antispywareXP

[Janekas]

Dobrý den lidi,

velmi prosím o pomoc. iMAC na kterém jsou xp profesional a uživatel si "pořídil" antispywareXP - unregistred version. Bohužel nejde spustit žádný program ani .exe soubor, a to ani v nouzovém režimu. Takže nemohu vložit ani log. Je stím možno jěště neco udělat? díky za pomoc

Honza

[Janekas]

Jsem to lama. Stačí přece ten program zvolit. Tady je log.
Logfile of random's system information tool 1.06 (written by random/random)
Run by iMac at 2010-03-24 09:30:19
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 542 GB (92%) free of 590 GB
Total RAM: 2792 MB (91% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16 322864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
MHTBPos00 Class - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07 2642432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - Family Toolbar - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07 2642432]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-13 13549568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-13 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-01-13 18082304]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2009-01-13 57344]
"Apple_KbdMgr"=C:\Program Files\Boot Camp\KbdMgr.exe [2009-01-13 431408]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-10 149280]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2009-02-25 77824]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-04-28 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Family Tree Builder Update"=C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2009-01-14 113680]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"syncman"=c:\windows\system32\wuaucldt.exe [2010-03-19 51807]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"syncman"=c:\windows\system32\config\system [2010-03-24 4718592]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Documents and Settings\iMac\Nabídka Start\Programy\Po spuštění
monnwb32.exe
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
syspck32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\iMac\Dokumenty\Stažené soubory\winbox.exe"="C:\Documents and Settings\iMac\Dokumenty\Stažené soubory\winbox.exe:*:Enabled:winbox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\setup.exe


======File associations======

.exe - open - "C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\ave.exe" /START "%1" %*

======List of files/folders created in the last 1 months======

2010-03-24 09:30:20 ----D---- C:\Program Files\trend micro
2010-03-24 09:30:19 ----D---- C:\rsit
2010-03-22 16:25:37 ----D---- C:\WINDOWS\Minidump
2010-03-22 15:54:14 ----D---- C:\WINDOWS\CSC
2010-03-20 14:19:12 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-19 09:53:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\avG
2010-03-19 09:53:44 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\vma.exe
2010-03-19 09:53:44 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\MSASCui.exe
2010-03-19 09:53:44 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\av.exe
2010-03-19 09:53:43 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\ave.exe
2010-03-19 09:32:01 ----A---- C:\WINDOWS\system32\wuaucldt.exe
2010-03-12 14:02:49 ----D---- C:\Program Files\Landi2003
2010-03-12 14:02:46 ----N---- C:\WINDOWS\Setup1.exe
2010-03-12 14:02:45 ----A---- C:\WINDOWS\ST6UNST.EXE
2010-03-11 20:20:37 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-10 23:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-10 15:01:11 ----A---- C:\WINDOWS\system32\tsccvid.dll
2010-03-06 14:30:34 ----D---- C:\WINDOWS\ie8updates
2010-03-06 14:29:52 ----D---- C:\WINDOWS\WBEM
2010-03-06 14:28:46 ----HDC---- C:\WINDOWS\ie8
2010-03-06 14:27:19 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-06 10:33:01 ----D---- C:\Program Files\LANGMaster
2010-03-04 19:33:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
2010-03-04 19:33:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2010-03-04 19:33:45 ----D---- C:\Program Files\McAfee Security Scan
2010-03-03 12:45:30 ----D---- C:\Documents and Settings\iMac\Data aplikací\LANGMaster

