Win32:Rootkit-gen / winesm32.exe

Zpráva

Kalkin · #1 Příspěvek od **Kalkin** » 04 bře 2010 14:29

Dobrý den
Avast mi začal hlasit že nalezl virust Win32:Rootkit-gen [rgt] či jak to bylo v souborech c:/ .../system32/drivers/ *.sys. Po nějakych pokuse jsem našel program winesm32.exe ktery byl v po spuštěni. Ten se mi myslím podařilo odstranit pomocí MBAM ale stale mam problemi. Nemohu se dostat ke spodní liště a nabídce start a taktež k správci uloh. Prohližeče (firefox i IE) mi po spuštění mrznou

.

¨Logfile of random's system information tool 1.06 (written by random/random)
Run by Kalkin at 2010-03-04 14:13:41
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (14%) free of 10 GB
Total RAM: 1535 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:48, on 4.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
I:\RSIT.exe
I:\Kalkin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} (WirelessContactHandler Class) - http://xtraz.icq.com/xtraz/products/wir ... ontact.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)

--
End of file - 5058 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"=C:\Program Files\NetLimiter\NetLimiter.exe [2004-03-31 823296]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-01-07 77824]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-03-01 524632]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2005-06-15 6803456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2005-06-15 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-28 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2006-11-21 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2007-02-15 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan.lnk]
C:\PROGRA~1\MCAFEE~1\10BCA1~1.150\SSSCHE~1.EXE [2009-07-28 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kalkin^Nabídka Start^Programy^Po spuštění^winesm32.exe]
C:\Documents and Settings\Kalkin\Nabídka Start\Programy\Po spuštění\winesm32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2
"wscsvc"=2
"SharedAccess"=2
"nlsvc"=2
"UTSCSI"=2
"RichVideo"=2
"ose"=3
"NMIndexingService"=3
"LBTServ"=3
"IDriverT"=3
"gusvc"=3
"DAUpdaterSvc"=3

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"E:\DC\StrongDC.exe"="E:\DC\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"E:\Program Files\Starcraft\StarCraft.exe"="E:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"E:\Half-Life 2\hl2.exe"="E:\Half-Life 2\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"

======List of files/folders created in the last 1 months======

2010-03-04 14:13:41 ----D---- C:\rsit
2010-03-04 14:08:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-03-04 13:13:08 ----SHD---- C:\WINDOWS\CSC
2010-03-04 13:11:31 ----SHD---- C:\RECYCLER
2010-03-04 12:19:43 ----D---- C:\Documents and Settings\Kalkin\Data aplikací\Malwarebytes
2010-03-04 12:19:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-03-04 12:19:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-04 12:14:16 ----A---- C:\ComboFix.txt
2010-03-04 12:01:41 ----A---- C:\Boot.bak
2010-03-04 12:01:38 ----RASHD---- C:\cmdcons
2010-03-04 11:57:59 ----A---- C:\WINDOWS\zip.exe
2010-03-04 11:57:59 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-04 11:57:59 ----A---- C:\WINDOWS\SWSC.exe
2010-03-04 11:57:59 ----A---- C:\WINDOWS\SWREG.exe
2010-03-04 11:57:59 ----A---- C:\WINDOWS\sed.exe
2010-03-04 11:57:59 ----A---- C:\WINDOWS\PEV.exe
2010-03-04 11:57:59 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-04 11:57:59 ----A---- C:\WINDOWS\MBR.exe
2010-03-04 11:57:59 ----A---- C:\WINDOWS\grep.exe
2010-03-04 11:57:22 ----D---- C:\WINDOWS\ERDNT
2010-02-19 10:57:00 ----D---- C:\Program Files\Aegisub
2010-02-11 16:45:46 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-05 13:28:33 ----D---- C:\Documents and Settings\Kalkin\Data aplikací\BitTorrent
2010-02-05 13:28:29 ----D---- C:\Program Files\BitTorrent

