Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosba o pomoc - ROOTKIT

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
lusi86
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 12 dub 2010 19:32

Re: prosba o pomoc - ROOTKIT

#16 Příspěvek od lusi86 »

vykonam! pocitac funguje, ani F8 som nemusela pouzit, nabehol sam. Dakujem zatial velmi pekne za pomoc!!! dokoncim Vase posledne pokyny a pridem zasa zajtra! Dobru noc prajem! :turned:
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosba o pomoc - ROOTKIT

#17 Příspěvek od motji »

Klidně to uděljete až zítra. já tu přes den nakukuji, zase tu budu večer :)
Dobrou noc :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
lusi86
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 12 dub 2010 19:32

Re: prosba o pomoc - ROOTKIT

#18 Příspěvek od lusi86 »

pocas skenovania gmerom sa mi pocitac 3x restartoval.... prvy krat po dokonceni kratkeho scanu, druhy a treti krat pocas dlheho scanu... pripajam log z kratkeho scanu... z dlheho sa mi zatial kvoli tomu restartovavaniu nepodarilo spravit...

Running: gmer.exe; Driver: C:\DOCUME~1\lucka\LOCALS~1\Temp\uxtdapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosba o pomoc - ROOTKIT

#19 Příspěvek od motji »

Zkuste ho spustit v nouzovém režimu, předtím gmer přejmenujte na abc.com
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
lusi86
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 12 dub 2010 19:32

Re: prosba o pomoc - ROOTKIT

#20 Příspěvek od lusi86 »

po niekolkych pokusoch sa mi konecne podarilo spravit druhy log z gmeru... pocitac mi zamrzal alebo sa restartovaval...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-13 11:05:42
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\lucka\LOCALS~1\Temp\uxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA997C6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA997C574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA997CA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA997C14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA997C64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA997C08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA997C0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA997C76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA997C72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA997C8AE]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[984] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[984] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0xA5 0xD7 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0xC2 0x95 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9E 0x87 0xDC 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5B 0xB8 0x0A 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x5B 0xB8 0x0A 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x5B 0xB8 0x0A 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x62 0xE6 0xAF 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x09 0xE8 0xF0 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x96 0x77 0x29 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEB 0x36 0x74 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xEB 0x36 0x74 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xEB 0x36 0x74 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0xA5 0xD7 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0xC2 0x95 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5B 0xB8 0x0A 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5B 0xB8 0x0A 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x5B 0xB8 0x0A 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x5B 0xB8 0x0A 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x62 0xE6 0xAF 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x09 0xE8 0xF0 0xA1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x96 0x77 0x29 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEB 0x36 0x74 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xEB 0x36 0x74 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xEB 0x36 0x74 0xEC ...

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes
ADS C:\System Volume Information\_restore{695DD5EE-CC89-473B-A486-4B1638822784}\RP437\A0122512.exe:exe.exe 35840 bytes executable

---- EOF - GMER 1.0.15 ----
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosba o pomoc - ROOTKIT

#21 Příspěvek od motji »

Jak to ted vypadá s počítačem?

:arrow: Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
lusi86
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 12 dub 2010 19:32

Re: prosba o pomoc - ROOTKIT

#22 Příspěvek od lusi86 »

:arrow: stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


:arrow: start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t
ok

:arrow: vytvoří se log s názvem mbr.log, vložte ho zde
podla tohto navodu mi to neslo, ale dala som spustit a vyhladat a vybrala som mbr.exe a vyhodilo mi tento log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

s gmerom som pracovala v normalnom rezime, lebo som uz potom nebola na fore a nevidela som Vasu odpoved, ze sa mam dat do nudzoveho, ale nakoniec sa to podarilo! dufam, ze moj pocitac bude uz zdravy... klaniam sa pred Vasimi vedomostami :worship:
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosba o pomoc - ROOTKIT

#23 Příspěvek od motji »

Ještě tam něco málo je, ale s tím už si poradíme :)
Zatím Daemona neinstalujte, pak pustíme ještě combofix, at se mi nezkreslují výsledky.
Udělejte ten log z mbam :)
A zatím neděkujte, ještě jsme neskončili :D
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
lusi86
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 12 dub 2010 19:32

Re: prosba o pomoc - ROOTKIT

#24 Příspěvek od lusi86 »

teraz ide pocitac pekne, nezamrza, rychlo sa otvaraju priecinky aj internet... idem spustit ten mbam :)
Nahoru
lusi86
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 12 dub 2010 19:32