======List of files/folders modified in the last 1 months======

2010-03-24 09:30:20 ----RD---- C:\Program Files
2010-03-24 09:01:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-24 08:57:28 ----D---- C:\WINDOWS\Prefetch
2010-03-24 08:46:49 ----D---- C:\WINDOWS\system32
2010-03-24 08:46:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-24 08:43:10 ----D---- C:\WINDOWS\Temp
2010-03-23 14:50:04 ----D---- C:\Documents and Settings\iMac\Data aplikací\HPAppData
2010-03-23 14:49:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-23 14:07:18 ----D---- C:\WINDOWS
2010-03-20 14:23:16 ----D---- C:\Program Files\Mozilla Firefox
2010-03-19 13:12:07 ----D---- C:\Program Files\Internet Explorer
2010-03-19 09:53:44 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-19 09:39:28 ----D---- C:\Documents and Settings\iMac\Data aplikací\Skype
2010-03-19 09:32:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-19 09:26:50 ----D---- C:\Documents and Settings\iMac\Data aplikací\skypePM
2010-03-18 19:03:07 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-18 15:18:35 ----D---- C:\WINDOWS\system32\drivers
2010-03-18 15:15:31 ----SHD---- C:\WINDOWS\Installer
2010-03-18 09:33:51 ----HD---- C:\WINDOWS\inf
2010-03-10 23:02:35 ----D---- C:\Program Files\Movie Maker
2010-03-10 23:02:20 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-07 21:28:51 ----A---- C:\WINDOWS\imsins.BAK
2010-03-06 14:33:38 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-06 14:33:37 ----D---- C:\WINDOWS\Help
2010-03-06 14:29:45 ----D---- C:\WINDOWS\Media
2010-03-06 14:27:22 ----D---- C:\WINDOWS\Debug
2010-03-06 11:55:50 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-03-04 09:26:30 ----D---- C:\Documents and Settings\iMac\Data aplikací\f2fElementary
2010-03-04 09:16:16 ----A---- C:\WINDOWS\TALKTOME.INI
2010-03-03 12:55:19 ----D---- C:\TALKTOME

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IRRemoteFlt;IR Receiver Filter Driver; C:\WINDOWS\system32\DRIVERS\IRFilter.sys [2009-01-13 16512]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2009-01-13 13952]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
S2 KeyAgent;KeyAgent; \??\C:\WINDOWS\system32\drivers\KeyAgent.sys []
S2 MacHALDriver;Mac HAL; \??\C:\WINDOWS\system32\drivers\MacHALDriver.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-01-13 1391104]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2009-08-26 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2009-08-26 21568]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-01-13 4968448]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-13 6629792]
S3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-01-13 54784]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-01-13 22016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AppleOSSMgr;Apple OS Switch Manager; C:\WINDOWS\system32\AppleOSSMgr.exe [2009-01-13 136496]
S2 AppleTimeSrv;Apple Time Service; C:\WINDOWS\system32\AppleTimeSrv.exe [2009-01-13 99632]
S2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 gupdate1ca498580e61de;Google Update Service (gupdate1ca498580e61de); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-10 133104]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-10 153376]
S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-13 168004]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]

-----------------EOF-----------------

[cernohous13]

Zdravím,

Stáhni si ComboFix
a ulož ho jako cobra.com na plochu. - zatím nespouštěj
Ukonči všechna aktivní okna,vypni Antispy a Antivir
Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

CFscript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"NBKeyScan"=-
"Adobe Reader Speed Launcher"=-
"HP Software Update"=-
""=-
"syncman"=-
"Regedit32"=-
"KernelFaultCheck"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"syncman"=-

File::
c:\windows\system32\wuaucldt.exe
C:\Documents and Settings\iMac\Nabídka Start\Programy\Po spuštění\monnwb32.exe
C:\Documents and Settings\iMac\Nabídka Start\Programy\Po spuštění\syspck32.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\ave.exe

Folder::
c:\windows\system32\config\system

Reboot::

[Janekas]

Bohužel, po spuštění se combo rozjede ale vyskočí hláška : Some files could not be created. Please close all aplications, reboot windows and restart instalation:(
Ctělo by něco co pracuje v nouzovém režimu, tam se ty wokna chovají celkem normálně.

díky

[Janekas]

Nenapadá vás lidičky něco? Já už bych to dávno přeinstaloval, ale nemám Aplovskou klávesnici a nemůžu nabootovat z CD.

dík

[cernohous13]