======List of files/folders modified in the last 1 months======

2010-03-04 14:13:44 ----D---- C:\WINDOWS\Temp
2010-03-04 14:12:39 ----D---- C:\Program Files\Mozilla Firefox
2010-03-04 14:12:14 ----D---- C:\WINDOWS\Prefetch
2010-03-04 14:11:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-04 14:09:39 ----D---- C:\Program Files\Alwil Software
2010-03-04 14:08:31 ----SHD---- C:\WINDOWS\Installer
2010-03-04 14:08:31 ----D---- C:\WINDOWS\WinSxS
2010-03-04 14:08:26 ----D---- C:\WINDOWS\system32
2010-03-04 13:51:00 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-04 13:50:48 ----D---- C:\Temp
2010-03-04 13:41:53 ----A---- C:\WINDOWS\wincmd.ini
2010-03-04 13:16:53 ----RASH---- C:\boot.ini
2010-03-04 13:16:53 ----A---- C:\WINDOWS\win.ini
2010-03-04 13:16:53 ----A---- C:\WINDOWS\system.ini
2010-03-04 13:13:08 ----D---- C:\WINDOWS
2010-03-04 13:11:32 ----D---- C:\Documents and Settings
2010-03-04 12:58:44 ----RSD---- C:\WINDOWS\Fonts
2010-03-04 12:58:44 ----D---- C:\WINDOWS\system32\drivers
2010-03-04 12:19:25 ----AD---- C:\Program Files
2010-03-04 12:12:12 ----SD---- C:\WINDOWS\Tasks
2010-03-04 12:04:52 ----D---- C:\WINDOWS\AppPatch
2010-03-04 12:04:51 ----D---- C:\Program Files\Common Files
2010-03-04 11:58:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-04 11:54:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-04 10:17:12 ----D---- C:\WINDOWS\Profiles
2010-03-03 10:32:22 ----D---- C:\Documents and Settings\Kalkin\Data aplikací\ICQ
2010-03-01 19:59:17 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-02-28 20:56:58 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-23 11:36:38 ----HD---- C:\WINDOWS\inf
2010-02-23 11:36:38 ----D---- C:\WINDOWS\system32\DirectX
2010-02-23 11:36:25 ----RSD---- C:\WINDOWS\assembly
2010-02-23 11:34:16 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-20 12:52:52 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-02-19 13:37:40 ----D---- C:\Program Files\DOSBox-0.72
2010-02-17 18:00:16 ----D---- C:\Program Files\Real Alternative
2010-02-16 18:18:29 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-02-11 19:53:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-08 12:19:17 ----D---- C:\Program Files\DaemonTools_WhenUSave_Installer
2010-02-05 18:34:35 ----A---- C:\WINDOWS\WORDPAD.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2001-10-25 12160]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-11-18 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-11-18 25416]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-01 3266560]
R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-24 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-24 12928]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 aa696qfr;aa696qfr; C:\WINDOWS\system32\drivers\aa696qfr.sys []
S3 afq7clyv;afq7clyv; C:\WINDOWS\system32\drivers\afq7clyv.sys []
S3 b1916;b1916; \??\C:\WINDOWS\system32\b1916.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-17 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-01 573440]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-31 593920]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-06-15 127043]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; E:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe []
S4 UTSCSI;Usbest Service Zero; C:\WINDOWS\system32\UTSCSI.EXE [2007-09-16 45568]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 04 bře 2010 14:30

Zdravím

Na logu se pracuje, prosím o strpení.

#3 Příspěvek od **Caroprd111** » 04 bře 2010 14:32

Vložte sem log C:\ComboFix.txt

Nedoporučuji používat ComboFix z vlastní iniciativy, může dojít k poškození systému!

Kalkin · #4 Příspěvek od **Kalkin** » 04 bře 2010 14:37

ja jsem skoušel předtim snim neco podle jinych rad co jsem tu četl

ComboFix 10-03-03.07 - Kalkin 04.03.2010 12:03:10.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1024 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kalkin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kalkin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 100303-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\"