Re: prosba o pomoc - ROOTKIT

#25 Příspěvek od lusi86 »

po zapnuti pocitaca mi znovu avast vyhodil niekolko upozorneni za sebou, ze mi nasiel ten isty rootkit... dufam, ze nie sme zasa na zaciatku... vyhadzuje mi, ze cudzi program sa mi snazi vypnut rezidentnu ochranu... umiestnenie virusu je znova rovnake, ako som uviedla predtym na viacerych miestach... mbam musim spustit znovu, pretoze sa mi vypol z plochy a ked som ho chcela opatovne spustit, tak mi pisalo, ze je uz spusteny, pricom v spustenych aplikaciach nebol...
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosba o pomoc - ROOTKIT

#26 Příspěvek od motji »

Zkuste jít do nouzového režimu a použít mbam.


:arrow: Jděte do složky windows - system32 a podívejte se po těchto souborech
C:\WINDOWS\system32\57.scr a podobně, všechny s příponou scr smažte, pouze ale s datem z dneška nebo včerejška, když tak dejte sreen, co tam máte za soubory.

:arrow: pročištěte počítač CCleanerem.
:arrow: dejte si zobrazit skryté a systémové soubory (měli by být odkryté),
- vlezte do složky C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 a všechny soubory a složky zde smažte

:arrow: poprosím o nový log ze Rsitu.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
lusi86
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 12 dub 2010 19:32

Re: prosba o pomoc - ROOTKIT

#27 Příspěvek od lusi86 »

v systeme32 mi ziadne subory s takou priponou nenaslo, aj ked ich avast vyhadzoval ako virusy... Z toho dalsieho priecinku v Documents and Settings som vsetko vymazala, zostal len index. Pouzila som CC Cleaner a presla do nudzoveho rezimu. V nudzovom rezime mi nasiel avast rootkit a nejaky iny malware, ktore som dala vymazat. Mam pozastavenu rezidentnu ochranu pocitaca prostrednictvom avastu aby sa mi nebila s mbam-om, ked budem mat vysledok z neho, tak poslem sem.


