dobrý večer, avast mi našel rootkit mbr physicaldrive0 a tak prosím o radu.
prošla jsem si podobná fora a něco jsem už zkusila, nepodařilo se mi otevřit combofix-vyskakuje hláška: program nelze zavřít C:\32788R22FWJFW\PEV.exe
děkuju za pomoc
přikládám log z TDSSKilleru:
2011/04/18 21:19:39.0875 3332 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 21:19:40.0968 3332 ================================================================================
2011/04/18 21:19:40.0968 3332 SystemInfo:
2011/04/18 21:19:40.0968 3332
2011/04/18 21:19:40.0968 3332 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/18 21:19:40.0968 3332 Product type: Workstation
2011/04/18 21:19:40.0968 3332 ComputerName: XXX-D57RAO8C9UP
2011/04/18 21:19:40.0968 3332 UserName: Lucka
2011/04/18 21:19:40.0968 3332 Windows directory: C:\WINDOWS
2011/04/18 21:19:40.0968 3332 System windows directory: C:\WINDOWS
2011/04/18 21:19:40.0968 3332 Processor architecture: Intel x86
2011/04/18 21:19:40.0968 3332 Number of processors: 1
2011/04/18 21:19:40.0968 3332 Page size: 0x1000
2011/04/18 21:19:40.0968 3332 Boot type: Normal boot
2011/04/18 21:19:40.0968 3332 ================================================================================
2011/04/18 21:19:41.0609 3332 Initialize success
2011/04/18 21:19:51.0312 3896 ================================================================================
2011/04/18 21:19:51.0312 3896 Scan started
2011/04/18 21:19:51.0312 3896 Mode: Manual;
2011/04/18 21:19:51.0312 3896 ================================================================================
2011/04/18 21:19:51.0875 3896 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/04/18 21:19:52.0140 3896 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/18 21:19:52.0203 3896 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/04/18 21:19:52.0343 3896 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/04/18 21:19:52.0453 3896 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/04/18 21:19:52.0687 3896 AmdK8 (99bd5596b5d06c2ead3cecc6f11999f5) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/04/18 21:19:52.0812 3896 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/18 21:19:52.0937 3896 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/04/18 21:19:53.0000 3896 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/04/18 21:19:53.0046 3896 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/04/18 21:19:53.0140 3896 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/04/18 21:19:53.0203 3896 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/04/18 21:19:53.0265 3896 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/04/18 21:19:53.0359 3896 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/18 21:19:53.0437 3896 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/18 21:19:53.0578 3896 ati2mtag (403f6718487ee2ddb0388453da764c49) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/18 21:19:53.0718 3896 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/18 21:19:53.0796 3896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/18 21:19:53.0859 3896 b57w2k (03758a3307168a783d3498ec1d392611) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/04/18 21:19:53.0953 3896 BCM43XX (d5f1ab1aab8b81bca6f19da9554a267a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/04/18 21:19:54.0031 3896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/18 21:19:54.0109 3896 BTDriver (39309739badd058c8f4b845d9a3c58d2) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/04/18 21:19:54.0218 3896 BTKRNL (c9253ab5f6611fa2ca5c914d0fe384c5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/04/18 21:19:54.0437 3896 BTWUSB (843e656db562ffff197afaf98042faca) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/04/18 21:19:54.0500 3896 CAMCAUD (3c17c5cb8655c9f8e973328926e074bd) C:\WINDOWS\system32\drivers\camc6aud.sys
2011/04/18 21:19:54.0593 3896 CAMCHALA (d72e555dd5e75c59b0338b0feb1a215b) C:\WINDOWS\system32\drivers\camc6hal.sys
2011/04/18 21:19:54.0656 3896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/18 21:19:54.0734 3896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/18 21:19:54.0812 3896 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/18 21:19:54.0859 3896 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/18 21:19:54.0953 3896 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/18 21:19:55.0062 3896 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/18 21:19:55.0218 3896 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/18 21:19:55.0328 3896 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/18 21:19:55.0375 3896 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/18 21:19:55.0421 3896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/18 21:19:55.0484 3896 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/18 21:19:55.0562 3896 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/18 21:19:55.0609 3896 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/18 21:19:55.0687 3896 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/18 21:19:55.0718 3896 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/18 21:19:55.0765 3896 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/18 21:19:55.0828 3896 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/18 21:19:55.0875 3896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/18 21:19:55.0953 3896 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/18 21:19:56.0031 3896 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/18 21:19:56.0125 3896 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/18 21:19:56.0250 3896 HSFHWATI (110d8515670f8ebfc831bd02b7a8fc74) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
