Dobry den potreboval bych pomoci zbavit se tohoto neprijemneho viru thx
ComboFix 10-04-21.01 - Olympia 24.04.2010 12:42:14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1918.1246 [GMT 2:00]
Spuštěný z: c:\documents and settings\Olympia\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\program files\Antivirus2008
c:\windows\system32\drivers\247bf0a0.sys
c:\windows\system32\lowsec
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_247bf0a0
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-24 do 2010-04-24 )))))))))))))))))))))))))))))))
.
2010-04-22 09:04 . 2010-04-22 09:04 -------- d-----w- c:\program files\Electronic Arts
2010-04-22 09:04 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-04-22 09:04 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-04-22 09:04 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-04-22 09:03 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-04-22 09:03 . 2008-10-27 08:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-04-22 09:03 . 2008-10-27 08:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-04-22 09:03 . 2008-10-27 08:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-04-22 09:03 . 2008-05-30 13:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2010-04-22 09:03 . 2008-05-30 13:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2010-04-22 09:03 . 2008-05-30 13:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-04-22 09:03 . 2008-05-30 13:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-04-22 09:03 . 2008-05-30 13:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2010-04-22 09:03 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-04-22 09:03 . 2008-05-30 13:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2010-03-26 13:41 . 2010-03-27 08:06 -------- d-----w- c:\program files\Centauri
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 09:49 . 2010-01-02 07:53 5 ----a-w- c:\program files\trl.trl
2010-04-24 09:49 . 2008-03-28 13:15 -------- d-----w- c:\program files\Ztrl
2010-04-24 08:07 . 2008-12-03 10:23 -------- d-----w- c:\program files\Steam
2010-04-20 18:38 . 2009-03-22 09:53 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-04-15 17:42 . 2008-04-22 11:45 -------- d-----w- c:\program files\DivX
2010-04-15 17:41 . 2009-06-23 14:38 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-06 10:26 . 2009-03-13 08:13 -------- d-----w- c:\program files\Sony
2010-04-05 12:03 . 2008-10-21 15:38 -------- d-----w- c:\program files\CCleaner
2010-04-02 07:00 . 2006-03-02 12:00 83226 ----a-w- c:\windows\system32\perfc005.dat
2010-04-02 07:00 . 2006-03-02 12:00 438540 ----a-w- c:\windows\system32\perfh005.dat
2010-04-02 06:58 . 2010-02-22 08:14 -------- d-----w- c:\program files\ICQ7.0
2010-03-31 01:58 . 2008-04-22 11:45 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2008-04-22 11:45 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2008-04-22 11:45 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-18 09:10 . 2009-10-28 18:12 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-18 09:10 . 2009-01-27 09:04 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-18 09:10 . 2009-01-27 08:03 -------- d-----w- c:\program files\Lavasoft
2010-03-14 15:47 . 2008-03-26 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-05 18:27 . 2010-03-05 18:27 -------- d-----w- c:\program files\BlackBeanGames
2010-03-04 19:04 . 2008-04-16 12:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-28 13:08 . 2010-02-28 13:07 -------- d-----w- c:\program files\SopCast
2010-02-28 08:22 . 2009-10-20 09:36 -------- d-----w- c:\program files\Winamp
2010-02-28 08:22 . 2010-02-28 08:22 -------- d-----w- c:\program files\Winamp Detect
2010-02-26 19:35 . 2010-02-26 19:35 -------- d-----w- c:\program files\dumps
2010-02-23 08:01 . 2010-02-23 08:01 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-04 15:53 . 2009-10-28 18:13 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-04 09:01 . 2010-03-05 19:20 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-03-05 19:20 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-03-05 19:20 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-03-05 19:20 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-02 19:24 . 2009-11-14 08:18 25 ----a-w- c:\windows\popcinfot.dat
2010-01-26 19:28 . 2008-08-03 07:14 138056 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-26 19:28 . 2008-08-03 07:14 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-26 19:28 . 2008-08-03 07:14 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-26 19:28 . 2010-01-26 19:28 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2009-08-31 15:55 . 2009-10-06 06:54 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2008-03-28 13:07 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Olympia\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-01-02 133104]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-04-09 818256]
"EpsonAPD4SV"="c:\program files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE" [2008-09-16 210304]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-30 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\Olympia\\Plocha\\G\\LOL_GOA_CB_V2\\Air\\LolClient.exe"=
"c:\\Documents and Settings\\Olympia\\Plocha\\G\\LOL_GOA_CB_V2\\Game\\League of Legends.exe"=
"c:\\Documents and Settings\\Olympia\\Dokumenty\\Céda\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2010\\fm.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\Bootstrapper.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\BattleForge.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28.10.2009 20:13 64288]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19.3.2009 11:44 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11.9.2009 7:26 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11.9.2009 7:24 735960]
R2 EpsonPOSLog;Epson Point of Service Log Service;c:\program files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe [24.1.2009 2:23 290816]
R2 EpsonPOSPort;Epson Point of Service Port Handler;c:\program files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe [19.3.2009 18:24 376832]
R2 Esdpdx01;Esdpdx01;c:\windows\system32\drivers\ESDPDX01.SYS [19.3.2009 18:24 95495]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 dyncal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [7.11.2007 20:15 12928]
S2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1265264]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [13.3.2009 10:16 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [13.3.2009 10:16 67760]
.
