VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

trojske kone na NB

https://forum.viry.cz:443/viewtopic.php?t=105900

Stránka 1 z 2

trojske kone na NB

Napsal: 25 říj 2010 17:29
od lacikaboss
Zdravim.
Vzdy ked presuvam veci z NB do PC, tak mi PC najde virus z NB.
na oboch mam ESS.
Nemam tam tu haved?
Logfile of random's system information tool 1.08 (written by random/random)
Run by PC at 2010-10-25 18:28:21
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (15%) free of 153 GB
Total RAM: 1014 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:28:29, on 25.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\My Documents\foobar2000\foobar2000.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\PC.exe

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\PC\Local Settings\Application Data\smss.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Konfiguraení služba Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 3896 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Driver Robot.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1708537768-299502267-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1708537768-299502267-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ACU"=C:\Program Files\Atheros\ACU.exe [2009-03-06 479320]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-09-02 16851456]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Z810SysStart"=C:\Program Files\Connection Manager\sysctrl.exe []
"Tok-Cirrhatus"=C:\Documents and Settings\PC\Local Settings\Application Data\smss.exe []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-07 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2008-09-04 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2008-09-04 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2008-09-04 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-02-10 319280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Monitor.lnk]
C:\PROGRA~1\TOSHIBA\BLUETO~1\BtMon2.exe [2007-04-07 92280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Control Web Daemon.lnk]
C:\PROGRA~1\CONTRO~1\CWD.EXE [1999-10-25 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BthServ"=2
"ABBYY.Licensing.FineReader.Professional.9.0"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-09-04 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\games\Grand prix 4\GP4.exe"="C:\games\Grand prix 4\GP4.exe:*:Disabled:GP4"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Control Web 2000 Demo\CWDEMO.EXE"="C:\Program Files\Control Web 2000 Demo\CWDEMO.EXE:*:Enabled:Control Web"
"C:\Program Files\Control Web 2000 Demo\CWD.EXE"="C:\Program Files\Control Web 2000 Demo\CWD.EXE:*:Enabled:Síťový démon Control Web"
"C:\Program Files\Phone Remote Control\PhoneRemoteControl.exe"="C:\Program Files\Phone Remote Control\PhoneRemoteControl.exe:*:Disabled: "
"E:\setup.exe"="E:\setup.exe:*:Enabled:setup.exe"
"C:\WINDOWS\system\csrss.exe"="C:\WINDOWS\system\csrss.exe:*:Enabled:csrss.exe"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\3DO\Army Men RTS\amrts.exe"="C:\Program Files\3DO\Army Men RTS\amrts.exe:*:Enabled:Army Men RTS"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2010-10-25 18:28:22 ----D---- C:\Program Files\trend micro
2010-10-25 18:28:21 ----D---- C:\rsit
2010-10-25 18:17:57 ----D---- C:\Program Files\CCleaner
2010-10-25 18:15:02 ----A---- C:\WINDOWS\system32\drivers\cpuz133_x32.sys
2010-10-25 18:15:01 ----D---- C:\Program Files\CPUID
2010-10-21 19:49:36 ----D---- C:\Program Files\StrongDC++
2010-10-20 10:39:58 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-10-20 10:39:58 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-10-20 10:39:57 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-10-20 10:39:57 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-10-20 10:39:55 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-10-20 10:39:54 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-10-20 10:39:53 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-10-20 10:39:52 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-10-20 10:39:51 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-10-20 10:39:50 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-10-20 10:39:49 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-10-20 10:39:48 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-10-20 10:39:48 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-10-20 10:39:47 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-10-20 10:39:46 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-10-20 10:39:46 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-10-20 10:39:45 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-10-20 10:39:43 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-10-20 10:39:41 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-10-20 10:39:41 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-10-20 10:39:39 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-10-20 10:39:37 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-10-20 10:39:37 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-10-20 10:39:35 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-10-20 10:39:35 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-10-20 10:39:32 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2010-10-20 10:39:32 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2010-10-20 10:39:30 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2010-10-20 10:39:29 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2010-10-20 10:39:29 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2010-10-20 10:39:28 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2010-10-20 10:39:27 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2010-10-20 10:39:27 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2010-10-20 10:39:26 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2010-10-20 10:39:25 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2010-10-20 10:39:24 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2010-10-20 10:39:24 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2010-10-20 10:39:24 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2010-10-20 10:39:23 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2010-10-20 10:39:22 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2010-10-20 10:39:21 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2010-10-20 10:39:21 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-10-20 10:39:21 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-10-20 10:39:20 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-10-20 10:39:19 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2010-10-20 10:39:18 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2010-10-20 10:39:18 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2010-10-20 10:39:17 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2010-10-20 10:39:16 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2010-10-20 10:39:15 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2010-10-20 10:39:15 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2010-10-20 10:39:14 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2010-10-20 10:39:13 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2010-10-20 10:39:13 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2010-10-20 10:39:12 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2010-10-20 10:39:12 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-10-20 10:39:11 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2010-10-20 10:39:10 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2010-10-20 10:39:08 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2010-10-20 10:39:07 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2010-10-20 10:39:07 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-10-20 10:39:05 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2010-10-20 10:39:04 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2010-10-20 10:39:03 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2010-10-20 10:39:03 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2010-10-20 10:39:02 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2010-10-20 10:39:02 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2010-10-20 10:39:01 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2010-10-20 10:39:01 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-10-20 10:39:00 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2010-10-20 10:39:00 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-10-20 10:39:00 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2010-10-20 10:38:59 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-10-20 10:38:38 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-10-20 10:38:37 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-10-20 10:38:37 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2010-10-20 10:38:35 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2010-10-20 10:38:34 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2010-10-20 10:38:34 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2010-10-20 10:38:33 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-10-20 10:38:27 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2010-10-20 10:37:50 ----D---- C:\WINDOWS\Logs
2010-10-19 20:39:23 ----RSH---- C:\Documents and Settings\PC\Application Data\ygmdrm.exe
2010-10-18 20:00:24 ----D---- C:\Documents and Settings\PC\Application Data\ABBYY
2010-10-18 19:35:46 ----D---- C:\Program Files\Common Files\ABBYY
2010-10-18 19:23:12 ----D---- C:\Program Files\ABBYY FineReader 9.0
2010-10-18 19:23:12 ----D---- C:\Documents and Settings\All Users\Application Data\ABBYY
2010-10-18 19:08:27 ----D---- C:\FR90PE_VOL
2010-10-18 18:52:14 ----D---- C:\Documents and Settings\PC\Application Data\LanViewer
2010-10-18 18:52:11 ----D---- C:\Program Files\Auxtools
2010-10-14 16:48:30 ----D---- C:\Program Files\THQ
2010-10-14 11:58:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-14 11:58:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-14 11:58:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-14 11:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-14 11:57:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-14 11:56:50 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-14 11:56:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2360131$
2010-10-14 11:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-14 11:36:36 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-14 10:45:11 ----D---- C:\Program Files\PuTTY
2010-10-14 10:45:07 ----D---- C:\a262e26762c9a908dce8a0
2010-10-14 10:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-10-13 15:25:04 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-10-13 12:08:46 ----D---- C:\Program Files\Common Files\Skype
2010-10-12 18:20:36 ----D---- C:\Program Files\Common Files\Adobe
2010-10-12 18:20:36 ----D---- C:\Program Files\Adobe
2010-10-12 12:07:02 ----D---- C:\Documents and Settings\PC\Application Data\skypePM
2010-10-12 08:28:20 ----D---- C:\Documents and Settings\PC\Application Data\Skype
2010-10-12 08:26:52 ----RD---- C:\Program Files\Skype
2010-10-12 08:26:45 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-10-11 13:15:32 ----DC---- C:\WINDOWS\$NtUninstallKB980218$
2010-10-11 13:15:17 ----DC---- C:\WINDOWS\$NtUninstallKB2183461$
2010-10-11 13:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-10-11 13:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-10-11 13:14:48 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-10-11 13:14:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-10-11 13:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-10-11 13:14:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-10-11 13:14:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-10-11 13:14:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-10-11 13:13:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-10-11 13:07:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-10-11 13:07:47 ----DC---- C:\WINDOWS\$NtUninstallKB982802$
2010-10-11 13:03:40 ----DC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-10-11 13:03:32 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-10-11 13:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-10-11 13:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-10-11 13:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-10-11 13:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-10-11 13:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-10-11 13:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-10-11 12:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-10-11 12:55:08 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-10-11 12:46:06 ----D---- C:\Program Files\Common Files\Adobe(2)
2010-10-11 12:46:06 ----D---- C:\Program Files\Adobe(2)
2010-10-11 12:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-10-11 12:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$