file zipped: c:\windows\system32\fjhdyfhsn.bat
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\ieuinit.inf
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-04 do 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-04 10:31 . 2001-10-25 14:00 54272 -c--a-w- c:\windows\system32\dllcache\swmidi.sys
2010-03-04 10:28 . 2010-03-04 10:28 54624 ----a-w- c:\windows\system32\b1916.sys
2010-03-04 10:26 . 2004-08-03 22:07 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2010-03-04 10:26 . 2004-08-03 22:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-03-04 09:17 . 2010-03-04 09:17 -------- d-----w- c:\documents and settings\Administrator\Data aplikací
2010-03-04 09:16 . 2010-03-04 09:16 -------- d-----r- c:\documents and settings\Administrator\Oblíbené položky
2010-03-04 09:16 . 2010-03-04 09:16 -------- d-----w- c:\documents and settings\Administrator\Plocha
2010-03-04 09:16 . 2010-03-04 09:16 -------- d-----w- c:\documents and settings\Administrator\Nabídka Start
2010-03-04 09:15 . 2010-03-04 09:17 -------- d-----w- c:\documents and settings\Administrator
2010-03-04 09:12 . 2004-08-03 21:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-04 09:12 . 2004-08-03 21:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-04 09:11 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-04 09:11 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-04 09:11 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-04 09:11 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-19 09:57 . 2010-02-19 09:57 -------- d-----w- c:\program files\Aegisub
2010-02-11 15:45 . 2010-02-11 15:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-08 10:59 . 2010-02-08 10:59 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-02-05 12:28 . 2010-02-05 12:30 -------- d-----w- c:\program files\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 18:59 . 2009-06-21 20:02 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-23 10:34 . 2009-05-15 12:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 11:53 . 2009-05-14 18:27 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-20 11:52 . 2009-05-14 18:27 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-19 12:37 . 2009-07-09 21:50 -------- d-----w- c:\program files\DOSBox-0.72
2010-02-17 17:00 . 2008-01-20 21:06 -------- d-----w- c:\program files\Real Alternative
2010-02-08 11:19 . 2006-12-30 12:08 -------- d-----w- c:\program files\DaemonTools_WhenUSave_Installer
2010-02-01 19:51 . 2010-02-01 19:51 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-24 14:20 . 2010-01-24 14:19 -------- d-----w- c:\program files\Tom's eTextReader
2010-01-21 19:25 . 2009-04-18 14:16 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-01-20 14:45 . 2010-01-20 14:45 -------- d-----w- c:\program files\Common Files\CyberLink
2010-01-20 14:45 . 2010-01-20 14:45 -------- d-----w- c:\program files\CyberLink
2010-01-20 14:44 . 2009-01-15 18:45 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-20 14:36 . 2010-01-20 14:36 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-01-20 14:36 . 2010-01-20 14:35 -------- d-----w- c:\program files\MSECACHE
2010-01-09 17:10 . 2009-01-13 15:51 -------- d-----w- c:\program files\ICQ6.5
2010-01-08 12:07 . 2009-05-14 18:27 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-24 20:24 . 2009-12-24 20:24 23600 ----a-w- c:\windows\system32\drivers\tvichw32.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NetLimiter"="c:\program files\NetLimiter\NetLimiter.exe" [2004-03-31 823296]
"SoundMan"="SOUNDMAN.EXE" [2005-01-07 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