ComboFix proveď v nouz.režimu

[Janekas]

v nouzáku mi píše že je jen pro 2000 a XP
a teď to už píše to samé jako pod normálním bootem:(

[Janekas]

podařilo se mi rozeběhnout combofix, tady je ten log:
ComboFix 10-03-23.03 - iMac 24.03.2010 15:49:08.1.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2792.2533 [GMT 1:00]
Spuštěný z: c:\documents and settings\iMac\Plocha\cobra.com
Použité ovládací přepínače :: c:\docume~1\iMac\Plocha\CFscript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\MSASCui.exe
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\config\systemprofile\wuaucldt.exe
c:\windows\system32\wuaucldt.exe

c:\windows\system32\drivers\cdrom.sys . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-24 do 2010-03-24 )))))))))))))))))))))))))))))))
.

2010-03-24 09:19 . 2010-03-24 09:19 -------- d-----w- C:\cobra
2010-03-24 08:30 . 2010-03-24 08:30 -------- d-----w- c:\program files\trend micro
2010-03-19 12:14 . 2010-03-19 12:14 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-03-19 12:14 . 2010-03-19 12:14 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-03-18 14:18 . 2010-03-24 14:57 802304 ----a-w- c:\windows\system32\drivers\lzgnb.sys
2010-03-12 13:02 . 2010-03-12 13:49 -------- d-----w- c:\program files\Landi2003
2010-03-12 13:02 . 2010-03-12 13:10 475136 ------w- c:\windows\Setup1.exe
2010-03-12 13:02 . 2010-03-12 13:10 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-11 19:20 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-11 18:38 . 2010-03-11 18:38 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-10 14:01 . 2001-09-12 01:21 98304 ----a-w- c:\windows\system32\tsccvid.dll
2010-03-06 13:34 . 2010-03-06 13:34 -------- d-sh--w- c:\documents and settings\iMac\PrivacIE
2010-03-06 13:33 . 2010-03-06 13:33 -------- d-sh--w- c:\documents and settings\iMac\IETldCache
2010-03-06 13:30 . 2010-03-06 13:30 -------- d-----w- c:\windows\ie8updates
2010-03-06 13:28 . 2010-03-06 13:29 -------- dc-h--w- c:\windows\ie8
2010-03-06 13:25 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-06 13:25 . 2009-12-21 19:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-06 13:25 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-06 13:25 . 2009-12-21 19:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-06 13:25 . 2009-12-21 19:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-06 13:25 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-06 13:25 . 2009-12-21 19:08 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-06 09:33 . 2010-03-06 09:33 -------- d-----w- c:\program files\LANGMaster
2010-03-04 18:33 . 2010-03-11 18:38 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-03 11:55 . 2010-03-03 11:55 266 ---h--r- c:\windows\system32\ttri.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 14:58 . 2008-04-14 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-03-24 14:58 . 2008-04-14 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-03-20 13:27 . 2008-04-14 12:00 98240 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-01-27 07:14 . 2009-10-10 08:38 -------- d-----w- c:\program files\Google
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-13 13549568]
"nwiz"="nwiz.exe" [2009-01-13 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-13 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18082304]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2009-01-13 431408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2009-02-25 77824]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2009-01-14 113680]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\iMac\Nabˇdka Start\Programy\Po spuçtŘnˇ\
monnwb32.exe [2008-4-14 30720]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
syspck32.exe [2008-4-14 28160]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\iMac\\Dokumenty\\Stažené soubory\\winbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [13.1.2009 17:52 136496]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [13.1.2009 17:52 99632]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [13.1.2009 17:35 5760]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [13.1.2009 17:34 6784]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [9.10.2009 20:52 16512]
S2 gupdate1ca498580e61de;Google Update Service (gupdate1ca498580e61de);c:\program files\Google\Update\GoogleUpdate.exe [10.10.2009 9:38 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - lzgnb

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 08:38]