======List of files/folders modified in the last 1 months======

2010-10-25 18:28:29 ----D---- C:\WINDOWS\Prefetch
2010-10-25 18:28:27 ----D---- C:\WINDOWS\Temp
2010-10-25 18:28:22 ----RD---- C:\Program Files
2010-10-25 18:28:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-25 18:19:36 ----D---- C:\WINDOWS\Minidump
2010-10-25 18:19:36 ----D---- C:\WINDOWS\Debug
2010-10-25 18:19:36 ----D---- C:\WINDOWS
2010-10-25 18:15:02 ----D---- C:\WINDOWS\system32\drivers
2010-10-24 22:45:17 ----D---- C:\Documents and Settings\PC\Application Data\vlc
2010-10-22 15:24:51 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-10-21 20:25:29 ----D---- C:\Documents and Settings\PC\Application Data\dvdcss
2010-10-21 18:54:51 ----A---- C:\WINDOWS\wincmd.ini
2010-10-21 17:02:38 ----A---- C:\WINDOWS\win.ini
2010-10-21 17:02:38 ----A---- C:\WINDOWS\system.ini
2010-10-21 17:02:38 ----A---- C:\boot.ini
2010-10-20 10:42:51 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-20 10:42:49 ----SHD---- C:\WINDOWS\Installer
2010-10-20 10:40:01 ----D---- C:\WINDOWS\system32\DirectX
2010-10-20 10:39:59 ----D---- C:\WINDOWS\system32
2010-10-20 10:39:58 ----HD---- C:\WINDOWS\inf
2010-10-20 10:38:58 ----RSD---- C:\WINDOWS\assembly
2010-10-18 20:11:04 ----D---- C:\WINDOWS\SHELLNEW
2010-10-18 20:10:49 ----D---- C:\WINDOWS\system32\drivers\etc
2010-10-18 20:10:19 ----SH---- C:\AUTOEXEC.BAT
2010-10-18 19:35:46 ----D---- C:\Program Files\Common Files
2010-10-14 15:21:31 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-14 13:55:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-14 11:58:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-14 11:58:33 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-14 11:57:37 ----D---- C:\WINDOWS\WinSxS
2010-10-14 11:37:21 ----D---- C:\Program Files\Outlook Express
2010-10-14 11:36:09 ----D---- C:\Program Files\Movie Maker
2010-10-12 18:31:03 ----D---- C:\WINDOWS\system32\CatRoot
2010-10-12 18:22:58 ----D---- C:\WINDOWS\system32\config
2010-10-12 18:22:44 ----D---- C:\WINDOWS\system32\wbem
2010-10-12 18:22:42 ----D---- C:\WINDOWS\Registration
2010-10-12 18:20:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-10-12 18:17:23 ----D---- C:\WINDOWS\system32\Restore
2010-10-09 17:55:49 ----D---- C:\WINDOWS\pss
2010-10-09 00:10:05 ----D---- C:\Program Files\Toshiba
2010-10-09 00:10:04 ----D---- C:\WINDOWS\Help
2010-10-07 10:46:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-03 721904]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-11-16 135048]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-02-13 1503840]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-09-04 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-08 4813312]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-09-04 157696]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-05-07 106368]
R3 tosrfec;Bluetooth ACPI; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2009-01-30 58208]
S2 cpuz133;cpuz133; \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys []
S3 as77s1j5;as77s1j5; C:\WINDOWS\system32\drivers\as77s1j5.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-03-01 88960]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2008-02-22 94336]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys []
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys []
S3 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys []
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys []
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys []
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys []
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Konfiguraení služba Atheros; C:\WINDOWS\system32\acs.exe [2009-03-06 495700]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
[/code]