c:\documents and settings\Kalkin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
winesm32.exe [2004-8-17 61440]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-29 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kalkin^Nabídka Start^Programy^Po spuštění^winesm32.exe]
path=c:\documents and settings\Kalkin\Nabídka Start\Programy\Po spuštění\winesm32.exe
backup=c:\windows\pss\winesm32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-01 18:59 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 15:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-17 13:49 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-17 13:49 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-03 20:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-03 20:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-06-15 09:20 6803456 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-06-15 09:20 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-06-15 09:20 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 10:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-03 20:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-03 20:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 19:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-08-28 21:28 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-11-21 17:38 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"nlsvc"=2 (0x2)
"UTSCSI"=2 (0x2)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"LBTServ"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"DAUpdaterSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"e:\\DC\\StrongDC.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"e:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Half-Life 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.6.2009 18:59 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2006 18:15 685816]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20.4.2008 10:09 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.4.2008 10:09 20560]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 22:34 1029456]
S3 b1916;b1916;c:\windows\system32\b1916.sys [4.3.2010 11:28 54624]
S4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;e:\dragon age\bin_ship\daupdatersvc.service.exe [19.11.2009 20:53 25832]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\NetLimiter\nl_lsp.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} - hxxp://xtraz.icq.com/xtraz/products/wirelesscl/WirelessContact.cab
FF - ProfilePath - c:\documents and settings\Kalkin\Data aplikací\Mozilla\Firefox\Profiles\4tym4yvg.default\
FF - component: c:\program files\Real Alternative\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Real Alternative\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real Alternative\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real Alternative\Netscape6\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKLM-Explorer_Run-ati2sgav - c:\windows\system32\ati2sgav.exe
MSConfigStartUp-Infium - c:\documents and settings\Kalkin\Plocha\QIP Infium PafoPack\inf.exe
MSConfigStartUp-Media Codec Update Service - c:\program files\Essentials Codec Pack\update.exe
MSConfigStartUp-QIP2005 - c:\program files\QIP\qip.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
AddRemove-Active@ File Recovery 7.1 - e:\zactiv~1\UNWISE.EXE
AddRemove-Ad-Aware SE Personal - c:\progra~1\Lavasoft\AD-AWA~1\UNWISE.EXE
AddRemove-AVI Splitter_is1 - c:\program files\AVISplitter\unins000.exe
AddRemove-bwin - c:\program files\bwin\uninstall.exe
AddRemove-Free Realms Installer - c:\program files\Sony Online Entertainment\uninst.exe
AddRemove-GameParkClient_is1 - c:\program files\GamePark\unins000.exe
AddRemove-HijackThis - I:\HijackThis.exe
AddRemove-Kings Bounty Armored Princess_is1 - e:\program files\Kings Bounty Armored Princess\unins000.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-MediaCoder - c:\program files\MediaCoder\uninst.exe
AddRemove-MegauploadToolbar - c:\program files\MegauploadToolbar\uninstall.exe
AddRemove-Picasa2 - c:\program files\Picasa2\Uninstall.exe
AddRemove-QIP 2005_is1 - c:\program files\QIP\unins000.exe
AddRemove-Scorpions WinCheater 2.06 (s databází 75)_is1 - c:\program files\Scorpions WinCheater\unins000.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
AddRemove-Skype_is1 - c:\program files\Skype\Phone\unins000.exe
AddRemove-UT2004 - e:\ut2004\System\Setup.exe
AddRemove-Windows Essentials Media Codec Pack - c:\program files\Essentials Codec Pack\uninst.exe
AddRemove-Zero Assumption Recovery_is1 - c:\program files\ZAR\unins000.exe
AddRemove-{60DE4033-9503-48D1-A483-7846BD217CA9} - c:\program files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe
AddRemove-{6D93BD2D-BA71-491A-926C-37FE1580CEE0} - c:\program files\InstallShield Installation Information\{6D93BD2D-BA71-491A-926C-37FE1580CEE0}\setup.exe
AddRemove-{8CFA9151-6404-409A-AF22-4632D04582FD} - c:\program files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe
AddRemove-{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1 - e:\program files\King's Bounty. The Legend\unins000.exe
AddRemove-{F138762F-5A1F-4CF0-A5E1-1588EF6088A4} - c:\program files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe
AddRemove-{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E} - c:\program files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe
AddRemove-{F50BF3E1-99C8-4908-A2C7-B19B2C6FEA47} - c:\program files\InstallShield Installation Information\{F50BF3E1-99C8-4908-A2C7-B19B2C6FEA47}\setup.exe
AddRemove-{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1 - c:\program files\ACE Mega CoDecS Pack\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 12:08
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\documents and settings\Kalkin\Nabídka Start\Programy\Po spuštění\winesm32.exe 61440 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A2251E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3
\Driver\ACPI -> ACPI.sys @ 0xb9e7dcb8
\Driver\atapi -> 0x8a2921e8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
ParseProcedure -> ntkrnlpa.exe @ 0x80576964
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
ParseProcedure -> ntkrnlpa.exe @ 0x80576964
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d18ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9d25b21
SendHandler -> NDIS.sys @ 0xb9d0387b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DBA9ED8-D0F7-1166-2A9D-17C256CA4DBB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2025429265-1547161642-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:e2,17,9a,b3,7b,f2,22,cb,64,a6,52,23,45,88,59,e5,aa,4f,c4,db,c7,
f7,c3,28,de,11,12,c1,6b,19,e2,54,8c,ac,d2,06,6f,72,24,61,95,28,62,aa,c8,27,\
"rkeysecu"=hex:43,f5,cf,23,6e,e9,d1,c0,f0,95,76,17,56,65,47,22
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(888)
c:\program files\NetLimiter\nl_lsp.dll
c:\windows\system32\nl_msgc.dll

- - - - - - - > 'Explorer.EXE'(376)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Alwil Software\Avast4\setup\avast.setup
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-04 12:14:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-04 11:13

Před spuštěním: 1 534 803 968
Po spuštění: 1 509 978 112

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 658211365A12BF6F77122048C4713CD5

#5 Příspěvek od **Caroprd111** » 04 bře 2010 14:39

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Obrázek

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Obrázek

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Obrázek

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Obrázek

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Obrázek

Během skenování může být počítač restartován.