2011/04/18 21:19:56.0328 3896 HSF_DP (6fbefacc2a0379bf3b395b0ca0cadb17) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/04/18 21:19:56.0468 3896 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/18 21:19:56.0625 3896 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/18 21:19:56.0656 3896 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/18 21:19:56.0843 3896 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/18 21:19:56.0890 3896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/18 21:19:56.0953 3896 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/18 21:19:57.0046 3896 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/18 21:19:57.0125 3896 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/18 21:19:57.0203 3896 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/18 21:19:57.0265 3896 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/18 21:19:57.0343 3896 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/18 21:19:57.0421 3896 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/18 21:19:57.0453 3896 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/18 21:19:57.0593 3896 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/04/18 21:19:57.0687 3896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/18 21:19:57.0765 3896 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/18 21:19:57.0843 3896 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/18 21:19:57.0906 3896 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/18 21:19:57.0968 3896 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/18 21:19:58.0046 3896 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/18 21:19:58.0140 3896 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/18 21:19:58.0265 3896 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/18 21:19:58.0343 3896 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/18 21:19:58.0421 3896 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/18 21:19:58.0500 3896 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/18 21:19:58.0562 3896 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/18 21:19:58.0640 3896 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/18 21:19:58.0750 3896 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/18 21:19:58.0812 3896 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/18 21:19:58.0859 3896 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/18 21:19:58.0906 3896 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/18 21:19:58.0968 3896 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/18 21:19:59.0031 3896 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/18 21:19:59.0093 3896 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/18 21:19:59.0171 3896 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/18 21:19:59.0250 3896 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/04/18 21:19:59.0328 3896 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/04/18 21:19:59.0390 3896 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/18 21:19:59.0468 3896 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/18 21:19:59.0562 3896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/18 21:19:59.0640 3896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/18 21:19:59.0671 3896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/18 21:19:59.0718 3896 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/18 21:19:59.0781 3896 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/18 21:19:59.0828 3896 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/18 21:19:59.0890 3896 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/18 21:19:59.0968 3896 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/04/18 21:20:00.0046 3896 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/18 21:20:00.0140 3896 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/18 21:20:00.0187 3896 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/04/18 21:20:00.0281 3896 pctfw2 (1653deaa40509c487e8e7171fcc5a99e) C:\WINDOWS\system32\drivers\pctfw2.sys