Novy log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by lucka at 2010-04-13 14:37:13
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (12%) free of 60 GB
Total RAM: 1015 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:39, on 13.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\lucka\LOCALS~1\Temp\Rar$EX00.922\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\lucka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 3.6.151.9 msnfix.changelog.fr
O1 - Hosts: 3.6.151.9 www.incodesolutions.com
O1 - Hosts: 3.6.151.9 virusinfo.prevx.com
O1 - Hosts: 3.6.151.9 download.bleepingcomputer.com
O1 - Hosts: 3.6.151.9 www.dazhizhu.cn
O1 - Hosts: 3.6.151.9 foro.noticias3d.com
O1 - Hosts: 3.6.151.9 www.spybotupdates.com
O1 - Hosts: 3.6.151.9 club.myce.com
O1 - Hosts: 3.6.151.9 www.k7computing.com
O1 - Hosts: 3.6.151.9 softwaresecuritysolutions.com
O1 - Hosts: 3.6.151.9 www.nabble.com
O1 - Hosts: 3.6.151.9 lurker.clamav.net
O1 - Hosts: 3.6.151.9 lexikon.ikarus.at
O1 - Hosts: 3.6.151.9 research.sunbelt-software.com
O1 - Hosts: 3.6.151.9 www.virusdoctor.jp
O1 - Hosts: 3.6.151.9 www.elitepvpers.de
O1 - Hosts: 3.6.151.9 guru.avg.com
O1 - Hosts: 3.6.151.9 downloads.sophos.com
O1 - Hosts: 3.6.151.9 share.skype.com
O1 - Hosts: 3.6.151.9 myantispyware.com
O1 - Hosts: 3.6.151.9 www.computerhilfen.de
O1 - Hosts: 3.6.151.9 www.superuser.co.kr
O1 - Hosts: 3.6.151.9 ntfaq.co.kr
O1 - Hosts: 3.6.151.9 v.dreamwiz.com
O1 - Hosts: 3.6.151.9 cit.kookmin.ac.kr
O1 - Hosts: 3.6.151.9 forums.whatthetech.com
O1 - Hosts: 3.6.151.9 forum.hijackthis.de
O1 - Hosts: 3.6.151.9 avg.vo.llnwd.net
O1 - Hosts: 3.6.151.9 ftp.drweb.com
O1 - Hosts: 3.6.151.9 www.zonealarm.com
O1 - Hosts: 3.6.151.9 smadaver.com
O1 - Hosts: 3.6.151.9 support.emsisoft.com
O1 - Hosts: 3.6.151.9 psychoski.blogspot.com
O1 - Hosts: 3.6.151.9 www.huaifai.go.th
O1 - Hosts: 3.6.151.9 www.mostz.com
O1 - Hosts: 3.6.151.9 www.krupunmai.com
O1 - Hosts: 3.6.151.9 www.cddchiangmai.net
O1 - Hosts: 3.6.151.9 forum.malekal.com
O1 - Hosts: 3.6.151.9 tech.pantip.com
O1 - Hosts: 3.6.151.9 sapcupgrades.com
O1 - Hosts: 3.6.151.9 www.elguruinformatico.com
O1 - Hosts: 3.6.151.9 forums.avg.com
O1 - Hosts: 3.6.151.9 zastita.com
O1 - Hosts: 3.6.151.9 support.kaspersky.com
O1 - Hosts: 3.6.151.9 foro.msgpluslive.es
O1 - Hosts: 3.6.151.9 www.247fixes.com
O1 - Hosts: 3.6.151.9 forum.sysinternals.com
O1 - Hosts: 3.6.151.9 forum.telecharger.01net.com
O1 - Hosts: 3.6.151.9 sophos.com
O1 - Hosts: 3.6.151.9 foros.softonic.com
O1 - Hosts: 3.6.151.9 avast-home.uptodown.com
O1 - Hosts: 3.6.151.9 dr-web-cureit.softonic.com
O1 - Hosts: 3.6.151.9 heavenward.ru
O1 - Hosts: 3.6.151.9 forum.smadav.net
O1 - Hosts: 3.6.151.9 www.forum.kaspersky.com
O1 - Hosts: 3.6.151.9 www.dl4all.com
O1 - Hosts: 3.6.151.9 www.f-secure.com
O1 - Hosts: 3.6.151.9 www.chkrootkit.org
O1 - Hosts: 3.6.151.9 diamondcs.com.au
O1 - Hosts: 3.6.151.9 www.rootkit.nl
O1 - Hosts: 3.6.151.9 www.sysinternals.com
O1 - Hosts: 3.6.151.9 z-oleg.com
O1 - Hosts: 3.6.151.9 espanol.dir.groups.yahoo.com
O1 - Hosts: 3.6.151.9 ftp01net.telechargement.fr
O1 - Hosts: 3.6.151.9 modelayu.com
O1 - Hosts: 3.6.151.9 vaksin.com
O1 - Hosts: 3.6.151.9 bbs.kaspersky.com.cn
O1 - Hosts: 3.6.151.9 sf.tapuz.co.il
O1 - Hosts: 3.6.151.9 www.castlecrops.com
O1 - Hosts: 3.6.151.9 www.misec.net
O1 - Hosts: 3.6.151.9 safecomputing.umn.edu
O1 - Hosts: 3.6.151.9 www.antirootkit.com
O1 - Hosts: 3.6.151.9 www.greatis.com
O1 - Hosts: 3.6.151.9 ar.answers.yahoo.com
O1 - Hosts: 3.6.151.9 www.elhacker.org
O1 - Hosts: 3.6.151.9 research.pandasecurity.com
O1 - Hosts: 3.6.151.9 www.tpu.ro
O1 - Hosts: 3.6.151.9 www.pinoyden.com
O1 - Hosts: 3.6.151.9 forum.avira.de
O1 - Hosts: 3.6.151.9 www.tanya-it.com
O1 - Hosts: 3.6.151.9 www.rootkit.com
O1 - Hosts: 3.6.151.9 www.pctools.com
O1 - Hosts: 3.6.151.9 www.pcsupportadvisor.com
O1 - Hosts: 3.6.151.9 www.resplendence.com
O1 - Hosts: 3.6.151.9 www.personal.psu.edu
O1 - Hosts: 3.6.151.9 foro.ethek.com
O1 - Hosts: 3.6.151.9 foro.elhacker.net
O1 - Hosts: 3.6.151.9 download.zonealarm.com
O1 - Hosts: 3.6.151.9 spywarehammer.com
O1 - Hosts: 3.6.151.9 www.codelain.com
O1 - Hosts: 3.6.151.9 www.thaicert.org
O1 - Hosts: 3.6.151.9 vil.nail.com
O1 - Hosts: 3.6.151.9 search.mcafee.com
O1 - Hosts: 3.6.151.9 wwww.mcafee.com
O1 - Hosts: 3.6.151.9 download.nai.com
O1 - Hosts: 3.6.151.9 wwww.experts-exchange.com
O1 - Hosts: 3.6.151.9 www.bakunos.com
O1 - Hosts: 3.6.151.9 www.darkclockers.com
O1 - Hosts: 3.6.151.9 www2.gmer.net
O1 - Hosts: 3.6.151.9 ariefew.com
O1 - Hosts: 3.6.151.9 www.emsisoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MultiFrame] C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\lucka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\lucka\mrshg.exe \u
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSConfig] C:\Documents and Settings\NetworkService\dfjth.exe \u (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Sally's Salon\Images\stg_drm.ocx
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.sk/OnlineScanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/vi ... ebscan.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Sally's Salon\Images\armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: csbdll - C:\WINDOWS\SYSTEM32\csbdll.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FMMService - Flarion Technologies, Inc. - C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 12611 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1214440339-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1214440339-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
{32099AAC-C132-4136-9E9A-4E364A424E17}