Re: trojske kone na NB

Napsal: 25 říj 2010 17:45
od stell
Zdravim
No mas to paradne zavirenu.
Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit skan.
Spravit>>UPLNY skan, co najde daj zmazat,
Log vloz sem.
Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

Re: trojske kone na NB

Napsal: 26 říj 2010 23:33
od lacikaboss

Kód: Vybrat vše

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4955

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

27.10.2010 0:32:46
mbam-log-2010-10-27 (00-32-46).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 205790
Uplynulý čas: 52 min, 26 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 3
Infikované položky registračných dát: 3
Infikované priečinky: 1
Infikované súbory: 24

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Autorun) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tok-cirrhatus (Trojan.Agent) -> No action taken.

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované priečinky:
C:\Documents and Settings\PC\Local Settings\Application Data\Bron.tok-12-18 (Worm.Brontok) -> No action taken.

Infikované súbory:
C:\Documents and Settings\PC\Desktop\down\Medal of Honor 2010\Crack\loader.dll (Riskware.Tool.CK) -> No action taken.
C:\Documents and Settings\PC\My Documents\Downloads\MX vs ATV Unleashed\keygen.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053872.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053873.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053874.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053875.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053876.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053883.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053893.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053894.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053895.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053896.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053897.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053898.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053899.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053900.com (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053901.scr (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053902.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053903.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053904.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053905.pif (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053906.exe (Worm.Brontok) -> No action taken.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP113\A0055259.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\PC\Application Data\ygmdrm.exe (Worm.Autorun) -> No action taken.

Re: trojske kone na NB

Napsal: 27 říj 2010 06:57
od stell
No trebalo to dat zmazat, tak ako som pisal.
PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

Re: trojske kone na NB

Napsal: 27 říj 2010 09:55
od lacikaboss
mbam
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4955

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

27.10.2010 0:35:10
mbam-log-2010-10-27 (00-35-10).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 205790
Uplynulý čas: 52 min, 26 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 3
Infikované položky registračných dát: 3
Infikované priečinky: 1
Infikované súbory: 24

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tok-cirrhatus (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované priečinky:
C:\Documents and Settings\PC\Local Settings\Application Data\Bron.tok-12-18 (Worm.Brontok) -> Quarantined and deleted successfully.

Infikované súbory:
C:\Documents and Settings\PC\Desktop\down\Medal of Honor 2010\Crack\loader.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\My Documents\Downloads\MX vs ATV Unleashed\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053872.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053873.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053874.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053875.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053876.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053883.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053893.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053894.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053895.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053896.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053897.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053898.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053899.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053900.com (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053901.scr (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053902.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053903.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053904.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053905.pif (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP108\A0053906.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BA02183B-3DEC-4BF0-A643-5DD806789998}\RP113\A0055259.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Application Data\ygmdrm.exe (Worm.Autorun) -> Delete on reboot.
[/code]

Combofix
ComboFix 10-10-26.03 - PC 27.10.2010 10:46:23.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1014.625 [GMT 2:00]
Running from: c:\documents and settings\PC\My Documents\Downloads\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PC\Local Settings\Application Data\Kosong.Bron.Tok.txt

.
((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
.