2011/04/18 21:20:00.0546 3896 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/18 21:20:00.0578 3896 Processor (9a10e4fd13824823da50d4758bd0a645) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/18 21:20:00.0625 3896 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/18 21:20:00.0703 3896 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/04/18 21:20:00.0734 3896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/18 21:20:00.0812 3896 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/04/18 21:20:01.0015 3896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/18 21:20:01.0093 3896 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/18 21:20:01.0140 3896 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/18 21:20:01.0187 3896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/18 21:20:01.0296 3896 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/18 21:20:01.0343 3896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/18 21:20:01.0390 3896 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/18 21:20:01.0484 3896 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/18 21:20:01.0562 3896 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/18 21:20:01.0640 3896 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/04/18 21:20:01.0765 3896 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/04/18 21:20:01.0843 3896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/18 21:20:01.0937 3896 Serial (c1ddbc85251551a840212999da3d95f3) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/18 21:20:02.0015 3896 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/04/18 21:20:02.0140 3896 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/18 21:20:02.0218 3896 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/18 21:20:02.0281 3896 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/18 21:20:02.0375 3896 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/18 21:20:02.0437 3896 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/18 21:20:02.0625 3896 SynTP (f484c77f748729129d5cc9c965d9f701) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/04/18 21:20:02.0703 3896 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/18 21:20:02.0812 3896 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/18 21:20:02.0875 3896 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/18 21:20:02.0937 3896 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/18 21:20:03.0000 3896 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/18 21:20:03.0078 3896 TfFsMon (95746e5b1473432f3d9458940dba6e3a) C:\WINDOWS\system32\drivers\TfFsMon.sys
2011/04/18 21:20:03.0156 3896 TfNetMon (02ffdd873e31c5c2d57ca87d11ec36af) C:\WINDOWS\System32\drivers\TfNetMon.sys
2011/04/18 21:20:03.0187 3896 TfSysMon (f8bd92251ab439383c051ce907d78cce) C:\WINDOWS\system32\drivers\TfSysMon.sys
2011/04/18 21:20:03.0281 3896 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
2011/04/18 21:20:03.0390 3896 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/18 21:20:03.0500 3896 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/18 21:20:03.0578 3896 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/04/18 21:20:03.0656 3896 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/18 21:20:03.0734 3896 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/18 21:20:03.0765 3896 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/18 21:20:03.0843 3896 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys
2011/04/18 21:20:03.0921 3896 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/04/18 21:20:03.0968 3896 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/18 21:20:04.0046 3896 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/18 21:20:04.0156 3896 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/18 21:20:04.0265 3896 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/18 21:20:04.0359 3896 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/04/18 21:20:04.0468 3896 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/18 21:20:04.0578 3896 winachsf (e61219e012e41f52755c04734eb49784) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/04/18 21:20:04.0718 3896 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/18 21:20:04.0781 3896 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/04/18 21:20:05.0000 3896 \HardDisk0 - detected Rootkit.Win32.BackBoot.gen (1)
2011/04/18 21:20:05.0000 3896 ================================================================================
2011/04/18 21:20:05.0000 3896 Scan finished
2011/04/18 21:20:05.0000 3896 ================================================================================
2011/04/18 21:20:05.0031 2396 Detected object count: 1
2011/04/18 21:20:38.0546 2396 Rootkit.Win32.BackBoot.gen(\HardDisk0) - User select action: Skip
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
mbr physicaldrive0
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: mbr physicaldrive0
Po akci TDSSKilleru nachází Avast ještě nějaký problém?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: mbr physicaldrive0
ano, pořád ten stejný
nakonec se mi v nouzovém režimu podařilo spustit ten combofix:
ComboFix 11-04-17.03 - Administrator 18.04.2011 22:35:32.1.1 - x86 NETWORK
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Stažené soubory\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\pdfforge Toolbar\IE\4.3\pdFForgetoolbarie.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-18 do 2011-04-18 )))))))))))))))))))))))))))))))
.
.
