Nejde bootovat

[mastertegy]

dx.reg

http://www.virustotal.com/cs/analisis/9 ... 1269435660

[mastertegy]

Mosumac.sys na udajně na disku nemam, nejde mi to vložit na Virustotal..... s hláškou že nebyl nalezen.

[motji]

Fajn, ještě ten mbam.
Můžu pak udělat ještě test na rootkity?

[mastertegy]

Tady to je:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3908
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

24.3.2010 15:47:15
mbam-log-2010-03-24 (15-47-07).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|E:\|)
Zkontrolované objekty: 368602
Uplynulý čas: 1 hour(s), 24 minute(s), 27 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
E:\Program Files\Warcraft III\warcraft3 keygen.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Martin\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

[motji]

V mbamu vše smažte.
Můžu ještě udělat ten test na rootkity?
Máte daemona nebo alcohol?

[mastertegy]

Mam deamona...

[motji]

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer


Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

[mastertegy]

GMER maly

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-24 17:11:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\ufliqpoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB2D714FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB2D71322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB2D7145C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

[mastertegy]

Gmer Hlavní

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-25 01:26:54
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\ufliqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB2D64C56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB2D64B12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB2D650C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB2D64FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB2D646E8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB2D64BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB2D64628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB2D6468C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB2D64D0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB2D65194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB2D64CCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB2D64E4C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB2D714FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB2D71322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB2D7145C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CD4 80504560 4 Bytes CALL 09031BAB
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B2D71460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB3AE 7 Bytes JMP B2D71326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC512 5 Bytes JMP B2D6D4BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F96 5 Bytes JMP B2D6E972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1136 7 Bytes JMP B2D71502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB566C380, 0x3DF545, 0xE8000020]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB3021280]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[560] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[560] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBA 0xF1 0x95 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEC 0x73 0x75 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x55 0x0C 0xFE 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5F 0xD1 0xB0 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xCC 0x2F 0xF2 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBA 0xF1 0x95 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEC 0x73 0x75 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x55 0x0C 0xFE 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5F 0xD1 0xB0 0xDA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xCC 0x2F 0xF2 0x57 ...

---- EOF - GMER 1.0.15 ----

[mastertegy]

MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[motji]

Log z gmeru je v pořádku.
Poprosím o nový log z combofixu.
Jak to vypadá s počítačem? Funguje vše, jak má?

[mastertegy]

Dobrý den,

vše dle mého v počítači funguje a chodí tak jak by mělo.log:

ComboFix 10-03-24.02 - Martin 25.03.2010 10:32:53.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2383 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-25 do 2010-03-25 )))))))))))))))))))))))))))))))
.