2010-10-27 05:28 . 2010-10-27 05:28 -------- d-----w- c:\documents and settings\PC\Application Data\GlarySoft
2010-10-27 05:28 . 2010-10-27 05:28 -------- d-----w- c:\program files\Glary Registry Repair
2010-10-26 22:50 . 2010-10-26 22:50 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-26 21:37 . 2010-10-26 21:37 -------- d-----w- c:\documents and settings\PC\Application Data\Malwarebytes
2010-10-26 21:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 21:37 . 2010-10-26 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 21:37 . 2010-10-26 22:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-26 21:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-25 16:28 . 2010-10-25 16:28 -------- d-----w- c:\program files\trend micro
2010-10-25 16:28 . 2010-10-25 16:28 -------- d-----w- C:\rsit
2010-10-25 16:17 . 2010-10-25 16:18 -------- d-----w- c:\program files\CCleaner
2010-10-25 16:15 . 2010-05-11 10:00 20072 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2010-10-25 16:15 . 2010-10-25 16:15 -------- d-----w- c:\program files\CPUID
2010-10-21 17:49 . 2010-10-21 17:49 -------- d-----w- c:\program files\StrongDC++
2010-10-20 08:37 . 2010-10-20 08:37 -------- d-----w- c:\windows\Logs
2010-10-18 18:00 . 2010-10-18 18:00 -------- d-----w- c:\documents and settings\PC\Application Data\ABBYY
2010-10-18 17:35 . 2010-10-18 17:35 -------- d-----w- c:\program files\Common Files\ABBYY
2010-10-18 17:23 . 2010-10-18 17:23 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\ABBYY
2010-10-18 17:23 . 2010-10-18 17:48 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2010-10-18 17:23 . 2010-10-18 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY
2010-10-18 17:08 . 2008-05-16 03:51 -------- d-----w- C:\FR90PE_VOL
2010-10-18 17:01 . 2010-10-18 17:33 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Loc.Mail.Bron.Tok
2010-10-18 17:01 . 2010-10-18 17:01 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Ok-SendMail-Bron-tok
2010-10-18 16:52 . 2010-10-26 07:41 -------- d-----w- c:\documents and settings\PC\Application Data\LanViewer
2010-10-18 16:52 . 2010-10-18 16:52 -------- d-----w- c:\program files\Auxtools
2010-10-14 14:48 . 2010-10-14 14:48 -------- d-----w- c:\program files\THQ
2010-10-14 08:45 . 2010-10-14 08:45 -------- d-----w- c:\program files\PuTTY
2010-10-14 08:45 . 2010-10-14 08:45 -------- d-----w- C:\a262e26762c9a908dce8a0
2010-10-13 10:08 . 2010-10-13 10:08 -------- d-----w- c:\program files\Common Files\Skype
2010-10-12 16:22 . 2010-10-12 16:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-12 16:20 . 2010-10-12 16:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-12 10:07 . 2010-10-27 07:46 -------- d-----w- c:\documents and settings\PC\Application Data\skypePM
2010-10-12 06:28 . 2010-10-27 07:51 -------- d-----w- c:\documents and settings\PC\Application Data\Skype
2010-10-12 06:26 . 2010-10-13 10:08 -------- d-----r- c:\program files\Skype
2010-10-12 06:26 . 2010-10-13 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2009-08-15 20:39 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-08-15 20:39 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-08-15 20:39 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2009-08-15 20:39 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-09 14:16 . 2009-08-15 20:46 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2009-08-15 20:45 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 2009-08-15 20:38 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49 . 2009-08-15 20:38 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2009-08-15 20:34 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2009-08-15 20:46 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2009-08-15 20:45 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-08-15 20:45 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2009-08-15 20:45 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-08-16 09:56 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-08-15 20:35 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2009-08-15 20:44 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2009-08-15 20:43 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-03-06 479320]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-02 16851456]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-04 131072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-04 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-04 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2010-7-7 92280]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Control Web Daemon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Control Web Daemon.lnk
backup=c:\windows\pss\Control Web Daemon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 12:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-04-09 15:07 159744 ----a-w- c:\program files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-02-10 13:00 319280 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Control Web 2000 Demo\\CWDEMO.EXE"=
"c:\\Program Files\\Control Web 2000 Demo\\CWD.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\3DO\\Army Men RTS\\amrts.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 10:03 108792]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [25.10.2010 18:15 20072]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 10:04 735960]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [16.8.2009 12:23 157696]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.10.2009 19:21 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1708537768-299502267-1003Core.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-07 09:15]

2010-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1708537768-299502267-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-07 09:15]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-27 10:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-10-27 10:52:58
ComboFix-quarantined-files.txt 2010-10-27 08:52

Pre-Run: 17 716 457 472 bytes free
Post-Run: 21 adresárov, 17 702 432 768 voľných bajtov

- - End Of File - - D4A736DD062E9A79B0924D4AD01EB0EC
[/code]

Re: trojske kone na NB

Napsal: 27 říj 2010 10:05
od stell
ok, ako je na tom pocitac??

Re: trojske kone na NB

Napsal: 27 říj 2010 10:11
od lacikaboss
Dakujem, ovela lepsie. Len ma trapi jedna vec.
po starte systemu sa mi v systray nezobrazi ukazovatel baterie.
Musis restartovat proces explorer.exe, aby mi naskocil systray, tak ako ma byt.

Re: trojske kone na NB

Napsal: 27 říj 2010 10:23
od stell
hm, otestuj na www.virustotal.com
C:\windows\explorer.exe
ak vypise ze subor uz bolo testovane, daj reanalyse.
Nalez vloz sem.