2010-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 08:38]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: {12F1693F-167B-4227-A5AB-EBD054E378B5} = 212.24.128.8,212.24.132.132
FF - ProfilePath - c:\documents and settings\iMac\Data aplikací\Mozilla\Firefox\Profiles\wwq2hynm.default\
FF - prefs.js: browser.search.selectedEngine - Hledat
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 15:56
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\documents and settings\iMac\Nabídka Start\Programy\Po spuštění\monnwb32.exe 30720 bytes executable
c:\documents and settings\iMac\Nabídka Start\Programy\Po spuštění\syspck32.exe 28160 bytes executable

sken byl úspešně dokončen
skryté soubory: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lzgnb]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3088)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-03-24 15:59:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-24 14:59

Před spuštěním: Volných bajtů: 573 506 166 784
Po spuštění: Volných bajtů: 574 511 869 952

- - End Of File - - C7E7664EC9BE397F6D73845D76D77513

[cernohous13]

Stahni Avenger zde:
http://swandog46.geekstogo.com/avenger.exe
Spusť a všude souhlas „Yes“
Hlavní okno

dole dej fajfku do obou čtverečků

Do pole „Input script here“ zkopíruj zelený text scriptu > „Execute“ > „Yes“
Bude restart a je potřeba vyčkat na otevření Notepadu a jeho obsah sem vložit.

Script

Kód: Vybrat vše

Files to delete:

c:\documents and settings\iMac\Nabídka Start\Programy\Po spuštění\monnwb32.exe
c:\documents and settings\iMac\Nabídka Start\Programy\Po spuštění\syspck32.exe
c:\windows\system32\drivers\lzgnb.sys

Drivers to delete:
lzgnb

přidej log ComboFixu v normálním režimu

[Janekas]

Dobrý den, celý včerejšek jsem měl zabitý, tak se omlouvám za zdržení.
avenger log:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\documents and settings\iMac\Nabídka Start\Programy\Po spuštění\monnwb32.exe" deleted successfully.
File "c:\documents and settings\iMac\Nabídka Start\Programy\Po spuštění\syspck32.exe" deleted successfully.
File "c:\windows\system32\drivers\lzgnb.sys" deleted successfully.
Driver "lzgnb" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
combo log:
ComboFix 10-03-25.06 - iMac 26.03.2010 11:06:20.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2792.2300 [GMT 1:00]
Spuštěný z: c:\documents and settings\iMac\Plocha\cobra.com
Použité ovládací přepínače :: f:\virypetr\CFscript.txt

FILE ::
"c:\documents and settings\iMac\Nabídka Start\Programy\Po spuštění\monnwb32.exe"
"c:\documents and settings\iMac\Nabídka Start\Programy\Po spuštění\syspck32.exe"
"c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\ave.exe"
"c:\windows\system32\wuaucldt.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\cdrom.sys . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-26 do 2010-03-26 )))))))))))))))))))))))))))))))
.

