boj s virem win32:rootkit-gen
Napsal: 27 úno 2010 19:35
problem s virem rootkit-gen
výpis z combofix
ComboFix 10-02-26.03 - Pukk 27.02.2010 13:01:32.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1546 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pukk\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100227-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Pukk\Dokumenty\cc_20090118_100638.reg
c:\documents and settings\Pukk\Dokumenty\cc_20100103_092857.reg
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-27 do 2010-02-27 )))))))))))))))))))))))))))))))
.
2010-02-26 14:37 . 2004-08-03 21:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-26 14:37 . 2004-08-03 21:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-26 14:32 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-26 14:32 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-26 14:32 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-26 14:32 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-26 14:31 . 2010-02-27 11:34 132 ----a-w- c:\windows\system32\fjhdyfhsn.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 16:42 . 2008-08-16 10:16 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-08 19:25 . 2010-01-26 17:16 -------- d-----w- c:\program files\Google
2010-01-18 18:19 . 2009-03-24 17:27 -------- d-----w- c:\program files\MpcStar
2010-01-17 16:57 . 2010-01-17 16:56 -------- d-----w- c:\program files\Lightsmark 2008
2010-01-15 15:36 . 2008-07-10 08:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-15 15:36 . 2008-08-13 15:26 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-15 15:35 . 2010-01-15 15:14 -------- d-----w- c:\program files\Common Files\BioWare
2010-01-15 15:16 . 2001-10-25 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-01-15 15:16 . 2001-10-25 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-01-03 13:32 . 2009-03-10 18:27 -------- d-----w- c:\program files\ICQ6.5
2010-01-02 15:34 . 2008-07-04 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Folder)]
@="{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}"
[HKEY_CLASSES_ROOT\CLSID\{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}]
2009-11-11 19:42 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Fully Synced)]
@="{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}"
[HKEY_CLASSES_ROOT\CLSID\{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}]
2009-11-11 19:42 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Not Latest Version)]
@="{284C090F-EB1D-4A6E-872E-6DB72E417E24}"
[HKEY_CLASSES_ROOT\CLSID\{284C090F-EB1D-4A6E-872E-6DB72E417E24}]
2009-11-11 19:42 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Shared Folder)]
@="{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}"
[HKEY_CLASSES_ROOT\CLSID\{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}]
2009-11-11 19:42 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Syncplicity"="c:\program files\Syncplicity\Syncplicity.exe" [2009-11-11 655360]
"PC Suite Tray"="d:\programy\nokia suite\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="d:\programy\omnipage\OpwareSE4.exe" [2007-02-04 79400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Pukk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
winesm32.exe [2004-8-17 29184]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - d:\programy\Adobe\akrobat\Reader\reader_sl.exe [2005-9-24 29696]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\lotr\\game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\Hry\\lotr\\game.dat"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Altap Salamander 2.5\\salamand.exe"=
"d:\\Hry\\AOE2\\empires2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\programy\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Hry\\Dragon Age\\bin_ship\\daorigins.exe"=
"d:\\Hry\\Dragon Age\\DAOriginsLauncher.exe"=
"d:\\Hry\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"d:\\programy\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8199:TCP"= 8199:TCP:BitComet 8199 TCP
"8199:UDP"= 8199:UDP:BitComet 8199 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4.7.2008 16:43 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.7.2008 16:43 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.7.2008 11:10 721904]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.1.2010 18:16 135664]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\hry\Dragon Age\bin_ship\daupdatersvc.service.exe [15.1.2010 16:27 25832]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2008-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 17:16]
2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 17:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\Pukk\Data aplikací\Mozilla\Firefox\Profiles\xift4ytv.default\
FF - component: c:\documents and settings\Pukk\Data aplikací\Mozilla\Firefox\Profiles\xift4ytv.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: d:\programy\Adobe\akrobat\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\programy\Mozilla Firefox\plugins\NPBOARDS.dll
---- NASTAVENÍ FIREFOXU ----
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SafeBoot-Wdf01000.sys
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-117609710-1659004503-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,3f,df,7e,f4,f1,85,2a,71,ac,22,11,f2,c6,a8,1f,7f,72,0a,c4,86,24,a4,
a8,e1,3a,36,a4,ef,b0,2f,fd,c4,6d,00,cf,83,79,33,d5,d6,91,0d,f2,36,8c,9b,d6,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-117609710-1659004503-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:2d,66,d4,5e,46,9b,7b,d1,56,2b,14,eb,39,ed,dc,20,b4,33,ab,5a,d4,
a4,d0,84,93,66,a7,ce,38,cf,70,1c,a5,23,02,d2,df,ca,75,b5,74,eb,d1,fd,5c,5e,\
"rkeysecu"=hex:12,4a,8b,bd,38,c6,8d,90,70,48,ca,da,d5,91,c6,9a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-27 13:06:13
ComboFix-quarantined-files.txt 2010-02-27 12:06
Před spuštěním: 2 864 480 256
Po spuštění: 3 740 950 528
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 7DEB31069E6E153822754957E20340AA
výpis z combofix
ComboFix 10-02-26.03 - Pukk 27.02.2010 13:01:32.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1546 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pukk\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100227-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Pukk\Dokumenty\cc_20090118_100638.reg
c:\documents and settings\Pukk\Dokumenty\cc_20100103_092857.reg
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-27 do 2010-02-27 )))))))))))))))))))))))))))))))
.