{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"=C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-06-29 225280]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-07-03 7708672]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]
"ACU"=C:\Program Files\Atheros\ACU.exe [2006-11-17 348249]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
"ASUS Live Update"=C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-07-19 49520]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]
"PowerForPhone"=C:\Program Files\P4P\P4P.exe [2007-07-19 778240]
"ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2007-06-26 851968]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-31 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MultiFrame"=C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe [2007-06-21 999792]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]
"Google Update"=C:\Documents and Settings\lucka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-29 133104]
"MSConfig"=C:\Documents and Settings\lucka\mrshg.exe [2010-04-13 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe [2009-03-10 156672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2009-11-13 323392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\lucka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-29 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe [2010-01-03 172792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-24 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WHITNEY_S2P]
C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe [2006-03-27 229376]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csbdll]
C:\WINDOWS\system32\csbdll.dll [2010-04-13 78336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\system32\wmicvrts.exe"="C:\WINDOWS\system32\wmicvrts.exe:*:Enabled:DHCP Router"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"

======List of files/folders created in the last 1 months======

2010-04-13 12:26:37 ----A---- C:\WINDOWS\system32\csbdll.dll
2010-04-13 11:36:16 ----D---- C:\Documents and Settings\lucka\Application Data\Malwarebytes
2010-04-13 11:36:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-04-13 11:36:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-13 10:26:06 ----A---- C:\WINDOWS\system32\acovcnt.exe
2010-04-13 10:19:38 ----SHD---- C:\RECYCLER
2010-04-12 23:50:31 ----A---- C:\ComboFix.txt
2010-04-12 23:04:25 ----A---- C:\Boot.bak
2010-04-12 23:04:18 ----RASHD---- C:\cmdcons
2010-04-12 23:03:23 ----A---- C:\WINDOWS\PEV.exe
2010-04-12 23:03:23 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-12 23:03:23 ----A---- C:\WINDOWS\MBR.exe
2010-04-12 23:03:22 ----A---- C:\WINDOWS\zip.exe
2010-04-12 23:03:22 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-12 23:03:22 ----A---- C:\WINDOWS\SWSC.exe
2010-04-12 23:03:22 ----A---- C:\WINDOWS\SWREG.exe
2010-04-12 23:03:22 ----A---- C:\WINDOWS\sed.exe
2010-04-12 23:03:22 ----A---- C:\WINDOWS\grep.exe
2010-04-12 23:03:07 ----D---- C:\WINDOWS\ERDNT
2010-04-12 23:01:38 ----D---- C:\Qoobox
2010-04-12 22:25:57 ----D---- C:\rsit
2010-03-14 13:57:57 ----D---- C:\Program Files\Veetle