2010-03-24 15:21 . 2010-03-24 15:21 -------- d-----w- c:\program files\ESET
2010-03-24 15:03 . 2010-03-24 15:03 -------- d-sh--w- c:\documents and settings\iMac\IECompatCache
2010-03-24 09:19 . 2010-03-24 09:19 -------- d-----w- C:\cobra
2010-03-24 08:30 . 2010-03-24 08:30 -------- d-----w- c:\program files\trend micro
2010-03-19 12:14 . 2010-03-19 12:14 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-03-19 12:14 . 2010-03-19 12:14 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-03-12 13:02 . 2010-03-12 13:49 -------- d-----w- c:\program files\Landi2003
2010-03-12 13:02 . 2010-03-12 13:10 475136 ------w- c:\windows\Setup1.exe
2010-03-12 13:02 . 2010-03-12 13:10 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-11 19:20 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-11 18:38 . 2010-03-11 18:38 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-10 14:01 . 2001-09-12 01:21 98304 ----a-w- c:\windows\system32\tsccvid.dll
2010-03-06 13:34 . 2010-03-06 13:34 -------- d-sh--w- c:\documents and settings\iMac\PrivacIE
2010-03-06 13:33 . 2010-03-06 13:33 -------- d-sh--w- c:\documents and settings\iMac\IETldCache
2010-03-06 13:30 . 2010-03-06 13:30 -------- d-----w- c:\windows\ie8updates
2010-03-06 13:28 . 2010-03-06 13:29 -------- dc-h--w- c:\windows\ie8
2010-03-06 13:25 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-06 13:25 . 2009-12-21 19:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-06 13:25 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-06 13:25 . 2009-12-21 19:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-06 13:25 . 2009-12-21 19:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-06 13:25 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-06 13:25 . 2009-12-21 19:08 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-06 09:33 . 2010-03-06 09:33 -------- d-----w- c:\program files\LANGMaster
2010-03-04 18:33 . 2010-03-11 18:38 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-03 11:55 . 2010-03-03 11:55 266 ---h--r- c:\windows\system32\ttri.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 10:00 . 2008-04-14 12:00 98240 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-03-24 15:07 . 2008-04-14 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-03-24 15:07 . 2008-04-14 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-01-27 07:14 . 2009-10-10 08:38 -------- d-----w- c:\program files\Google
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-24_14.56.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 12:00 . 2010-03-24 14:57 40128 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-03-24 15:07 40128 c:\windows\system32\perfc009.dat
+ 2010-03-19 11:48 . 2010-03-26 10:01 16504 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
+ 2008-04-14 12:00 . 2010-03-24 15:07 311740 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-03-24 14:57 311740 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-13 13549568]
"nwiz"="nwiz.exe" [2009-01-13 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-13 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18082304]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2009-01-13 431408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2009-02-25 77824]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2009-01-14 113680]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\iMac\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\iMac\\Dokumenty\\Stažené soubory\\winbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [13.1.2009 17:52 136496]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [13.1.2009 17:52 99632]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [13.1.2009 17:35 5760]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [13.1.2009 17:34 6784]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [9.10.2009 20:52 16512]
S2 gupdate1ca498580e61de;Google Update Service (gupdate1ca498580e61de);c:\program files\Google\Update\GoogleUpdate.exe [10.10.2009 9:38 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 08:38]

2010-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 08:38]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
FF - ProfilePath - c:\documents and settings\iMac\Data aplikací\Mozilla\Firefox\Profiles\wwq2hynm.default\
FF - prefs.js: browser.search.selectedEngine - Hledat
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-26 11:10
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(256)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\documents and settings\LocalService\Local Settings\Data aplikací\ave.exe
.
**************************************************************************
.
Celkový čas: 2010-03-26 11:12:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-26 10:12
ComboFix2.txt 2010-03-24 14:59

Před spuštěním: Volných bajtů: 574 368 669 696
Po spuštění: Volných bajtů: 574 332 354 560

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6843C6019EFFB13FFCBFD6B0181FDE72
díky za pomoc

[cernohous13]

Použij ještě tento CFscript - dej ho na plochu

Kód: Vybrat vše

KillAll::

SRPeek::
cdrom.sys

File::
c:\documents and settings\LocalService\Local Settings\Data aplikací\ave.exe

[Janekas]

Zase zdravím. Tady je ten log z combofixu. Není už možný zničit ten antispywareXP. Požád tu vyskakuje až po čase zatuhne comp. Nastavil jsem si vzdálený přístup abych sem nemusel porad běhat, ale vždy to po čase zatuhne:(

log:
ComboFix 10-03-26.02 - iMac 27.03.2010 9:31.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2792.2236 [GMT 1:00]
Spuštěný z: c:\documents and settings\iMac\Plocha\cobra.com
Použité ovládací přepínače :: c:\docume~1\iMac\Plocha\CFScript.txt