2011-04-18 19:38 . 2011-04-18 19:38 -------- d-----w- c:\documents and settings\Administrator
2011-04-18 19:13 . 2011-04-18 19:18 -------- d-----w- c:\windows\LastGood
2011-04-18 18:49 . 2011-04-18 18:52 -------- d-----w- C:\## aswSnx private storage
2011-04-18 18:10 . 2011-04-18 18:10 -------- d-----w- c:\program files\Common Files\Java
2011-04-18 18:09 . 2011-04-18 18:06 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-18 18:09 . 2011-04-18 18:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-18 18:09 . 2011-04-18 18:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 17:29 . 2011-04-18 17:29 -------- d-----w- c:\documents and settings\Lucka\Local Settings\Data aplikací\Secunia PSI
2011-04-18 17:27 . 2011-04-18 17:27 -------- d-----w- c:\program files\Secunia
2011-04-17 14:10 . 2011-04-17 14:10 -------- d-----w- c:\documents and settings\Lucka\Data aplikací\pdfforge
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\documents and settings\Lucka\Data aplikací\Search Settings
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Application Updater
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\program files\Application Updater
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\program files\pdfforge Toolbar
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\program files\Common Files\Spigot
2011-04-17 14:08 . 1998-06-23 22:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-04-17 14:08 . 2004-03-08 22:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-04-17 14:08 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-04-17 14:08 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-04-17 14:08 . 2011-04-17 14:10 -------- d-----w- c:\program files\PDFCreator
2011-04-17 09:28 . 2011-04-17 09:28 -------- d-----w- c:\program files\CCleaner
2011-04-16 20:38 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-16 16:47 . 2011-04-18 17:58 -------- d-----w- c:\documents and settings\LocalService\Plocha
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 14:04 . 2010-07-08 10:00 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2008-11-26 19:55 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2008-11-26 19:55 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2008-11-26 19:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2008-11-26 19:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2008-11-26 19:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2008-11-26 19:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2008-11-26 19:55 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2009-01-24 21:04 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2002-01-24 02:03 . 2010-04-07 17:22 308224 ----a-w- c:\program files\Lexsnd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-18 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-03-28 2598808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\Lucka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-5-31 577597]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [24.1.2009 22:31 159896]
R3 xcpip;Ovladač protokolu TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [15.1.2010 0:45 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [15.1.2010 0:46 59664]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.4.2011 22:38 371544]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.11.2008 21:55 301528]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 17:10 387072]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.1.2009 23:04 19544]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10.1.2011 16:24 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10.1.2011 16:24 399416]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [26.11.2008 20:56 200576]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 10:30 15544]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [15.1.2010 0:46 33552]
.
Obsah adresáře 'Naplánované úlohy'
.
2010-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
.
------- Doplňkový sken -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\vd3f5lct.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-18 22:39
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="???\11?#@\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.4"
"DeviceInstanceIds"=multi:"d:\\swsetup\\vid2\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-04-18 22:41:09
ComboFix-quarantined-files.txt 2011-04-18 20:41
.
Před spuštěním: 7 700 267 008
Po spuštění: 8 141 148 160
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - D6B5F3018D25AA2C74EF261E8D72BBEA
nakonec se mi v nouzovém režimu podařilo spustit ten combofix:
ComboFix 11-04-17.03 - Administrator 18.04.2011 22:35:32.1.1 - x86 NETWORK
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Stažené soubory\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\pdfforge Toolbar\IE\4.3\pdFForgetoolbarie.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-18 do 2011-04-18 )))))))))))))))))))))))))))))))
.
.
2011-04-18 19:38 . 2011-04-18 19:38 -------- d-----w- c:\documents and settings\Administrator
2011-04-18 19:13 . 2011-04-18 19:18 -------- d-----w- c:\windows\LastGood
2011-04-18 18:49 . 2011-04-18 18:52 -------- d-----w- C:\## aswSnx private storage
2011-04-18 18:10 . 2011-04-18 18:10 -------- d-----w- c:\program files\Common Files\Java
2011-04-18 18:09 . 2011-04-18 18:06 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-18 18:09 . 2011-04-18 18:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-18 18:09 . 2011-04-18 18:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 17:29 . 2011-04-18 17:29 -------- d-----w- c:\documents and settings\Lucka\Local Settings\Data aplikací\Secunia PSI
2011-04-18 17:27 . 2011-04-18 17:27 -------- d-----w- c:\program files\Secunia
2011-04-17 14:10 . 2011-04-17 14:10 -------- d-----w- c:\documents and settings\Lucka\Data aplikací\pdfforge
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\documents and settings\Lucka\Data aplikací\Search Settings
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Application Updater
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\program files\Application Updater
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\program files\pdfforge Toolbar
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\program files\Common Files\Spigot
2011-04-17 14:08 . 1998-06-23 22:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-04-17 14:08 . 2004-03-08 22:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-04-17 14:08 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-04-17 14:08 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-04-17 14:08 . 2011-04-17 14:10 -------- d-----w- c:\program files\PDFCreator
2011-04-17 09:28 . 2011-04-17 09:28 -------- d-----w- c:\program files\CCleaner
2011-04-16 20:38 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-16 16:47 . 2011-04-18 17:58 -------- d-----w- c:\documents and settings\LocalService\Plocha
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 14:04 . 2010-07-08 10:00 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2008-11-26 19:55 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2008-11-26 19:55 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2008-11-26 19:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2008-11-26 19:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2008-11-26 19:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2008-11-26 19:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2008-11-26 19:55 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2009-01-24 21:04 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2002-01-24 02:03 . 2010-04-07 17:22 308224 ----a-w- c:\program files\Lexsnd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-18 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-03-28 2598808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\Lucka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-5-31 577597]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [24.1.2009 22:31 159896]
R3 xcpip;Ovladač protokolu TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [15.1.2010 0:45 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [15.1.2010 0:46 59664]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.4.2011 22:38 371544]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.11.2008 21:55 301528]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 17:10 387072]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.1.2009 23:04 19544]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10.1.2011 16:24 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10.1.2011 16:24 399416]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [26.11.2008 20:56 200576]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 10:30 15544]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [15.1.2010 0:46 33552]
.