2010-02-26 14:37 . 2004-08-03 21:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-26 14:37 . 2004-08-03 21:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-26 14:32 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-26 14:32 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-26 14:32 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-26 14:32 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-26 14:31 . 2010-02-27 11:34 132 ----a-w- c:\windows\system32\fjhdyfhsn.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 16:42 . 2008-08-16 10:16 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-08 19:25 . 2010-01-26 17:16 -------- d-----w- c:\program files\Google
2010-01-18 18:19 . 2009-03-24 17:27 -------- d-----w- c:\program files\MpcStar
2010-01-17 16:57 . 2010-01-17 16:56 -------- d-----w- c:\program files\Lightsmark 2008
2010-01-15 15:36 . 2008-07-10 08:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-15 15:36 . 2008-08-13 15:26 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-15 15:35 . 2010-01-15 15:14 -------- d-----w- c:\program files\Common Files\BioWare
2010-01-15 15:16 . 2001-10-25 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-01-15 15:16 . 2001-10-25 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-01-03 13:32 . 2009-03-10 18:27 -------- d-----w- c:\program files\ICQ6.5
2010-01-02 15:34 . 2008-07-04 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Folder)]
@="{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}"
[HKEY_CLASSES_ROOT\CLSID\{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}]
2009-11-11 19:42 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Fully Synced)]
@="{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}"
[HKEY_CLASSES_ROOT\CLSID\{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}]
2009-11-11 19:42 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Not Latest Version)]
@="{284C090F-EB1D-4A6E-872E-6DB72E417E24}"
[HKEY_CLASSES_ROOT\CLSID\{284C090F-EB1D-4A6E-872E-6DB72E417E24}]
2009-11-11 19:42 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Shared Folder)]
@="{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}"
[HKEY_CLASSES_ROOT\CLSID\{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}]
2009-11-11 19:42 38400 ----a-w- c:\program files\Syncplicity\SyncplicityShellExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Syncplicity"="c:\program files\Syncplicity\Syncplicity.exe" [2009-11-11 655360]
"PC Suite Tray"="d:\programy\nokia suite\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="d:\programy\omnipage\OpwareSE4.exe" [2007-02-04 79400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Pukk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
winesm32.exe [2004-8-17 29184]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - d:\programy\Adobe\akrobat\Reader\reader_sl.exe [2005-9-24 29696]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\lotr\\game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\Hry\\lotr\\game.dat"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Altap Salamander 2.5\\salamand.exe"=
"d:\\Hry\\AOE2\\empires2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\programy\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Hry\\Dragon Age\\bin_ship\\daorigins.exe"=
"d:\\Hry\\Dragon Age\\DAOriginsLauncher.exe"=
"d:\\Hry\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"d:\\programy\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8199:TCP"= 8199:TCP:BitComet 8199 TCP
"8199:UDP"= 8199:UDP:BitComet 8199 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4.7.2008 16:43 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.7.2008 16:43 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.7.2008 11:10 721904]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.1.2010 18:16 135664]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\hry\Dragon Age\bin_ship\daupdatersvc.service.exe [15.1.2010 16:27 25832]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2008-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 17:16]
2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 17:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\Pukk\Data aplikací\Mozilla\Firefox\Profiles\xift4ytv.default\
FF - component: c:\documents and settings\Pukk\Data aplikací\Mozilla\Firefox\Profiles\xift4ytv.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: d:\programy\Adobe\akrobat\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\programy\Mozilla Firefox\plugins\NPBOARDS.dll
---- NASTAVENÍ FIREFOXU ----
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SafeBoot-Wdf01000.sys
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-117609710-1659004503-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,3f,df,7e,f4,f1,85,2a,71,ac,22,11,f2,c6,a8,1f,7f,72,0a,c4,86,24,a4,
a8,e1,3a,36,a4,ef,b0,2f,fd,c4,6d,00,cf,83,79,33,d5,d6,91,0d,f2,36,8c,9b,d6,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-117609710-1659004503-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:2d,66,d4,5e,46,9b,7b,d1,56,2b,14,eb,39,ed,dc,20,b4,33,ab,5a,d4,
a4,d0,84,93,66,a7,ce,38,cf,70,1c,a5,23,02,d2,df,ca,75,b5,74,eb,d1,fd,5c,5e,\
"rkeysecu"=hex:12,4a,8b,bd,38,c6,8d,90,70,48,ca,da,d5,91,c6,9a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-27 13:06:13
ComboFix-quarantined-files.txt 2010-02-27 12:06
Před spuštěním: 2 864 480 256
Po spuštění: 3 740 950 528
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 7DEB31069E6E153822754957E20340AA
Stahnete 
)