Obsah adresáře 'Naplánované úlohy'
2010-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://live.atlas.cz/player-new/?stream=2654244
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: {{88eb38ef-4d2c-436d-abd3-56b232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\documents and settings\Olympia\Data aplikací\Mozilla\Firefox\Profiles\04iqg7mf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{95289393-33ea-4f8d-b952-483415b9c955} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-24 13:02
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8B253960]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba11cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> sfsync02.sys @ 0xba0e98b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9e30bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9e3da21
SendHandler -> NDIS.sys @ 0xb9e1b87b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-854245398-1336601894-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:72,bd,bb,fe,a2,3a,cd,26,76,1a,c2,85,46,11,5e,38,93,db,aa,46,6c,e9,a1,
31,85,46,fe,e8,00,71,8a,8b,2d,21,4b,a7,04,60,ce,13,6b,72,81,a8,47,a3,ce,04,\
"??"=hex:32,6a,eb,9e,d1,7f,14,28,5e,97,cc,3c,ae,45,2e,1a
[HKEY_USERS\S-1-5-21-854245398-1336601894-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:7b,a5,64,45,5c,c7,ce,d4,37,33,a7,4a,75,1d,16,1d,89,08,de,18,67,
af,ae,15,9f,53,26,31,db,9e,78,a9,63,8e,01,15,f9,99,7c,a8,29,4b,a1,e0,d1,e0,\
"rkeysecu"=hex:de,b6,88,f1,4a,ef,9e,a7,7b,a7,e0,ef,c4,ac,6c,b4
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(2424)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\VirtualExpander\VEShellExt.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\documents and settings\Olympia\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\system32\VirtualExpander\VirtualExpander.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\OpenOffice.org 2.3\program\soffice.BIN
.
**************************************************************************
.
Celkový čas: 2010-04-24 13:09:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-24 11:09
Před spuštěním: Volných bajtů: 95 906 729 984
Po spuštění: Volných bajtů: 95 912 751 104
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 2B5C1D5EED16DD94ED066C1BFD83C6F1
info.txt logfile of random's system information tool 1.06 2010-04-24 13:36:18
======Uninstall list======
-->C:\Documents and Settings\All Users\Data aplikací\DivX\DivX7\DivX Codec\DivXCodecUninstall.exe /CODEC
-->C:\Documents and Settings\All Users\Data aplikací\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->Dummy
-->MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent CZ 1.8.5 (build 17414)-->"C:\Documents and Settings\Olympia\Dokumenty\Céda\uTorrent\unins000.exe"
Ad-Aware Email Scanner for Outlook-->MsiExec.exe /I{338F08AB-C262-42C7-B000-34DE1A475273}
Ad-Aware-->"C:\Documents and Settings\All Users\Data aplikací\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Data aplikací\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A70000000000}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AGEIA PhysX v7.07.09-->MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
Aktualizace systému Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Aktualizace zabezpečení produktu Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aktualizace zabezpečení systému Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0005 -removeonly
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aspell Czech Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6c64
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
BattleForge™-->MsiExec.exe /X{C580908C-B3BA-4C19-BD60-16F02F272201}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BS.Player ControlBar-->C:\Program Files\BS.Player ControlBar\uninst.exe
Burn4Free CD and DVD-->"C:\Program Files\Burn4Free\uninstall.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Corel WinDVD 9-->C:\Program Files\InstallShield Installation Information\{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}\setup.exe -runfromtemp -l0x0409
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Czech Soccer Manager 2002 Final Edition-->"C:\Program Files\Czech Soccer Manager 2002 FE\uninstall.exe" "/U:C:\Program Files\Czech Soccer Manager 2002 FE\uninstall.xml"
Dawn of War - Soulstorm-->"C:\Program Files\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0005 -removeonly
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Converter-->C:\Documents and Settings\All Users\Data aplikací\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Setup-->C:\Documents and Settings\All Users\Data aplikací\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DivX Web Player-->C:\Documents and Settings\All Users\Data aplikací\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe /PLUGIN
Důležitá aktualizace aplikace Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
EPSON Advanced Printer Driver 4-->C:\Program Files\InstallShield Installation Information\{11FF6AF6-0141-4EF8-829A-989459A1E5D8}\Setup.exe -runfromtemp -l0x0009 -removeonly
EPSON APD4 Point and Print Support-->MsiExec.exe /X{4BB82AD9-0CF6-4E14-BD75-C1AB657C2914}
Football Manager 2010-->"C:\Program Files\Steam\steam.exe" steam://uninstall/34000
Garena-->C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
GTK+ Runtime 2.14.7 rev a (odstranit)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Hero Editor V0.90-->C:\WINDOWS\st6unst.exe -n "C:\Documents and Settings\Olympia\Dokumenty\Céda\Hero\ST6UNST.LOG"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ICQ7-->"C:\Program Files\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Image Converter 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE013D72-CF3D-41A8-BC09-C38070FDE2CB}\setup.exe" -l0x9 /CONPANE -removeonly