FILE ::
"c:\documents and settings\LocalService\Local Settings\Data aplikací\ave.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Local Settings\Data aplikací\ave.exe
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\system32\drivers\cdrom.sys . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-27 do 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-26 17:26 . 2009-09-28 18:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-03-26 17:26 . 2009-09-28 18:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2010-03-26 17:26 . 2009-09-28 18:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-03-26 17:26 . 2008-08-11 11:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-03-26 17:26 . 2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2010-03-26 17:26 . 2010-03-26 23:00 -------- d-----w- c:\program files\LogMeIn
2010-03-24 15:21 . 2010-03-24 15:21 -------- d-----w- c:\program files\ESET
2010-03-24 15:03 . 2010-03-24 15:03 -------- d-sh--w- c:\documents and settings\iMac\IECompatCache
2010-03-24 09:19 . 2010-03-24 09:19 -------- d-----w- C:\cobra
2010-03-24 08:30 . 2010-03-24 08:30 -------- d-----w- c:\program files\trend micro
2010-03-19 12:14 . 2010-03-19 12:14 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-03-19 12:14 . 2010-03-19 12:14 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-03-12 13:02 . 2010-03-12 13:49 -------- d-----w- c:\program files\Landi2003
2010-03-12 13:02 . 2010-03-12 13:10 475136 ------w- c:\windows\Setup1.exe
2010-03-12 13:02 . 2010-03-12 13:10 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-11 19:20 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-11 18:38 . 2010-03-11 18:38 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-10 14:01 . 2001-09-12 01:21 98304 ----a-w- c:\windows\system32\tsccvid.dll
2010-03-06 13:34 . 2010-03-06 13:34 -------- d-sh--w- c:\documents and settings\iMac\PrivacIE
2010-03-06 13:33 . 2010-03-06 13:33 -------- d-sh--w- c:\documents and settings\iMac\IETldCache
2010-03-06 13:30 . 2010-03-06 13:30 -------- d-----w- c:\windows\ie8updates
2010-03-06 13:28 . 2010-03-06 13:29 -------- dc-h--w- c:\windows\ie8
2010-03-06 13:25 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-06 13:25 . 2009-12-21 19:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-06 13:25 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-06 13:25 . 2009-12-21 19:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-06 13:25 . 2009-12-21 19:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-06 13:25 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-06 13:25 . 2009-12-21 19:08 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-06 09:33 . 2010-03-06 09:33 -------- d-----w- c:\program files\LANGMaster
2010-03-04 18:33 . 2010-03-11 18:38 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-03 11:55 . 2010-03-03 11:55 266 ---h--r- c:\windows\system32\ttri.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 08:31 . 2008-04-14 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-03-27 08:31 . 2008-04-14 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-03-27 08:28 . 2008-04-14 12:00 98240 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-01-27 07:14 . 2009-10-10 08:38 -------- d-----w- c:\program files\Google
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-24_14.56.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-26 17:26 . 2009-09-28 18:34 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
+ 2010-03-26 17:26 . 2009-09-28 18:34 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
+ 2010-03-26 17:26 . 2009-09-28 18:34 40248 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2010-03-26 17:26 . 2009-09-28 18:34 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
+ 2010-03-26 17:26 . 2009-09-28 18:34 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
+ 2010-03-26 17:26 . 2009-09-28 18:34 40248 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
- 2008-04-14 12:00 . 2010-03-24 14:57 40128 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-03-27 08:31 40128 c:\windows\system32\perfc009.dat
+ 2008-08-11 11:40 . 2008-08-11 11:40 11552 c:\windows\system32\lmimirr2.dll
+ 2008-08-11 11:40 . 2008-08-11 11:40 25248 c:\windows\system32\lmimirr.dll
+ 2008-08-11 11:40 . 2008-08-11 11:40 10144 c:\windows\system32\drivers\lmimirr.sys
+ 2010-03-19 11:48 . 2010-03-26 10:01 16504 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
- 2008-04-14 12:00 . 2010-03-24 14:57 311740 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2010-03-27 08:31 311740 c:\windows\system32\perfh009.dat
+ 2010-03-26 17:26 . 2010-03-26 17:26 4296704 c:\windows\Installer\4fda9.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-13 13549568]
"nwiz"="nwiz.exe" [2009-01-13 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-13 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18082304]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2009-01-13 431408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2009-02-25 77824]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2009-01-14 113680]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\iMac\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\iMac\\Dokumenty\\Stažené soubory\\winbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [13.1.2009 17:52 136496]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [13.1.2009 17:52 99632]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [13.1.2009 17:35 5760]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11.8.2008 12:41 12856]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [13.1.2009 17:34 6784]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [9.10.2009 20:52 16512]
S2 gupdate1ca498580e61de;Google Update Service (gupdate1ca498580e61de);c:\program files\Google\Update\GoogleUpdate.exe [10.10.2009 9:38 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 08:38]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 08:38]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
FF - ProfilePath - c:\documents and settings\iMac\Data aplikací\Mozilla\Firefox\Profiles\wwq2hynm.default\
FF - prefs.js: browser.search.selectedEngine - Hledat
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 09:37
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3092)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\documents and settings\LocalService\Local Settings\Data aplikací\ave.exe
.
**************************************************************************
.
Celkový čas: 2010-03-27 09:39:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-27 08:39
ComboFix2.txt 2010-03-26 10:12
ComboFix3.txt 2010-03-24 14:59