Obsah adresáře 'Naplánované úlohy'
.
2010-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
.
------- Doplňkový sken -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\vd3f5lct.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-18 22:39
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="???\11?#@\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.4"
"DeviceInstanceIds"=multi:"d:\\swsetup\\vid2\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-04-18 22:41:09
ComboFix-quarantined-files.txt 2011-04-18 20:41
.
Před spuštěním: 7 700 267 008
Po spuštění: 8 141 148 160
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - D6B5F3018D25AA2C74EF261E8D72BBEA
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: mbr physicaldrive0
1. Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
2. Vložte do opt. mechaniky instalační CD oper. systému, restartujte PC a nabootujte z něj. Až se objeví poprvé "R-opravit", stiskněte "R" a přihlaste se k oper. systému. Do příkazového řádku zadejte postupně:
Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files\pdfforge Toolbar
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY*]
2. Vložte do opt. mechaniky instalační CD oper. systému, restartujte PC a nabootujte z něj. Až se objeví poprvé "R-opravit", stiskněte "R" a přihlaste se k oper. systému. Do příkazového řádku zadejte postupně:
Po každém příkazu vždy stiskněte "Enter", příp. potvrďte. Po příkazu "exit" se PC restartuje. Tím by měl být přepsán hl. zaváděcí záznam (MBR) ze zálohy.cd c:\
fixmbr
exit
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: mbr physicaldrive0
instalační CD teď u sebe nemám, takže pokračovat budu až o víkendu,
tohle je log z combofixu
ComboFix 11-04-17.03 - Administrator 18.04.2011 23:39:42.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1151.924 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\FF\chrome.manifest
c:\program files\pdfforge Toolbar\FF\chrome\content\chevron.js
c:\program files\pdfforge Toolbar\FF\chrome\content\chevron.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\login.js
c:\program files\pdfforge Toolbar\FF\chrome\content\login.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\parser.js
c:\program files\pdfforge Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\pdfforge Toolbar\FF\chrome\content\searchbox.js
c:\program files\pdfforge Toolbar\FF\chrome\content\searchbox.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\utils.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgicomm.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgihandling.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgichevron.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\widgiui.js
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\amazon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\ebay.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\chevron.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_branding.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_icon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-button.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\searchbox.css
c:\program files\pdfforge Toolbar\FF\chrome\skin\splitter.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\pdfforge Toolbar\FF\install.rdf
c:\program files\pdfforge Toolbar\IE\4.3\config.ini
c:\program files\pdfforge Toolbar\Res\amazon.gif
c:\program files\pdfforge Toolbar\Res\ebay.gif
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\WidgiHelper.exe
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-789336058-602162358-839522115-1003(2)\INFO2
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-18 do 2011-04-18 )))))))))))))))))))))))))))))))
.
.