2010-03-23 15:48 . 2010-03-23 15:49 -------- d-----w- c:\program files\trend micro
2010-03-23 15:48 . 2010-03-23 15:49 -------- d-----w- C:\rsit
2010-03-16 15:01 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-16 15:01 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-16 15:01 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-16 15:01 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-16 15:00 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-13 15:22 . 2010-03-13 15:23 -------- d-----w- c:\program files\Mv2Player
2010-03-10 17:11 . 2010-03-10 17:11 -------- d-----w- c:\documents and settings\LocalService\Dokumenty
2010-03-10 17:10 . 2009-04-14 22:51 96768 ----a-w- c:\windows\system32\htimon.dll
2010-03-10 17:10 . 2010-03-10 17:10 -------- d-----w- c:\program files\Crongreen Software
2010-03-06 16:30 . 2010-03-06 16:30 -------- d-----w- c:\program files\Palm
2010-03-06 00:10 . 2010-03-06 00:12 -------- d-----w- c:\program files\The KMPlayer
2010-02-23 14:04 . 2008-03-09 05:25 236 ---ha-w- c:\program files\Common Files\dx.reg
2010-02-23 14:04 . 2006-11-02 10:46 39936 ----a-w- c:\windows\system32\dwmapi.dll
2010-02-23 14:04 . 2006-11-02 10:46 167936 ----a-w- c:\windows\system32\dxgi.dll
2010-02-23 14:04 . 2006-11-29 12:06 440080 ----a-w- c:\windows\system32\d3dx10.dll
2010-02-23 14:04 . 2006-11-02 10:46 187392 ----a-w- c:\windows\system32\d3d10core.dll
2010-02-23 14:04 . 2006-11-02 10:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
2010-02-23 13:36 . 2010-03-12 17:03 -------- d-----w- c:\documents and settings\Martin\Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 13:10 . 2010-02-22 16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 15:35 . 2009-10-29 15:05 -------- d-----w- c:\program files\Spyware Terminator
2010-03-16 19:35 . 2009-11-30 15:15 -------- d-----w- c:\program files\Vuze
2010-03-12 14:58 . 2009-10-29 15:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-09 11:24 . 2009-10-29 15:03 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2009-10-29 15:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-10-29 15:03 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2009-10-29 15:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-10-29 15:03 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-10-29 15:03 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-10-29 15:03 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2009-10-29 15:03 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-23 17:18 . 2009-10-29 15:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-22 04:42 . 2010-02-21 21:41 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-22 04:41 . 2010-02-21 21:41 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-22 04:37 . 2010-02-21 21:41 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-02-21 21:41 . 2010-02-21 21:41 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-21 20:55 . 2010-02-21 20:27 52273 ----a-w- c:\windows\War3Unin.dat
2010-02-21 20:55 . 2010-02-21 20:27 2829 ----a-w- c:\windows\War3Unin.pif
2010-02-21 20:55 . 2010-02-21 20:27 139264 ----a-w- c:\windows\War3Unin.exe
2010-02-19 12:46 . 2009-11-27 16:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-16 19:47 . 2010-02-16 19:27 -------- d-----w- c:\program files\zFTPServer Administration
2010-02-16 19:27 . 2010-02-16 19:27 -------- d-----w- c:\program files\zFTPServer
2010-02-13 11:42 . 2010-02-13 11:42 -------- d-----w- c:\program files\Alwil Software
2010-02-11 18:53 . 2009-10-29 15:03 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-03 19:19 . 2010-02-03 19:19 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-01 20:27 . 2009-11-09 14:42 -------- d-----w- c:\program files\CDBurnerXP
2010-01-25 21:06 . 2009-10-29 15:24 -------- d-----w- c:\program files\Opera
2010-01-22 16:17 . 2006-03-02 12:00 484044 ----a-w- c:\windows\system32\perfh005.dat
2010-01-22 16:17 . 2006-03-02 12:00 100464 ----a-w- c:\windows\system32\perfc005.dat
2010-01-19 15:50 . 2010-01-19 15:44 73728 ----a-w- c:\windows\ST6UNST.EXE
2010-01-19 15:50 . 2010-01-19 15:44 253952 ------w- c:\windows\Setup1.exe
2010-01-07 15:07 . 2010-02-22 16:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-02-22 16:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 21:03 . 2010-01-02 21:03 1641107 ----a-w- c:\windows\WANEUninstaller.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="e:\steam\steam.exe" [2010-02-20 1217872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-02-17 33595392]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-10-29 1809408]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"zFTPServer"="c:\program files\zFTPServer\zFTPServer.exe" [2008-05-03 3037696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Martin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
zFTPServer Administration.lnk - c:\program files\zFTPServer Administration\zFTPServerAdmin.exe [2010-2-16 4570112]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\X-Men Origins - Wolverine(TM)\\Binaries\\Wolverine.exe"=
"e:\\Program Files\\Damnation\\Binaries\\DamnGame.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\Modern Warfare 2\\iw4mp.exe"=
"e:\\Program Files\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Image\\cs1,6\\hl.exe"=
"d:\\Image\\flatout\\FlatOut2.exe"=
"e:\\Program Files\\DiRT2\\dirt2_game.exe"=
"e:\\Program Files\\NBA 2K10\\nba2k10.exe"=
"d:\\Image\\CS-NS\\CS-NS\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"e:\\steam\\Steam.exe"=
"e:\\Program FilesSTREETFIGHTERIV\\StreetFighterIV.exe"=
"e:\\Program Files@Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"e:\\steam\\steamapps\\mastertegy\\counter-strike\\hl.exe"=
"e:\\UT2004\\System\\UT2004.exe"=
"e:\\Program Files\\Warmonger\\Binaries\\WMGame.exe"=
"c:\\Program Files\\zFTPServer\\zFTPServer.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"e:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Program Files\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Age of Empires III\\age3x.exe"=
"e:\\Program Files\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.10.2009 16:03 162640]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [29.10.2009 16:05 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.10.2009 16:03 19024]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29.10.2009 17:33 222968]
R3 ip100xp;TP-LINK TF-3200 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [19.2.2010 17:27 26752]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [29.10.2009 16:12 1057024]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS --> c:\windows\system32\DRIVERS\MOSUMAC.SYS [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
TCP: {3EF81F71-7646-4F8E-A728-1A25AB063478} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\wojkvvsj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 10:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(180)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-03-25 10:37:08
ComboFix-quarantined-files.txt 2010-03-25 09:37
ComboFix2.txt 2010-03-24 11:09
ComboFix3.txt 2009-10-29 17:26