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Codec Pack 3.5.0 Standard-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{A2C9CD1B-2551-3AED-B244-6698FB929FA6}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{546C143E-68DC-314D-97BC-1E454E3BA429}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
OpenOffice.org 2.3-->MsiExec.exe /I{519556CC-4382-4B35-80F5-DD8E9460EEAC}
Oprava hotfix aplikace Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
PDF Manual NW-A800 Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99B9FAF2-33FD-4DC7-9087-5BC2EE4CBB9E}\setup.exe" -l0x5 UNINSTALL -removeonly
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PunkBuster Services-->C:\WINDOWS\system32\pbsvc_heroes.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{7D0AA8B9-8568-4527-B3F4-91846F921E90}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x5 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x5 -removeonly
SonicStage 4.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Veetle TV 0.9.16-->C:\Program Files\Veetle\UninstallVeetleTV.exe
VibrateGameDeviceDriver-->MsiExec.exe /I{DBB7F606-0C13-4182-AD7F-427A4773580E}
Video Downloader-->C:\Program Files\InstallShield Installation Information\{F1D891A7-2BAF-4033-9A20-DBB78F86BF0C}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{239BB983-8A2D-4974-B780-2ADAE32752D5}
Windows Live Messenger-->MsiExec.exe /X{F62475E6-6F06-4D65-97D3-71D3CB696A1C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
======Security center information======
AV: ESET NOD32 Antivirus 4.0
======System event log======
Computer Name: OLYMPIAPC
Event Code: 7036
Message: Stav služby Správce vzdáleného přístupu byl změněn na: Spuštěno
Record Number: 7199
Source Name: Service Control Manager
Time Written: 20100305084320.000000+060
Event Type: Informace
User:
Computer Name: OLYMPIAPC
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Služba rozpoznávání pomocí protokolu SSDP úspěšně odeslán.
Record Number: 7198
Source Name: Service Control Manager
Time Written: 20100305084317.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: OLYMPIAPC
Event Code: 7000
Message: Služba Automatické aktualizace neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Record Number: 7197
Source Name: Service Control Manager
Time Written: 20100305084316.000000+060
Event Type: Chyba
User:
Computer Name: OLYMPIAPC
Event Code: 7036
Message: Stav služby Adaptér výkonu služby WMI byl změněn na: Spuštěno
Record Number: 7196
Source Name: Service Control Manager
Time Written: 20100305084316.000000+060
Event Type: Informace
User:
Computer Name: OLYMPIAPC
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Adaptér výkonu služby WMI úspěšně odeslán.
Record Number: 7195
Source Name: Service Control Manager
Time Written: 20100305084316.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: OLYMPIAPC
Event Code: 0
Message: HttpHandlers node *.svc does not exist in System.Web section group.
Record Number: 1342
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20081203190554.000000+060
Event Type: Upozornění
User:
Computer Name: OLYMPIAPC
Event Code: 0
Message: All compilation assembly nodes do not exist in System.Web section group.
Record Number: 1341
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20081203190554.000000+060
Event Type: Upozornění
User:
Computer Name: OLYMPIAPC
Event Code: 0
Message: A configuration entry for BuildProvider System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 does not exist.
Record Number: 1340
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20081203190554.000000+060
Event Type: Upozornění
User:
Computer Name: OLYMPIAPC
Event Code: 0
Message: The ServiceModelReg tool will take the following actions:
Reinstalling configuration section system.serviceModel to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.
Reinstalling configuration section system.runtime.serialization to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.
Reinstalling configuration section system.serviceModel.activation to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.
Adding configuration entry for BuildProvider:
System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reinstalling compilation assembly node to System.Web section group:
System.Runtime.Serialization, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=MSIL
Reinstalling compilation assembly node to System.Web section group:
System.IdentityModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=MSIL
Reinstalling compilation assembly node to System.Web section group:
System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reinstalling HttpHandlers node to System.Web section group:
*.svc
Reinstalling HttpModules node to System.Web section group:
ServiceModel
Reinstalling WMI classes.
Reinstalling Windows CardSpace (idsvc).
Reinstalling Net.Tcp Port Sharing Service (NetTcpPortSharing).
Reinstalling HTTP namespace reservations.
Record Number: 1339
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20081203190553.000000+060
Event Type: Informace
User:
Computer Name: OLYMPIAPC
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.
Record Number: 1338
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20081203190553.000000+060
Event Type: Upozornění
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Win32 Rustock
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Win32 Rustock
5 položek CF smazal, zbytek logu vypadá čistý. Rootkit by měl být pryč.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Win32 Rustock
jj je pryč i tak moc děkuji 
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Win32 Rustock
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?