Re: trojske kone na NB

Napsal: 27 říj 2010 10:31
od lacikaboss
Antivirus results
AhnLab-V3 - 2010.10.27.01 - 2010.10.27 - -
AntiVir - 7.10.13.47 - 2010.10.27 - -
Antiy-AVL - 2.0.3.7 - 2010.10.27 - -
Authentium - 5.2.0.5 - 2010.10.27 - -
Avast - 4.8.1351.0 - 2010.10.27 - -
Avast5 - 5.0.594.0 - 2010.10.27 - -
AVG - 9.0.0.851 - 2010.10.26 - -
BitDefender - 7.2 - 2010.10.27 - -
CAT-QuickHeal - 11.00 - 2010.10.26 - -
ClamAV - 0.96.2.0-git - 2010.10.27 - -
Comodo - 6526 - 2010.10.27 - -
DrWeb - 5.0.2.03300 - 2010.10.27 - -
Emsisoft - 5.0.0.50 - 2010.10.27 - -
eSafe - 7.0.17.0 - 2010.10.26 - -
eTrust-Vet - 36.1.7937 - 2010.10.26 - -
F-Prot - 4.6.2.117 - 2010.10.26 - -
F-Secure - 9.0.16160.0 - 2010.10.27 - -
Fortinet - 4.2.249.0 - 2010.10.27 - -
GData - 21 - 2010.10.27 - -
Ikarus - T3.1.1.90.0 - 2010.10.27 - -
Jiangmin - 13.0.900 - 2010.10.27 - -
K7AntiVirus - 9.66.2838 - 2010.10.26 - -
Kaspersky - 7.0.0.125 - 2010.10.27 - -
McAfee - 5.400.0.1158 - 2010.10.27 - -
McAfee-GW-Edition - 2010.1C - 2010.10.27 - -
Microsoft - 1.6301 - 2010.10.27 - -
NOD32 - 5567 - 2010.10.27 - -
Norman - 6.06.10 - 2010.10.26 - -
nProtect - 2010-10-27.01 - 2010.10.27 - -
Panda - 10.0.2.7 - 2010.10.27 - -
PCTools - 7.0.3.5 - 2010.10.27 - -
Prevx - 3.0 - 2010.10.27 - -
Rising - 22.71.01.04 - 2010.10.27 - -
Sophos - 4.58.0 - 2010.10.27 - -
Sunbelt - 7148 - 2010.10.27 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.10.27 - -
Symantec - 20101.2.0.161 - 2010.10.27 - -
TheHacker - 6.7.0.1.069 - 2010.10.27 - -
TrendMicro - 9.120.0.1004 - 2010.10.27 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.10.27 - -
ViRobot - 2010.10.25.4110 - 2010.10.27 - -
VirusBuster - 12.70.6.0 - 2010.10.26 - -
File info:
MD5: 12896823fb95bfb3dc9b46bcaedc9923
SHA1: 9d2bf84874abc5b6e9a2744b7865c193c08d362f
SHA256: 1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455
File size: 1033728 bytes
Scan date: 2010-10-27 09:27:24 (UTC)

Re: trojske kone na NB

Napsal: 27 říj 2010 10:35
od stell
ok, precistime este pc:LOGY nedavaj uz do code. :!:
vloz sem log z OTL
Stahni OTListIt2>> OTL
Označ položku Pro všechny uživatele.
Označ položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
do okna vlastni skenovani/oprava -vloz zeleny text.
Klikn na tlačítko Prohledat
Po dokončení, sem vlož logy OTL.Txt a Extras.txt

Kód: Vybrat vše

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90

Re: trojske kone na NB

Napsal: 27 říj 2010 11:03
od lacikaboss
OTL logfile created on: 27.10.2010 11:52:02 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\PC\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

1 014,00 Mb Total Physical Memory | 454,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 15,93 Gb Free Space | 10,69% Space Free | Partition Type: NTFS

Computer Name: JANKA | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.10.27 11:50:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC\My Documents\Downloads\OTL.exe
PRC - [2010.10.12 08:37:00 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010.09.23 04:47:16 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2009.11.16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.11.16 10:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009.03.06 03:26:38 | 000,479,320 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2009.03.06 03:26:06 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe


========== Modules (SafeList) ==========

MOD - [2010.10.27 11:50:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC\My Documents\Downloads\OTL.exe
MOD - [2010.08.23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009.11.16 10:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.11.16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.03.06 03:26:06 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007.12.06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\tosrfusb.sys -- (Tosrfusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\tosrfnds.sys -- (tosrfnds)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys -- (Tosrfhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\tosrfcom.sys -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\tosrfbd.sys -- (tosrfbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\tosporte.sys -- (tosporte)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PC\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010.05.11 12:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2009.11.16 10:06:48 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.11.16 10:06:44 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.11.16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.11.16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.10.03 19:21:19 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.06.19 09:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.02.13 18:00:02 | 001,503,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009.01.30 17:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008.09.08 17:16:54 | 004,813,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.09.04 19:13:16 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008.09.04 18:45:08 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008.05.07 19:31:16 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.04.13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.02.22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008.02.22 15:33:02 | 000,094,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2008.02.22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008.02.22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007.03.01 00:44:12 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-484763869-1708537768-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-484763869-1708537768-299502267-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009.12.16 16:01:58 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010.10.27 10:50:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Monitor.lnk = C:\Program Files\Toshiba\Bluetooth Monitor\BtMon2.exe (TOSHIBA CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-1708537768-299502267-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-484763869-1708537768-299502267-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-484763869-1708537768-299502267-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-484763869-1708537768-299502267-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 147.232.3.2 147.232.16.16
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\PC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.18 20:10:19 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Control Web Daemon.lnk - C:\Program Files\Control Web 2000 Demo\CWD.EXE - (Moravské přístroje®)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SmoothView - hkey= - key= - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webové priečinky
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010.10.27 11:16:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.10.27 10:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.10.27 09:52:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.10.27 09:52:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.10.27 09:52:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.10.27 09:52:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.10.27 09:52:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.10.27 09:49:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.10.27 07:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\GlarySoft
[2010.10.27 07:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Registry Repair
[2010.10.27 07:27:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\PC\Recent
[2010.10.27 00:50:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010.10.26 23:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\Malwarebytes
[2010.10.26 23:37:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.10.26 23:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.10.26 23:37:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.10.26 23:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.10.26 09:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\Pure
[2010.10.25 18:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.10.25 18:28:21 | 000,000,000 | ---D | C] -- C:\rsit
[2010.10.25 18:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.10.25 18:15:02 | 000,020,072 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\cpuz133_x32.sys
[2010.10.25 18:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010.10.21 19:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\My Documents\StrongDC++
[2010.10.21 19:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\StrongDC++
[2010.10.20 10:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\down
[2010.10.20 10:39:58 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010.10.20 10:39:58 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010.10.20 10:39:57 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010.10.20 10:39:57 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010.10.20 10:39:55 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010.10.20 10:39:54 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010.10.20 10:39:53 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010.10.20 10:39:52 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010.10.20 10:39:51 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010.10.20 10:39:50 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010.10.20 10:39:49 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010.10.20 10:39:48 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2010.10.20 10:39:48 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2010.10.20 10:39:47 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2010.10.20 10:39:46 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2010.10.20 10:39:46 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2010.10.20 10:39:45 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2010.10.20 10:39:43 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2010.10.20 10:39:41 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010.10.20 10:39:41 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010.10.20 10:39:39 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010.10.20 10:39:37 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2010.10.20 10:39:37 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2010.10.20 10:39:35 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2010.10.20 10:39:35 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2010.10.20 10:39:32 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010.10.20 10:39:32 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010.10.20 10:39:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010.10.20 10:39:29 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2010.10.20 10:39:29 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2010.10.20 10:39:28 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010.10.20 10:39:27 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2010.10.20 10:39:27 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2010.10.20 10:39:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2010.10.20 10:39:25 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010.10.20 10:39:24 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2010.10.20 10:39:24 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2010.10.20 10:39:24 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2010.10.20 10:39:23 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2010.10.20 10:39:22 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2010.10.20 10:39:21 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2010.10.20 10:39:21 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2010.10.20 10:39:21 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2010.10.20 10:39:20 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2010.10.20 10:39:19 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2010.10.20 10:39:18 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2010.10.20 10:39:18 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2010.10.20 10:39:17 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2010.10.20 10:39:16 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2010.10.20 10:39:15 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2010.10.20 10:39:15 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2010.10.20 10:39:14 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010.10.20 10:39:13 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2010.10.20 10:39:13 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2010.10.20 10:39:12 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2010.10.20 10:39:12 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2010.10.20 10:39:11 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2010.10.20 10:39:10 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010.10.20 10:39:08 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2010.10.20 10:39:07 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2010.10.20 10:39:07 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2010.10.20 10:39:05 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2010.10.20 10:39:04 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2010.10.20 10:39:03 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010.10.20 10:39:03 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2010.10.20 10:39:02 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2010.10.20 10:39:02 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2010.10.20 10:39:01 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010.10.20 10:39:01 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2010.10.20 10:39:00 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010.10.20 10:39:00 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2010.10.20 10:39:00 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010.10.20 10:38:59 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010.10.20 10:38:38 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010.10.20 10:38:37 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010.10.20 10:38:37 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010.10.20 10:38:35 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010.10.20 10:38:34 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010.10.20 10:38:34 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010.10.20 10:38:33 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010.10.20 10:38:27 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2010.10.20 10:37:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010.10.18 20:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\ABBYY
[2010.10.18 19:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ABBYY
[2010.10.18 19:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Local Settings\Application Data\ABBYY
[2010.10.18 19:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 9.0
[2010.10.18 19:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ABBYY
[2010.10.18 19:08:27 | 000,000,000 | ---D | C] -- C:\FR90PE_VOL
[2010.10.18 19:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Local Settings\Application Data\Loc.Mail.Bron.Tok
[2010.10.18 19:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Local Settings\Application Data\Ok-SendMail-Bron-tok
[2010.10.18 18:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\LanViewer
[2010.10.18 18:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Auxtools
[2010.10.18 10:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\My Documents\DC++
[2010.10.14 16:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2010.10.14 10:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\PuTTY
[2010.10.14 10:45:07 | 000,000,000 | ---D | C] -- C:\a262e26762c9a908dce8a0
[2010.10.13 12:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.10.12 18:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\prednasky
[2010.10.12 18:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.10.12 18:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.10.12 12:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\skypePM
[2010.10.12 08:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\Skype
[2010.10.12 08:26:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.10.12 08:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010.10.11 12:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe(2)
[2010.10.11 12:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe(2)
[2010.10.10 21:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\My Documents\FirefoxPortable
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.10.27 11:41:02 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1708537768-299502267-1003UA.job
[2010.10.27 11:40:23 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.27 11:08:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.27 11:08:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.27 11:08:02 | 1063,202,816 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.27 10:50:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.10.27 07:33:20 | 000,000,225 | ---- | M] () -- C:\boot.ini
[2010.10.27 07:28:50 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Registry Repair.lnk
[2010.10.26 23:37:51 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010.10.26 22:05:51 | 000,002,962 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.10.26 22:04:36 | 000,000,433 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010.10.26 18:41:01 | 000,001,028 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1708537768-299502267-1003Core.job
[2010.10.25 22:16:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010.10.25 09:26:21 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010.10.19 21:47:19 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\PC\Local Settings\Application Data\PUTTY.RND
[2010.10.18 20:10:19 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2010.10.14 13:55:44 | 000,492,966 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.14 13:55:44 | 000,092,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.14 12:00:19 | 000,212,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.14 10:45:12 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\PC\Application Data\Microsoft\Internet Explorer\Quick Launch\PuTTY.lnk
[2010.10.13 13:29:10 | 000,778,921 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\20100902.pdf
[2010.10.12 21:13:50 | 000,086,881 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\DSC00247.jpg
[2010.10.12 12:07:03 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.10.12 07:39:32 | 000,546,688 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\eduroam_wxp.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.10.27 09:52:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.10.27 09:52:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.10.27 09:52:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.10.27 09:52:50 | 000,079,872 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.10.27 09:52:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.10.27 07:28:50 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Registry Repair.lnk
[2010.10.27 01:06:15 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Monitor.lnk
[2010.10.26 23:37:51 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010.10.14 10:45:12 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\PC\Application Data\Microsoft\Internet Explorer\Quick Launch\PuTTY.lnk
[2010.10.14 10:36:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\PC\Local Settings\Application Data\PUTTY.RND
[2010.10.13 15:25:04 | 000,000,433 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2010.10.13 13:29:10 | 000,778,921 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\20100902.pdf
[2010.10.13 12:08:46 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010.10.12 21:13:15 | 000,086,881 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\DSC00247.jpg
[2010.10.12 12:07:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.10.12 07:39:32 | 000,546,688 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\eduroam_wxp.pdf
[2010.02.14 22:40:03 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.01.31 12:11:56 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\PC\Application Data\$_hpcst$.hpc
[2009.09.05 13:12:26 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.03 22:49:06 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.09.01 12:55:47 | 000,002,962 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.08.20 21:40:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009.08.20 17:28:57 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009.08.17 22:33:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.08.16 12:05:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.08.16 01:04:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.08.15 23:23:16 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2009.08.15 22:45:28 | 000,019,459 | ---- | C] () -- C:\WINDOWS\System32\tcpmonui.dll
[2003.04.07 11:38:32 | 000,005,746 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009.10.03 19:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.12.16 16:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.08.15 23:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Blitware
[2009.10.03 19:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\DAEMON Tools Lite
[2009.12.16 16:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\ESET
[2010.10.27 07:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\GlarySoft
[2010.10.26 09:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\LanViewer
[2009.08.15 23:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Opera
[2009.09.14 12:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\QIP
[2010.10.27 09:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\uTorrent
[2009.08.16 12:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\WinBatch