======List of files/folders modified in the last 1 months======

2010-04-13 14:37:21 ----D---- C:\WINDOWS\Prefetch
2010-04-13 13:28:21 ----HD---- C:\WINDOWS\inf
2010-04-13 13:28:21 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2010-04-13 13:17:46 ----AD---- C:\WINDOWS\Temp
2010-04-13 13:16:35 ----D---- C:\WINDOWS\system32
2010-04-13 13:15:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-13 13:15:25 ----D---- C:\WINDOWS\Minidump
2010-04-13 13:15:25 ----D---- C:\WINDOWS
2010-04-13 12:38:33 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-13 12:37:13 ----D---- C:\WINDOWS\system32\drivers
2010-04-13 12:26:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-13 12:26:36 ----A---- C:\WINDOWS\system32\svchost.exe
2010-04-13 11:36:06 ----RD---- C:\Program Files
2010-04-12 23:47:28 ----A---- C:\WINDOWS\system.ini
2010-04-12 23:45:45 ----D---- C:\WINDOWS\system32\config
2010-04-12 23:42:05 ----D---- C:\WINDOWS\AppPatch
2010-04-12 23:42:02 ----D---- C:\Program Files\Common Files
2010-04-12 23:04:25 ----RASH---- C:\boot.ini
2010-04-12 22:46:54 ----SHD---- C:\WINDOWS\Installer
2010-04-10 19:15:36 ----D---- C:\Documents and Settings\lucka\Application Data\ICQ
2010-04-10 11:11:21 ----D---- C:\Documents and Settings\lucka\Application Data\Skype
2010-04-10 10:48:39 ----D---- C:\Documents and Settings\lucka\Application Data\skypePM
2010-04-06 23:04:13 ----D---- C:\Documents and Settings\lucka\Application Data\BitTorrent
2010-04-04 12:58:09 ----A---- C:\WINDOWS\WDICT32.INI
2010-04-01 10:04:10 ----A---- C:\WINDOWS\winamp.ini
2010-03-28 09:34:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-19 11:12:52 ----D---- C:\Documents and Settings\lucka\Application Data\Facebook

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-31 36096]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-12-05 529344]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-31 60800]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 39424]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-31 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-31 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-31 67584]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-24 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 54432]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S3 catchme;catchme; \??\C:\potvora.com\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 FlrnUSB;Leadtek USB Network Interface; C:\WINDOWS\system32\DRIVERS\LtkUSB.sys [2008-05-14 41907]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-10-30 88960]
S3 lvupdtio;lvupdtio; \??\C:\Program Files\ASUS\ASUS Live Update\SYS\lvupdtio.sys []
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 17920]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [2006-12-06 6400]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-31 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-31 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-31 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2006-11-17 360533]
R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-06-11 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 FMMService;FMMService; C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE [2007-12-06 40960]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-09-29 266343]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2010-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosba o pomoc - ROOTKIT

#28 Příspěvek od motji »

:boxed: Máte to zase zpátky
:arrow: Použijte znovu MicrosoftFixit50267.rar , který jsem Vám posílala na první stránce a pak znovu spustte combofix.

:arrow: Kde jste k tomu přišla, nemáte tušení? Musíme najít zdroj, at se to pořád nevrací. V jakém souboru Avast rootkita hlásil?

:arrow: smažte C:\WINDOWS\system32\csbdll.dll

:arrow: Avast si zapněte, s mbamem se rvat nebude.

Nemáte ve stejné síti zapojený ještě jeden počítač?

Já tu budu zase večer po 9.hodině
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
lusi86
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 12 dub 2010 19:32

Re: prosba o pomoc - ROOTKIT

#29 Příspěvek od lusi86 »

C:\WINDOWS\system32\csbdll.dll

tieto subory tam mam dva. jeden ma datum 31.8.2004 a druhy ma datum 13.4.2010. Ktory mam zmazat?

je pravdepodobne, ze som si ten virus stiahla od brata na kluci. dnes rano som ten kluc dala do pc, lebo som nan potrebovala skopirovat do skoly prezentaciu. bol prazdny, doma som ho formatovala. avast na nom nic nenasiel, ale akonahle som ho vybrala z pc, tak mi avast znovu vyhodil upozornenie na rootkit...

doma mame s bratom spolocnu wi-fi siet a teraz som pripojena na skolsku wi-fi siet na internate.

vypis z mbam:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verzia databázy: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

13.4.2010 15:26:48
mbam-log-2010-04-13 (15-26-48).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 156662
Uplynulý èas: 35 min, 51 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 1
Infikované registraèné k¾úèe: 5
Infikované registraèné hodnoty: 1
Infikované položky registraèných dát: 2
Infikované prieèinky: 0
Infikované súbory: 15

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
C:\WINDOWS\system32\csbdll.dll (Trojan.Agent) -> No action taken.