Před spuštěním: Volných bajtů: 574 235 537 408
Po spuštění: Volných bajtů: 574 215 020 544

- - End Of File - - 4991BA5F932BCC665959A790805AE532
a děkuji za pomoc a trpělivost, koukám do těch logů abych alespoň odhadl co se dějě, ale pochopení moc nepřichází:) Hluboce smekám, na tohle už jsem asi moc starej.

[cernohous13]

edit
Dostal jsem radu, takže nejprve zkus

Stáhni z přílohy soubor "xp_exe_fix.zip" a rozbal na C:
Dvojklikem spusť -> potvrď

Klikni na https://www.virustotal.com/cs/
klik "Procházet" > do zadávacího pole zkopíruj:

c:\windows\system32\drivers\cdrom.sys

"Odeslat soubor" (pokud byl již testován, nech testovat znovu)
Trpělivě vyčkej dokončení scanu dokud se neobjeví konečný výsledek např.0/39
Do fóra zkopíruj výsledný log. nebo link na stránku.

stáhneš speciální verzi G-Mer
Special
ulož na plochu a spusť -> proběhne krátký scan
když dostaneš hlášku rootkit activity and asks if you want to run scan>>klikneš NO<<
a nastavíš to takto


>> klikneš scan,<<
na konci scanu >>SAVE<< název dej Gspeclog.txt>>ulož na plochu a obsah logu zkopíruj sem

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Skener" > Provést rychlý sken > Skenovat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

xp_exe_fix.zip

(745 bajtů) Staženo 82 x

[Janekas]