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.08.16 01:02:17 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.08.16 01:02:17 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.08.16 01:02:17 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010.08.26 15:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

< End of report >

Re: trojske kone na NB

Napsal: 27 říj 2010 11:04
od lacikaboss
OTL Extras logfile created on: 27.10.2010 11:52:02 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\PC\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

1 014,00 Mb Total Physical Memory | 454,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 15,93 Gb Free Space | 10,69% Space Free | Partition Type: NTFS

Computer Name: JANKA | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-484763869-1708537768-299502267-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\opera.exe" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Counter-Strike 1.6\hl.exe" = C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Control Web 2000 Demo\CWDEMO.EXE" = C:\Program Files\Control Web 2000 Demo\CWDEMO.EXE:*:Enabled:Control Web -- (Moravské přístroje®)
"C:\Program Files\Control Web 2000 Demo\CWD.EXE" = C:\Program Files\Control Web 2000 Demo\CWD.EXE:*:Enabled:Síťový démon Control Web -- (Moravské přístroje®)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\3DO\Army Men RTS\amrts.exe" = C:\Program Files\3DO\Army Men RTS\amrts.exe:*:Enabled:Army Men RTS -- (Pandemic Studios)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}" = Atheros Client Utility
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{4DB775C7-E32D-11D5-B2A8-00C04F538F89}" = Army Men RTS
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61539202-097E-487E-9237-B291AB56D54C}" = Bluetooth Monitor 4
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6B3F693F-A252-46A7-8D0F-7F409B13F738}" = Scope
"{9011041B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0020-041B-0000-0000000FF1CE}" = Balík Compatibility Pack pre systém Office 2007
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF873C98-3459-4BE0-AECE-2ED52F4007CF}_is1" = LanViewer 2.3
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = Realtek Card Reader
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v1.9
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALZip_is1" = ALZip
"ArtaSoftware_is1" = Arta Software version 1.5.0
"CCleaner" = CCleaner
"Control Web DEMO" = Control Web 2000 - demonstrační verze
"Counter-Strike 1.6" = Counter-Strike 1.6
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
"DivX Setup.divx.com" = DivX Setup
"Glary Registry Repair_is1" = Glary Registry Repair 3.3.0.852
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{4DB775C7-E32D-11D5-B2A8-00C04F538F89}" = Army Men RTS
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.5 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PuTTY_is1" = PuTTY version 0.60
"Re-Volt Demo" = Re-Volt Demo
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"StrongDC++" = StrongDC++ 2.41
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-484763869-1708537768-299502267-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29.1.2010 12:25:05 | Computer Name = JANKA | Source = Google Update | ID = 20
Description =