Infikované registraèné k¾úèe:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\niinbvnf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Fci (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csbdll (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> No action taken.

Infikované registraèné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> No action taken.

Infikované položky registraèných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované prieèinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
C:\WINDOWS\system32\drivers\niinbvnf.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\C813EB\cnvpe.fne (Worm.Autorun) -> No action taken.
C:\WINDOWS\system32\C813EB\HtmlView.fne (HackTool.Patcher) -> No action taken.
C:\WINDOWS\system32\C813EB\internet.fne (HackTool.Patcher) -> No action taken.
C:\WINDOWS\system32\C813EB\krnln.fnr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\C813EB\RegEx.fnr (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\Drivers\ndisvvan.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\csbdll.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\All Users\secupdat.dat (Worm.Autorun) -> No action taken.
C:\Documents and Settings\Default User\secupdat.dat (Worm.Autorun) -> No action taken.
C:\Documents and Settings\LocalService\secupdat.dat (Worm.Autorun) -> No action taken.
C:\Documents and Settings\lucka\secupdat.dat (Worm.Autorun) -> No action taken.
C:\Documents and Settings\NetworkService\secupdat.dat (Worm.Autorun) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\secupdat.dat (Worm.Autorun) -> No action taken.
Nahoru
lusi86
Návštěvník
Návštěvník
Příspěvky: 42
Registrován: 12 dub 2010 19:32

Re: prosba o pomoc - ROOTKIT

#30 Příspěvek od lusi86 »

vypis z combofixu:

ComboFix 10-04-12.06 - lucka 13.04.2010 16:10:39.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.525 [GMT 2:00]
Running from: c:\documents and settings\lucka\Desktop\potvora.com.exe
AV: avast! antivirus 4.8.1368 [VPS 100412-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\lucka\secupdat.dat
c:\documents and settings\NetworkService\secupdat.dat
c:\windows\system32\acovcnt.exe
c:\windows\system32\csbdll.dll
c:\windows\system32\secupdat.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF


((((((((((((((((((((((((( Files Created from 2010-03-13 to 2010-04-13 )))))))))))))))))))))))))))))))
.