Před spuštěním: 2 695 434 240
Po spuštění: 2 659 913 728

- - End Of File - - C55B272451AEB4A342D1DE9EDDE090EF

[mastertegy]

Ahoj,

je tam neco vidět?

Pořád mi nejdou do hlavy ty rootkity... jedinná teorie která mě napadá, jestli neodesly ty ramky, komp nemel kam zapisovat, tak to hazel na disk, avast to zacal hlasit jako rootkit...blue screen když odejdou ramky to už sem viděl, ale to bootování? Jedine že by byla první do který se zapisovalo, byla ale ve druhym slotu, nevím jestli to má vliv.

Dejte pak prosím vědět jak to dopadlo s těmi logy. Děkuji.

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Driver::
MOSUMAC
ICQ Service

DDS::
uStart Page = hxxp://start.icq.com/

Firefox::
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\wojkvvsj.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


Něco tam bylo .Popravdě nevím přesně kde byla chyba, možná nějaký infikovaný systémový soubor

[mastertegy]

ComboFix 10-03-25.02 - Martin 25.03.2010 21:45:32.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2244 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Legacy_MOSUMAC
-------\Service_ICQ Service
-------\Service_MOSUMAC


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-25 do 2010-03-25 )))))))))))))))))))))))))))))))
.

2010-03-23 15:48 . 2010-03-23 15:49 -------- d-----w- c:\program files\trend micro
2010-03-23 15:48 . 2010-03-23 15:49 -------- d-----w- C:\rsit
2010-03-16 15:01 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-16 15:01 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-16 15:01 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-16 15:01 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-16 15:00 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-13 15:22 . 2010-03-13 15:23 -------- d-----w- c:\program files\Mv2Player
2010-03-10 17:11 . 2010-03-10 17:11 -------- d-----w- c:\documents and settings\LocalService\Dokumenty
2010-03-10 17:10 . 2009-04-14 22:51 96768 ----a-w- c:\windows\system32\htimon.dll
2010-03-10 17:10 . 2010-03-10 17:10 -------- d-----w- c:\program files\Crongreen Software
2010-03-06 16:30 . 2010-03-06 16:30 -------- d-----w- c:\program files\Palm
2010-03-06 00:10 . 2010-03-06 00:12 -------- d-----w- c:\program files\The KMPlayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 13:10 . 2010-02-22 16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 15:35 . 2009-10-29 15:05 -------- d-----w- c:\program files\Spyware Terminator
2010-03-16 19:35 . 2009-11-30 15:15 -------- d-----w- c:\program files\Vuze
2010-03-12 14:58 . 2009-10-29 15:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-09 11:24 . 2009-10-29 15:03 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2009-10-29 15:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-10-29 15:03 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2009-10-29 15:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-10-29 15:03 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-10-29 15:03 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-10-29 15:03 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2009-10-29 15:03 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-23 17:18 . 2009-10-29 15:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-22 04:42 . 2010-02-21 21:41 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-22 04:41 . 2010-02-21 21:41 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-22 04:37 . 2010-02-21 21:41 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-02-21 21:41 . 2010-02-21 21:41 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-21 20:55 . 2010-02-21 20:27 52273 ----a-w- c:\windows\War3Unin.dat
2010-02-21 20:55 . 2010-02-21 20:27 2829 ----a-w- c:\windows\War3Unin.pif
2010-02-21 20:55 . 2010-02-21 20:27 139264 ----a-w- c:\windows\War3Unin.exe
2010-02-19 12:46 . 2009-11-27 16:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-16 19:47 . 2010-02-16 19:27 -------- d-----w- c:\program files\zFTPServer Administration