Kalkin · #6 Příspěvek od **Kalkin** » 04 bře 2010 15:03

ComboFix 10-03-03.07 - Kalkin 04.03.2010 14:58:12.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1044 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kalkin\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-04 do 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-04 11:19 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-04 11:19 . 2010-03-04 11:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-04 11:19 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-04 10:31 . 2001-10-25 14:00 54272 -c--a-w- c:\windows\system32\dllcache\swmidi.sys
2010-03-04 10:28 . 2010-03-04 10:28 54624 ----a-w- c:\windows\system32\b1916.sys
2010-03-04 10:26 . 2004-08-03 22:07 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2010-03-04 10:26 . 2004-08-03 22:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-03-04 09:12 . 2004-08-03 21:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-04 09:12 . 2004-08-03 21:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-04 09:11 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-04 09:11 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-04 09:11 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-04 09:11 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-19 09:57 . 2010-02-19 09:57 -------- d-----w- c:\program files\Aegisub
2010-02-11 15:45 . 2010-02-11 15:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-08 10:59 . 2010-02-08 10:59 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-02-05 12:28 . 2010-02-05 12:30 -------- d-----w- c:\program files\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 13:09 . 2006-12-29 17:12 -------- d-----w- c:\program files\Alwil Software
2010-03-01 18:59 . 2009-06-21 20:02 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-23 10:34 . 2009-05-15 12:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 11:53 . 2009-05-14 18:27 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-20 11:52 . 2009-05-14 18:27 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-19 12:37 . 2009-07-09 21:50 -------- d-----w- c:\program files\DOSBox-0.72
2010-02-17 17:00 . 2008-01-20 21:06 -------- d-----w- c:\program files\Real Alternative
2010-02-11 18:53 . 2006-12-29 17:12 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2006-12-29 17:12 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2006-12-29 17:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2008-04-20 09:09 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2006-12-29 17:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2006-12-29 17:12 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2006-12-29 17:12 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2008-04-20 09:09 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2006-12-29 17:12 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-08 11:19 . 2006-12-30 12:08 -------- d-----w- c:\program files\DaemonTools_WhenUSave_Installer
2010-02-01 19:51 . 2010-02-01 19:51 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-24 14:20 . 2010-01-24 14:19 -------- d-----w- c:\program files\Tom's eTextReader
2010-01-21 19:25 . 2009-04-18 14:16 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-01-20 14:45 . 2010-01-20 14:45 -------- d-----w- c:\program files\Common Files\CyberLink
2010-01-20 14:45 . 2010-01-20 14:45 -------- d-----w- c:\program files\CyberLink
2010-01-20 14:44 . 2009-01-15 18:45 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-20 14:36 . 2010-01-20 14:36 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-01-20 14:36 . 2010-01-20 14:35 -------- d-----w- c:\program files\MSECACHE
2010-01-09 17:10 . 2009-01-13 15:51 -------- d-----w- c:\program files\ICQ6.5
2010-01-08 12:07 . 2009-05-14 18:27 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-24 20:24 . 2009-12-24 20:24 23600 ----a-w- c:\windows\system32\drivers\tvichw32.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter\NetLimiter.exe" [2004-03-31 823296]
"SoundMan"="SOUNDMAN.EXE" [2005-01-07 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-29 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kalkin^Nabídka Start^Programy^Po spuštění^winesm32.exe]
path=c:\documents and settings\Kalkin\Nabídka Start\Programy\Po spuštění\winesm32.exe
backup=c:\windows\pss\winesm32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 15:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-17 13:49 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-17 13:49 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-03 20:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-03 20:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-06-15 09:20 6803456 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-06-15 09:20 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-06-15 09:20 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 10:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-03 20:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-03 20:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 19:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-08-28 21:28 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-11-21 17:38 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"nlsvc"=2 (0x2)
"UTSCSI"=2 (0x2)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"LBTServ"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"DAUpdaterSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"e:\\DC\\StrongDC.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"e:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Half-Life 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.6.2009 18:59 64160]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.4.2008 10:09 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.4.2008 10:09 19024]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 22:34 1029456]
S3 b1916;b1916;c:\windows\system32\b1916.sys [4.3.2010 11:28 54624]
S4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;e:\dragon age\bin_ship\daupdatersvc.service.exe [19.11.2009 20:53 25832]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2006 18:15 685816]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ATAPI
.
Obsah adresáře 'Naplánované úlohy'