Error - 31.1.2010 6:25:05 | Computer Name = JANKA | Source = Google Update | ID = 20
Description =

Error - 31.1.2010 14:25:06 | Computer Name = JANKA | Source = Google Update | ID = 20
Description =

Error - 1.2.2010 13:25:06 | Computer Name = JANKA | Source = Google Update | ID = 20
Description =

Error - 1.2.2010 14:25:05 | Computer Name = JANKA | Source = Google Update | ID = 20
Description =

Error - 2.2.2010 3:25:06 | Computer Name = JANKA | Source = Google Update | ID = 20
Description =

Error - 2.2.2010 8:03:16 | Computer Name = JANKA | Source = Google Update | ID = 20
Description =

Error - 3.2.2010 4:06:09 | Computer Name = JANKA | Source = Google Update | ID = 20
Description =

Error - 3.2.2010 6:25:06 | Computer Name = JANKA | Source = Google Update | ID = 20
Description =

Error - 7.2.2010 9:25:06 | Computer Name = JANKA | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 27.10.2010 3:55:48 | Computer Name = JANKA | Source = RemoteAccess | ID = 20070
Description = Nástroj protokolu PPP (Point to Point) nemohol načítať modul C:\WINDOWS\System32\raschap.dll.
Zadaný modul sa nepodarilo nájsť.

Error - 27.10.2010 3:55:48 | Computer Name = JANKA | Source = Rasman | ID = 20063
Description = Nepodarilo sa spustiť Správcu pripojení pre vzdialený prístup, pretože
zlyhala inicializácia protokolu PPP (Point to Point). Zadaný modul sa nepodarilo
nájsť.

Error - 27.10.2010 3:55:48 | Computer Name = JANKA | Source = Service Control Manager | ID = 7023
Description = Služba Remote Access Connection Manager bola ukončená s nasledujúcou
chybou: %%126

Error - 27.10.2010 3:55:50 | Computer Name = JANKA | Source = Service Control Manager | ID = 7024
Description = Služba Routing and Remote Access bola ukončená s chybou služby 711
(0x2C7).

Error - 27.10.2010 4:26:29 | Computer Name = JANKA | Source = Dhcp | ID = 1000
Description = Počítač prišiel o prenájom adresy IP 147.232.162.126 na sieťovej karte
so sieťovou adresou 002163D7B14B.

Error - 27.10.2010 4:26:34 | Computer Name = JANKA | Source = BTHUSB | ID = 327697
Description = The local Bluetooth radio has failed in an undetermined manner and
will be unloaded.

Error - 27.10.2010 5:08:43 | Computer Name = JANKA | Source = RemoteAccess | ID = 20070
Description = Nástroj protokolu PPP (Point to Point) nemohol načítať modul C:\WINDOWS\System32\raschap.dll.
Zadaný modul sa nepodarilo nájsť.

Error - 27.10.2010 5:08:43 | Computer Name = JANKA | Source = Rasman | ID = 20063
Description = Nepodarilo sa spustiť Správcu pripojení pre vzdialený prístup, pretože
zlyhala inicializácia protokolu PPP (Point to Point). Zadaný modul sa nepodarilo
nájsť.

Error - 27.10.2010 5:08:43 | Computer Name = JANKA | Source = Service Control Manager | ID = 7023
Description = Služba Remote Access Connection Manager bola ukončená s nasledujúcou
chybou: %%126

Error - 27.10.2010 5:08:45 | Computer Name = JANKA | Source = Service Control Manager | ID = 7024
Description = Služba Routing and Remote Access bola ukončená s chybou služby 711
(0x2C7).


< End of report >

Re: trojske kone na NB

Napsal: 27 říj 2010 11:16
od stell
no vlozil si sem lem extras.txt-potrebujem aj OTL.txt

Re: trojske kone na NB

Napsal: 27 říj 2010 11:38
od lacikaboss
http://www.viry.cz/forum/viewtopic.php?p=917498#p917498

je to tu len to nevoslo do jedneho topicu...

Re: trojske kone na NB

Napsal: 27 říj 2010 11:48
od stell
ok,
co tam vidim, tak je ze tam chyba -subor: No uvidime>
[ System Events ]
Error - 27.10.2010 3:55:48 | Computer Name = JANKA | Source = RemoteAccess | ID = 20070
Description = Nástroj protokolu PPP (Point to Point) nemohol načítať modul C:\WINDOWS\System32\raschap.dll.
Zadaný modul sa nepodarilo nájsť.
teraz sprav toto:
otvor OTL, do okna zkopiruj text a klikni na RunFix
log po restarte vloz sem

Kód: Vybrat vše

:OTL
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
:Commands
[emptytemp]
[start explorer]
[Reboot]
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz