DeIsL2.isu
AddRemove-Podnikový a domácí právník 7 - DEMO - c:\program files\legis\PDP7\demo\DeIsL1.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 23:09
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86D12C28]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7690f28
\Driver\ACPI -> ACPI.sys @ 0xf74f3cb8
\Driver\atapi -> 0x86d12c28
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\garenapengine]
"ImagePath"="\??\c:\docume~1\MATURA~1\LOCALS~1\Temp\JYF166.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-790525478-1677128483-839522115-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b
[HKEY_USERS\S-1-5-21-790525478-1677128483-839522115-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:00000003
[HKEY_USERS\S-1-5-21-790525478-1677128483-839522115-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:00000003
[HKEY_USERS\S-1-5-21-790525478-1677128483-839522115-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:00000007
[HKEY_USERS\S-1-5-21-790525478-1677128483-839522115-1005\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000002
[HKEY_USERS\S-1-5-21-790525478-1677128483-839522115-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c9,35,04,44,80,d1,c3,31,1d,4e,b7,13,72,7c,b7,eb,3c,d1,d9,25,88,f4,80,
42,e5,d3,88,46,ac,c2,5e,c1,72,14,1c,8c,85,4c,55,eb,44,d8,b4,b0,32,f9,15,54,\
"??"=hex:74,a9,40,06,88,36,80,d8,9d,94,ca,07,23,07,a9,05
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\athgina.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3060)
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Borland\InterBase\bin\ibguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Borland\InterBase\bin\ibserver.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\progra~1\Magentic\bin\MgApp.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2010-04-06 23:14:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-06 21:14
Před spuštěním: 6 613 921 792
Po spuštění: 6 647 308 288
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 53CDC77F5AB5BB99B8D33D00CD176B38
-
Rudy
- Site Admin
- Příspěvky: 119403
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: infiltrace Win32/Rustock trojský kůň
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScriptr.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files\Garena
Collect::
c:\docume~1\MATURA~1\LOCALS~1\Temp\JYF166.tmp
c:\docume~1\MATURA~1\LOCALS~1\Temp\cel90xbe.sys
Driver::
garenapengine
cel90xbe
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?