2010-03-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\NetLimiter\nl_lsp.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} - hxxp://xtraz.icq.com/xtraz/products/wirelesscl/WirelessContact.cab
FF - ProfilePath - c:\documents and settings\Kalkin\Data aplikací\Mozilla\Firefox\Profiles\4tym4yvg.default\
FF - component: c:\program files\Real Alternative\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 15:00
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DBA9ED8-D0F7-1166-2A9D-17C256CA4DBB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2025429265-1547161642-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:e2,17,9a,b3,7b,f2,22,cb,64,a6,52,23,45,88,59,e5,aa,4f,c4,db,c7,
f7,c3,28,de,11,12,c1,6b,19,e2,54,8c,ac,d2,06,6f,72,24,61,95,28,62,aa,c8,27,\
"rkeysecu"=hex:43,f5,cf,23,6e,e9,d1,c0,f0,95,76,17,56,65,47,22
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(836)
c:\program files\NetLimiter\nl_lsp.dll
c:\windows\system32\nl_msgc.dll

- - - - - - - > 'explorer.exe'(1000)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\program files\NetLimiter\nl_lsp.dll
c:\windows\system32\nl_msgc.dll
.
Celkový čas: 2010-03-04 15:01:01
ComboFix-quarantined-files.txt 2010-03-04 14:00

Před spuštěním: 1 501 114 368
Po spuštění: 1 484 988 416

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 975BD2806B58C420E8534603B8195B38

#7 Příspěvek od **Caroprd111** » 04 bře 2010 15:11

Odinstalujte Ad-Aware.

Obrázek

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Driver::
b1916

File::
c:\windows\system32\b1916.sys
c:\documents and settings\Kalkin\Nabídka Start\Programy\Po spuštění\winesm32.exe
c:\windows\pss\winesm32.exe

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Kalkin^Nabídka Start^Programy^Po spuštění^winesm32.exe]

RegLock::
[HKEY_USERS\S-1-5-21-2025429265-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DBA9ED8-D0F7-1166-2A9D-17C256CA4DBB}*]

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Kalkin · #8 Příspěvek od **Kalkin** » 04 bře 2010 16:00

Nejak se mi to po prvem spuštění podařilo smazat tak doufam že nevadi když to to je Log po druhem spuštění toho scriptu

ComboFix 10-03-03.07 - Kalkin 04.03.2010 15:54:20.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1106 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kalkin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kalkin\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\Kalkin\Nabídka Start\Programy\Po spuštění\winesm32.exe"
"c:\windows\pss\winesm32.exe"
"c:\windows\system32\b1916.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\system32\b1916.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_B1916
-------\Service_b1916