2011-04-18 20:44 . 2011-04-18 20:44 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft
2011-04-18 19:38 . 2011-04-18 19:38 -------- d-----w- c:\documents and settings\Administrator
2011-04-18 18:49 . 2011-04-18 18:52 -------- d-----w- C:\## aswSnx private storage
2011-04-18 18:10 . 2011-04-18 18:10 -------- d-----w- c:\program files\Common Files\Java
2011-04-18 18:09 . 2011-04-18 18:06 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-18 18:09 . 2011-04-18 18:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-18 18:09 . 2011-04-18 18:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 17:29 . 2011-04-18 17:29 -------- d-----w- c:\documents and settings\Lucka\Local Settings\Data aplikací\Secunia PSI
2011-04-18 17:27 . 2011-04-18 17:27 -------- d-----w- c:\program files\Secunia
2011-04-17 14:10 . 2011-04-17 14:10 -------- d-----w- c:\documents and settings\Lucka\Data aplikací\pdfforge
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\documents and settings\Lucka\Data aplikací\Search Settings
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Application Updater
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\program files\Application Updater
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\program files\Common Files\Spigot
2011-04-17 14:08 . 1998-06-23 22:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-04-17 14:08 . 2004-03-08 22:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-04-17 14:08 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-04-17 14:08 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-04-17 14:08 . 2011-04-17 14:10 -------- d-----w- c:\program files\PDFCreator
2011-04-17 09:28 . 2011-04-17 09:28 -------- d-----w- c:\program files\CCleaner
2011-04-16 20:38 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-16 16:47 . 2011-04-18 17:58 -------- d-----w- c:\documents and settings\LocalService\Plocha
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 14:04 . 2010-07-08 10:00 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2008-11-26 19:55 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2008-11-26 19:55 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2008-11-26 19:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2008-11-26 19:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2008-11-26 19:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2008-11-26 19:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2008-11-26 19:55 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2009-01-24 21:04 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2002-01-24 02:03 . 2010-04-07 17:22 308224 ----a-w- c:\program files\Lexsnd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-18_20.39.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-10-25 14:00 . 2011-04-18 20:51 42328 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2011-04-18 20:51 49084 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2011-04-18 20:51 318252 c:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2011-04-18 20:51 317302 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-18 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-03-28 2598808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\Lucka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-5-31 577597]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [24.1.2009 22:31 159896]
R3 xcpip;Ovladač protokolu TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [15.1.2010 0:45 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [15.1.2010 0:46 59664]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.4.2011 22:38 371544]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.11.2008 21:55 301528]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 17:10 387072]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.1.2009 23:04 19544]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10.1.2011 16:24 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10.1.2011 16:24 399416]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [26.11.2008 20:56 200576]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 10:30 15544]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [15.1.2010 0:46 33552]
.
Obsah adresáře 'Naplánované úlohy'
.
2010-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
.
------- Doplňkový sken -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\vd3f5lct.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-18 23:45
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="???\11?#@\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.4"
"DeviceInstanceIds"=multi:"d:\\swsetup\\vid2\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-04-18 23:46:41
ComboFix-quarantined-files.txt 2011-04-18 21:46
ComboFix2.txt 2011-04-18 20:41
.
Před spuštěním: 8 125 538 304
Po spuštění: 8 435 118 080
.
- - End Of File - - 2EC8E32936146DA43CDE87043DD3EB62
tohle je log z combofixu
ComboFix 11-04-17.03 - Administrator 18.04.2011 23:39:42.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1151.924 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\FF\chrome.manifest
c:\program files\pdfforge Toolbar\FF\chrome\content\chevron.js
c:\program files\pdfforge Toolbar\FF\chrome\content\chevron.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\login.js
c:\program files\pdfforge Toolbar\FF\chrome\content\login.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\parser.js
c:\program files\pdfforge Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\pdfforge Toolbar\FF\chrome\content\searchbox.js
c:\program files\pdfforge Toolbar\FF\chrome\content\searchbox.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\utils.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgicomm.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgihandling.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgichevron.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\widgiui.js
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\amazon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\ebay.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\chevron.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_branding.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_icon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-button.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\searchbox.css
c:\program files\pdfforge Toolbar\FF\chrome\skin\splitter.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\pdfforge Toolbar\FF\install.rdf
c:\program files\pdfforge Toolbar\IE\4.3\config.ini
c:\program files\pdfforge Toolbar\Res\amazon.gif
c:\program files\pdfforge Toolbar\Res\ebay.gif
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\WidgiHelper.exe
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-789336058-602162358-839522115-1003(2)\INFO2
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-18 do 2011-04-18 )))))))))))))))))))))))))))))))
.