2010-04-13 10:43 . 2010-04-13 10:43 17920 ---ha-w- c:\documents and settings\lucka\mrshg.exe
2010-04-13 10:37 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-13 10:37 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-13 10:22 . 2010-04-13 10:22 17920 ---ha-w- c:\documents and settings\NetworkService\dfjth.exe
2010-04-13 09:36 . 2010-04-13 09:36 -------- d-----w- c:\documents and settings\lucka\Application Data\Malwarebytes
2010-04-13 09:36 . 2010-04-13 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-13 09:36 . 2010-04-13 10:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 20:25 . 2010-04-12 20:26 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 11:15 . 2008-03-26 18:30 66328 -c--a-w- c:\documents and settings\lucka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-13 10:26 . 2004-08-31 11:36 14336 ----a-w- c:\windows\system32\svchost.exe
2010-04-13 04:58 . 2010-01-17 02:21 79488 ----a-w- c:\documents and settings\lucka\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-10 17:15 . 2008-04-05 10:54 -------- d-----w- c:\documents and settings\lucka\Application Data\ICQ
2010-04-10 09:11 . 2008-04-05 15:59 -------- d-----w- c:\documents and settings\lucka\Application Data\Skype
2010-04-10 08:48 . 2008-05-24 19:47 -------- d-----w- c:\documents and settings\lucka\Application Data\skypePM
2010-04-06 21:04 . 2009-05-16 09:33 -------- d-----w- c:\documents and settings\lucka\Application Data\BitTorrent
2010-03-19 09:12 . 2010-02-06 19:35 50354 ----a-w- c:\documents and settings\lucka\Application Data\Facebook\uninstall.exe
2010-03-19 09:12 . 2010-02-06 19:35 -------- d-----w- c:\documents and settings\lucka\Application Data\Facebook
2010-03-14 11:58 . 2010-03-14 11:57 -------- d-----w- c:\program files\Veetle
2010-03-12 20:54 . 2009-05-16 09:32 -------- d-----w- c:\documents and settings\lucka\Application Data\DNA
2010-03-12 20:45 . 2010-03-12 20:45 -------- d-----w- c:\program files\CCleaner
2010-03-12 19:33 . 2009-05-16 09:32 -------- d-----w- c:\program files\DNA
2010-03-12 19:33 . 2008-12-19 19:43 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-11 14:24 . 2010-03-11 14:21 -------- d-----w- c:\program files\ICQ6.5
2010-03-11 14:22 . 2008-12-19 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-03-09 22:53 . 2008-03-26 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 16:35 . 2010-03-06 16:35 0 ----a-w- c:\documents and settings\lucka\MobilityManager.tmp
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\lucka\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-03-03 23:04 . 2004-12-14 21:57 -------- d-----w- c:\program files\SAS
2010-03-03 12:24 . 2010-03-03 12:18 -------- d-----w- c:\documents and settings\lucka\Application Data\DAEMON Tools Lite
2010-03-03 12:18 . 2010-03-03 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\lucka\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\lucka\Application Data\Facebook\npfbplugin_1_0_1.dll
2009-04-24 15:39 . 2009-04-24 15:38 7349656 ----a-w- c:\program files\FLV PlayerATBSetup.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2004-08-31 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2004-08-31 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-31 . 7399D854596BFEFEED6B60879F28CE07 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-04-12_21.13.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-13 14:00 . 2010-04-13 14:00 16384 c:\windows\Temp\Perflib_Perfdata_75c.dat
+ 2010-04-13 14:18 . 2010-04-13 14:18 16384 c:\windows\Temp\Perflib_Perfdata_72c.dat
+ 2010-04-13 14:18 . 2010-04-13 14:18 16384 c:\windows\Temp\Perflib_Perfdata_22c.dat
+ 2004-08-31 11:36 . 2010-04-13 10:26 14336 c:\windows\system32\dllcache\svchost.exe
- 2004-08-31 11:36 . 2005-04-12 17:56 14336 c:\windows\system32\dllcache\svchost.exe
+ 2008-03-27 02:14 . 2010-04-13 11:15 247104 c:\windows\system32\FNTCACHE.DAT
- 2008-03-27 02:14 . 2010-03-04 18:15 247104 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiFrame"="c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe" [2007-06-21 999792]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"Google Update"="c:\documents and settings\lucka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-29 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-11-17 348249]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-07-19 49520]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-07-19 778240]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-06-26 851968]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-31 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-03-10 00:29 156672 ----a-w- c:\program files\Ask & Record Toolbar\FLVSrvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 09:04 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-12-29 14:57 133104 ----atw- c:\documents and settings\lucka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-01-03 15:30 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-24 17:31 630784 ----a-r- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WHITNEY_S2P]
2006-03-27 06:35 229376 ----a-w- c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 niinbvnf;niinbvnf;c:\windows\system32\Drivers\niinbvnf.sys --> c:\windows\system32\Drivers\niinbvnf.sys [?]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.11.2009 3:54 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.11.2009 3:54 20560]
R2 FMMService;FMMService;c:\progra~1\MOBILI~1\FMMSER~1.EXE [2.11.2009 19:35 40960]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19.12.2008 21:43 246520]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [26.3.2008 20:47 39424]
S3 FlrnUSB;Leadtek USB Network Interface;c:\windows\system32\drivers\LtkUSB.sys [2.11.2009 19:35 41907]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12.9.2008 20:29 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [12.9.2008 20:29 7680]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1214440339-725345543-1003Core.job
- c:\documents and settings\lucka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-29 14:57]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1214440339-725345543-1003UA.job
- c:\documents and settings\lucka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-29 14:57]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\lucka\Application Data\Mozilla\Firefox\Profiles\kded3tap.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\lucka\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\lucka\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\lucka\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
AddRemove-Pán Prstenov: Bitka o Stredozem II SK - c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\Odinštalovat PP-BoS-II_SK.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 16:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\ADSM_PData_0150

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2756)
c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\acs.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\windows\system32\acovcnt.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Completion time: 2010-04-13 16:22:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-13 14:22
ComboFix2.txt 2010-04-12 21:50
ComboFix3.txt 2010-04-12 21:16

Pre-Run: 7 751 184 384 bytes free
Post-Run: 7 713 546 240 bytes free

- - End Of File - - 06C8C3C50B334AA36266E111DD096F72
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“