2010-02-16 19:27 . 2010-02-16 19:27 -------- d-----w- c:\program files\zFTPServer
2010-02-13 11:42 . 2010-02-13 11:42 -------- d-----w- c:\program files\Alwil Software
2010-02-11 18:53 . 2009-10-29 15:03 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-03 19:19 . 2010-02-03 19:19 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-01 20:27 . 2009-11-09 14:42 -------- d-----w- c:\program files\CDBurnerXP
2010-01-25 21:06 . 2009-10-29 15:24 -------- d-----w- c:\program files\Opera
2010-01-22 16:17 . 2006-03-02 12:00 484044 ----a-w- c:\windows\system32\perfh005.dat
2010-01-22 16:17 . 2006-03-02 12:00 100464 ----a-w- c:\windows\system32\perfc005.dat
2010-01-19 15:50 . 2010-01-19 15:44 73728 ----a-w- c:\windows\ST6UNST.EXE
2010-01-19 15:50 . 2010-01-19 15:44 253952 ------w- c:\windows\Setup1.exe
2010-01-07 15:07 . 2010-02-22 16:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-02-22 16:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 21:03 . 2010-01-02 21:03 1641107 ----a-w- c:\windows\WANEUninstaller.exe
2008-03-09 05:25 . 2010-02-23 14:04 236 ---ha-w- c:\program files\Common Files\dx.reg
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="e:\steam\steam.exe" [2010-02-20 1217872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-02-17 33595392]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-10-29 1809408]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"zFTPServer"="c:\program files\zFTPServer\zFTPServer.exe" [2008-05-03 3037696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Martin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
zFTPServer Administration.lnk - c:\program files\zFTPServer Administration\zFTPServerAdmin.exe [2010-2-16 4570112]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\X-Men Origins - Wolverine(TM)\\Binaries\\Wolverine.exe"=
"e:\\Program Files\\Damnation\\Binaries\\DamnGame.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\Modern Warfare 2\\iw4mp.exe"=
"e:\\Program Files\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Image\\cs1,6\\hl.exe"=
"d:\\Image\\flatout\\FlatOut2.exe"=
"e:\\Program Files\\DiRT2\\dirt2_game.exe"=
"e:\\Program Files\\NBA 2K10\\nba2k10.exe"=
"d:\\Image\\CS-NS\\CS-NS\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"e:\\steam\\Steam.exe"=
"e:\\Program FilesSTREETFIGHTERIV\\StreetFighterIV.exe"=
"e:\\Program Files@Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"e:\\steam\\steamapps\\mastertegy\\counter-strike\\hl.exe"=
"e:\\UT2004\\System\\UT2004.exe"=
"e:\\Program Files\\Warmonger\\Binaries\\WMGame.exe"=
"c:\\Program Files\\zFTPServer\\zFTPServer.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"e:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Program Files\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Age of Empires III\\age3x.exe"=
"e:\\Program Files\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.10.2009 16:03 162640]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [29.10.2009 16:05 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.10.2009 16:03 19024]
R3 ip100xp;TP-LINK TF-3200 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [19.2.2010 17:27 26752]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [29.10.2009 16:12 1057024]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
TCP: {3EF81F71-7646-4F8E-A728-1A25AB063478} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\wojkvvsj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3168)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkový čas: 2010-03-25 21:53:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-25 20:53
ComboFix2.txt 2010-03-25 09:37
ComboFix3.txt 2010-03-24 11:09
ComboFix4.txt 2009-10-29 17:26

Před spuštěním: 2 605 948 928
Po spuštění: 2 374 332 416

- - End Of File - - B8E00717CCADE2A41CCFA92F3F4D701F