.
2011-04-18 20:44 . 2011-04-18 20:44 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft
2011-04-18 19:38 . 2011-04-18 19:38 -------- d-----w- c:\documents and settings\Administrator
2011-04-18 18:49 . 2011-04-18 18:52 -------- d-----w- C:\## aswSnx private storage
2011-04-18 18:10 . 2011-04-18 18:10 -------- d-----w- c:\program files\Common Files\Java
2011-04-18 18:09 . 2011-04-18 18:06 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-18 18:09 . 2011-04-18 18:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-18 18:09 . 2011-04-18 18:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 17:29 . 2011-04-18 17:29 -------- d-----w- c:\documents and settings\Lucka\Local Settings\Data aplikací\Secunia PSI
2011-04-18 17:27 . 2011-04-18 17:27 -------- d-----w- c:\program files\Secunia
2011-04-17 14:10 . 2011-04-17 14:10 -------- d-----w- c:\documents and settings\Lucka\Data aplikací\pdfforge
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\documents and settings\Lucka\Data aplikací\Search Settings
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Application Updater
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\program files\Application Updater
2011-04-17 14:09 . 2011-04-17 14:09 -------- d-----w- c:\program files\Common Files\Spigot
2011-04-17 14:08 . 1998-06-23 22:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-04-17 14:08 . 2004-03-08 22:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-04-17 14:08 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-04-17 14:08 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-04-17 14:08 . 2011-04-17 14:10 -------- d-----w- c:\program files\PDFCreator
2011-04-17 09:28 . 2011-04-17 09:28 -------- d-----w- c:\program files\CCleaner
2011-04-16 20:38 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-16 16:47 . 2011-04-18 17:58 -------- d-----w- c:\documents and settings\LocalService\Plocha
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 14:04 . 2010-07-08 10:00 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2008-11-26 19:55 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2008-11-26 19:55 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2008-11-26 19:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2008-11-26 19:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2008-11-26 19:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2008-11-26 19:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2008-11-26 19:55 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2009-01-24 21:04 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2002-01-24 02:03 . 2010-04-07 17:22 308224 ----a-w- c:\program files\Lexsnd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-18_20.39.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-10-25 14:00 . 2011-04-18 20:51 42328 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2011-04-18 20:51 49084 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2011-04-18 20:51 318252 c:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2011-04-18 20:51 317302 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-18 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-03-28 2598808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\Lucka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-5-31 577597]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [24.1.2009 22:31 159896]
R3 xcpip;Ovladač protokolu TCP/IP;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [15.1.2010 0:45 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [15.1.2010 0:46 59664]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.4.2011 22:38 371544]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.11.2008 21:55 301528]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28.1.2011 17:10 387072]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.1.2009 23:04 19544]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10.1.2011 16:24 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10.1.2011 16:24 399416]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [26.11.2008 20:56 200576]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 10:30 15544]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [15.1.2010 0:46 33552]
.
Obsah adresáře 'Naplánované úlohy'
.
2010-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
.
------- Doplňkový sken -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\vd3f5lct.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-18 23:45
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="???\11?#@\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.4"
"DeviceInstanceIds"=multi:"d:\\swsetup\\vid2\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-04-18 23:46:41
ComboFix-quarantined-files.txt 2011-04-18 21:46
ComboFix2.txt 2011-04-18 20:41
.
Před spuštěním: 8 125 538 304
Po spuštění: 8 435 118 080
.
- - End Of File - - 2EC8E32936146DA43CDE87043DD3EB62
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: mbr physicaldrive0
Smazáno, log již vypadá čistý. Po akci (fixmbr) se ozvěte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?