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-04 do 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-04 11:19 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-04 11:19 . 2010-03-04 11:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-04 11:19 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-04 10:31 . 2001-10-25 14:00 54272 -c--a-w- c:\windows\system32\dllcache\swmidi.sys
2010-03-04 10:26 . 2004-08-03 22:07 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2010-03-04 10:26 . 2004-08-03 22:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-03-04 09:12 . 2004-08-03 21:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-04 09:12 . 2004-08-03 21:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-04 09:11 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-04 09:11 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-04 09:11 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-04 09:11 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-19 09:57 . 2010-02-19 09:57 -------- d-----w- c:\program files\Aegisub
2010-02-11 15:45 . 2010-02-11 15:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-08 10:59 . 2010-02-08 10:59 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-02-05 12:28 . 2010-02-05 12:30 -------- d-----w- c:\program files\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 14:15 . 2006-12-29 17:01 -------- d-----w- c:\program files\Lavasoft
2010-03-04 13:09 . 2006-12-29 17:12 -------- d-----w- c:\program files\Alwil Software
2010-02-23 10:34 . 2009-05-15 12:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 11:53 . 2009-05-14 18:27 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-20 11:52 . 2009-05-14 18:27 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-19 12:37 . 2009-07-09 21:50 -------- d-----w- c:\program files\DOSBox-0.72
2010-02-17 17:00 . 2008-01-20 21:06 -------- d-----w- c:\program files\Real Alternative
2010-02-11 18:53 . 2006-12-29 17:12 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2006-12-29 17:12 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2006-12-29 17:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2008-04-20 09:09 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2006-12-29 17:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2006-12-29 17:12 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2006-12-29 17:12 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2008-04-20 09:09 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2006-12-29 17:12 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-08 11:19 . 2006-12-30 12:08 -------- d-----w- c:\program files\DaemonTools_WhenUSave_Installer
2010-02-01 19:51 . 2010-02-01 19:51 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-24 14:20 . 2010-01-24 14:19 -------- d-----w- c:\program files\Tom's eTextReader
2010-01-21 19:25 . 2009-04-18 14:16 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-01-20 14:45 . 2010-01-20 14:45 -------- d-----w- c:\program files\Common Files\CyberLink
2010-01-20 14:45 . 2010-01-20 14:45 -------- d-----w- c:\program files\CyberLink
2010-01-20 14:44 . 2009-01-15 18:45 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-20 14:36 . 2010-01-20 14:36 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-01-20 14:36 . 2010-01-20 14:35 -------- d-----w- c:\program files\MSECACHE
2010-01-09 17:10 . 2009-01-13 15:51 -------- d-----w- c:\program files\ICQ6.5
2010-01-08 12:07 . 2009-05-14 18:27 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-24 20:24 . 2009-12-24 20:24 23600 ----a-w- c:\windows\system32\drivers\tvichw32.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter\NetLimiter.exe" [2004-03-31 823296]
"SoundMan"="SOUNDMAN.EXE" [2005-01-07 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-29 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 15:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-17 13:49 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-17 13:49 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-03 20:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-03 20:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-06-15 09:20 6803456 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-06-15 09:20 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-06-15 09:20 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 10:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-03 20:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-03 20:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 19:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-08-28 21:28 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-11-21 17:38 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"nlsvc"=2 (0x2)
"UTSCSI"=2 (0x2)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"LBTServ"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"DAUpdaterSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"e:\\DC\\StrongDC.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"e:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Half-Life 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.4.2008 10:09 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.4.2008 10:09 19024]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
S4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;e:\dragon age\bin_ship\daupdatersvc.service.exe [19.11.2009 20:53 25832]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.12.2006 18:15 685816]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\NetLimiter\nl_lsp.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} - hxxp://xtraz.icq.com/xtraz/products/wirelesscl/WirelessContact.cab
FF - ProfilePath - c:\documents and settings\Kalkin\Data aplikací\Mozilla\Firefox\Profiles\4tym4yvg.default\
FF - component: c:\program files\Real Alternative\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Real Alternative\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real Alternative\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real Alternative\Netscape6\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 15:57
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DBA9ED8-D0F7-1166-2A9D-17C256CA4DBB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2025429265-1547161642-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:e2,17,9a,b3,7b,f2,22,cb,64,a6,52,23,45,88,59,e5,aa,4f,c4,db,c7,
f7,c3,28,de,11,12,c1,6b,19,e2,54,8c,ac,d2,06,6f,72,24,61,95,28,62,aa,c8,27,\
"rkeysecu"=hex:43,f5,cf,23,6e,e9,d1,c0,f0,95,76,17,56,65,47,22
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(820)
c:\program files\NetLimiter\nl_lsp.dll
c:\windows\system32\nl_msgc.dll

- - - - - - - > 'explorer.exe'(1704)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\program files\NetLimiter\nl_lsp.dll
c:\windows\system32\nl_msgc.dll
.
Celkový čas: 2010-03-04 15:58:20
ComboFix-quarantined-files.txt 2010-03-04 14:58
ComboFix2.txt 2010-03-04 14:01

Před spuštěním: 1 719 873 536
Po spuštění: 1 682 677 760

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 61E4EC1CE1D005979DCE3594750EE9F8

#9 Příspěvek od **Caroprd111** » 04 bře 2010 16:01

Odinstalujte všechny emulátory virtuálních mechanik.

Obrázek

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
zvolte možnost Uninstall a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek

Start > Spustit (Win + R)

Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

Klikněte na OK

Vytvoří se log s názvem mbr.log, vložte ho sem.