dobré ráno.
log z virus total:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.28 Trojan.Win32.Inject!IK
AhnLab-V3 5.0.0.2 2010.03.27 -
AntiVir 7.10.5.241 2010.03.26 TR/Rootkit.Gen
Antiy-AVL 2.0.3.7 2010.03.26 -
Authentium 5.2.0.5 2010.03.28 -
Avast 4.8.1351.0 2010.03.27 Win32:Cutwail-AG
Avast5 5.0.332.0 2010.03.27 Win32:Cutwail-AG
AVG 9.0.0.787 2010.03.27 Generic_r.DD
BitDefender 7.2 2010.03.28 Gen:Rootkit.Heur.fuW@D4!eAEm
CAT-QuickHeal 10.00 2010.03.27 Trojan.Patched.FS
ClamAV 0.96.0.0-git 2010.03.28 -
Comodo 4409 2010.03.28 Virus.Win32.Protector.A
DrWeb 5.0.1.12222 2010.03.28 Win32.Lutin.2
eSafe 7.0.17.0 2010.03.25 -
eTrust-Vet 35.2.7391 2010.03.26 Win32/Cutwail.AZF
F-Prot 4.5.1.85 2010.03.27 -
F-Secure 9.0.15370.0 2010.03.28 Gen:Rootkit.Heur.fuW@D4!eAEm
Fortinet 4.0.14.0 2010.03.27 -
GData 19 2010.03.28 Gen:Rootkit.Heur.fuW@D4!eAEm
Ikarus T3.1.1.80.0 2010.03.28 Trojan.Win32.Inject
Jiangmin 13.0.900 2010.03.28 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.28 Trojan.Win32.Inject.aoad
McAfee 5933 2010.03.27 Spam-Mailbot.h
McAfee+Artemis 5933 2010.03.27 Spam-Mailbot.h
McAfee-GW-Edition 6.8.5 2010.03.27 Heuristic.LooksLike.Trojan.Rootkit.B
Microsoft 1.5605 2010.03.28 VirTool:WinNT/Cutwail.gen!F
NOD32 4978 2010.03.26 Win32/Protector.H
Norman 6.04.10 2010.03.27 W32/Cutwail.AIP
nProtect 2009.1.8.0 2010.03.28 -
Panda 10.0.2.2 2010.03.27 Rootkit/Inject.HM
PCTools 7.0.3.5 2010.03.28 -
Prevx 3.0 2010.03.28 Email High Risk Cloaked Malware
Rising 22.40.06.03 2010.03.28 RootKit.Win32.Mnless.bpm
Sophos 4.52.0 2010.03.28 Troj/Drop-EW
Sunbelt 6101 2010.03.26 -
Symantec 20091.2.0.41 2010.03.28 Suspicious.Insight
TheHacker 6.5.2.0.246 2010.03.28 Trojan/Inject.aoad
TrendMicro 9.120.0.1004 2010.03.28 -
VBA32 3.12.12.2 2010.03.27 Rootkit.Win32.Agent.bdwj
ViRobot 2010.3.27.2248 2010.03.27 Win32.Protector.F
VirusBuster 5.0.27.0 2010.03.27 Win32.Protector.Gen.2
Rozšiřující informace
File size: 98240 bytes
MD5...: 3780da6b46fea2f9e7e531b59bb42c5f
SHA1..: 77a18df579b0ebed679cb61194a3a629bbafe9d5
SHA256: 99cd9a9c55b09efc0f0e77eca748d9bd64d186e0a910bddd41e35e3370ab4fdd
ssdeep: 1536:1P2Fdm+mDwFEgpnZIAYbFwg8bhfC6K34a4GoYyTuFMYSe0N4IZMXdzKmHnu
R1TJb:CyNgZZEbFCfCt34a4Go8D0OCkdz/HnMt

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xdd4
timedatestamp.....: 0x4b9502cc (Mon Mar 08 13:59:40 2010)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2a0 0xc1c 0xc20 5.86 3f39162f79a31e1be68a8bce7049d095
.rdata 0xec0 0x8 0x20 0.40 53bc69c7adc744494f3d55825e7d5c47
.data 0xee0 0x23 0x40 2.19 a1dfd94c6efd414cb0487853fc5de7b6
INIT 0xf20 0x56 0x60 2.92 90629178a99b306539fa5415656e0ca5
.reloc 0xf80 0x1703a 0x17040 7.90 9a58459b50ed2a1037b33a1f3358d67e

( 1 imports )
> ntoskrnl.exe: PsGetCurrentProcessId

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
<a href='http://info.prevx.com/aboutprogramtext. ... 0033584022' target='_blank'>http://info.prevx.com/aboutprogramtext. ... 3584022</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

[Janekas]

log gspec:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-28 08:59:27
Windows 5.1.2600 Service Pack 3
Running: zfkz5z7g.exe; Driver: C:\DOCUME~1\iMac\LOCALS~1\Temp\awriraob.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\002312513b1a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\002312513b1a@001fcc8012d0 0x85 0xAE 0x11 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002312513b1a
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002312513b1a@001fcc8012d0 0x85 0xAE 0x11 0xB3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002312513b1a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002312513b1a@001fcc8012d0 0x85 0xAE 0x11 0xB3 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: copy of MBR

---- EOF - GMER 1.0.15 ----