Kalkin · #10 Příspěvek od **Kalkin** » 04 bře 2010 16:15

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys
kernel: MBR read successfully
user & kernel MBR OK

#11 Příspěvek od **Caroprd111** » 04 bře 2010 16:17

Jak to vypadá s PC

Kalkin · #12 Příspěvek od **Kalkin** » 04 bře 2010 16:20

Vypadá to že by to už mohlo být v pořádku

jestě skusim restart

Kalkin · #13 Příspěvek od **Kalkin** » 04 bře 2010 16:29

no chová se trochu divně po naběhnutí systému trvalo pár minut 2-3 než se zpřístupnily lyšta start, rozjeli prohližeče a spravce uloh ale zdalo se že jine aplikace byli funkční. po te chvili to pak najelo divné no ale aspon je to funkční

#14 Příspěvek od **Caroprd111** » 04 bře 2010 16:42

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

Kalkin · #15 Příspěvek od **Kalkin** » 04 bře 2010 17:19

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-04 16:46:35
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Kalkin\LOCALS~1\Temp\pxtdqpow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-04 17:17:32
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Kalkin\LOCALS~1\Temp\pxtdqpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA2C46C5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA2C46B16]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA2C470CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA2C46FF4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA2C466EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA2C46BF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA2C4662C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA2C46690]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA2C46D10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA2C47198]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA2C46CD0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA2C46E50]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB85E4000, 0x1A0D8E, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0x9AC6F300, 0x3AE88, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xA5F44300, 0x1B7E, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[248] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] [004015C0] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service/ALWIL Software)
IAT C:\WINDOWS\system32\services.exe[812] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[812] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000272d1bb10 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x28 0xE8 0xD1 0x77 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x35 0x39 0x46 0xFC ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0x6D 0xB9 0x84 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0x16 0x6A 0x36 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xFE 0x3D 0x57 0xA8 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x85 0xC0 0xFA 0x19 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x86 0x16 0x05 0x0C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x26 0xCB 0x9A 0xE4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDA 0x81 0x01 0xBD ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2F 0x67 0xD4 0x9C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF1 0x43 0x4F 0xF3 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x29 0xF9 0x6D 0xF6 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE8 0x17 0x7E 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBE 0x1E 0x95 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDA 0x81 0x01 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x64 0x62 0x05 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x69 0xAE 0x12 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xAE 0x06 0x51 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x97 0xCD 0x93 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x28 0xE8 0xD1 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x35 0x39 0x46 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0x6D 0xB9 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0x16 0x6A 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xFE 0x3D 0x57 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x85 0xC0 0xFA 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x86 0x16 0x05 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x26 0xCB 0x9A 0xE4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x66 0xAA 0xC8 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x79 0x5B 0x5D 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF1 0x43 0x4F 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x29 0xF9 0x6D 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE8 0x17 0x7E 0xA3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x28 0xE8 0xD1 0x77 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x35 0x39 0x46 0xFC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0x6D 0xB9 0x84 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0x16 0x6A 0x36 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xFE 0x3D 0x57 0xA8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x85 0xC0 0xFA 0x19 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x86 0x16 0x05 0x0C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x26 0xCB 0x9A 0xE4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x66 0xAA 0xC8 0xDE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x79 0x5B 0x5D 0x19 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF1 0x43 0x4F 0xF3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x29 0xF9 0x6D 0xF6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE8 0x17 0x7E 0xA3 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DBA9ED8-D0F7-1166-2A9D-17C256CA4DBB}

---- EOF - GMER 1.0.15 ----

VIRY.CZ

Win32:Rootkit-gen / winesm32.exe

Win32:Rootkit-gen / winesm32.exe

Re: Win32:Rootkit-gen / winesm32.exe

Re: Win32:Rootkit-gen / winesm32.exe

Re: Win32:Rootkit-gen / winesm32.exe

Re: Win32:Rootkit-gen / winesm32.exe

Re: Win32:Rootkit-gen / winesm32.exe

Re: Win32:Rootkit-gen / winesm32.exe

Re: Win32:Rootkit-gen / winesm32.exe

Re: Win32:Rootkit-gen / winesm32.exe

Re: Win32:Rootkit-gen / winesm32.exe

Re: Win32:Rootkit-gen / winesm32.exe

Re: Win32:Rootkit-gen / winesm32.exe

Re: Win32:Rootkit-gen / winesm32.exe

Re: Win32:Rootkit-gen / winesm32.exe

Re: Win32:Rootkit-gen / winesm32.exe