Re: fb vir - prosím o pomoc
Napsal: 26 črc 2011 21:22
ComboFix 11-07-26.03 - Monča 26.07.2011 21:55:20.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.438 [GMT 2:00]
Spuštěný z: c:\documents and settings\MonŔa\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 19:05 . 2011-07-26 19:13 -------- dc----w- C:\Minecraftcrack
2011-07-26 18:46 . 2011-07-26 18:46 -------- d-----w- c:\windows\Sun
2011-07-26 17:34 . 2011-07-26 17:34 -------- d-----w- c:\documents and settings\Monča\Data aplikací\Malwarebytes
2011-07-26 17:34 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 17:34 . 2011-07-26 17:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-26 17:34 . 2011-07-26 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 17:34 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 13:23 . 2011-07-26 13:23 -------- d-----w- c:\documents and settings\Monča\Data aplikací\Uniblue
2011-07-26 13:23 . 2011-07-26 13:23 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-07-26 13:23 . 2011-07-26 13:23 -------- d-----w- c:\program files\Uniblue
2011-07-26 12:27 . 2011-07-26 12:28 -------- d-----w- c:\program files\trend micro
2011-07-26 12:27 . 2011-07-26 12:28 -------- dc----w- C:\rsit
2011-07-26 02:44 . 2011-07-26 02:44 -------- d-----w- c:\program files\Microsoft.NET
2011-07-26 02:44 . 2011-07-26 02:44 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-07-26 02:39 . 2011-07-26 02:46 -------- d-----w- c:\windows\SHELLNEW
2011-07-26 02:39 . 2011-07-26 02:39 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-07-26 02:38 . 2011-07-26 02:38 -------- dc----r- C:\MSOCache
2011-07-25 19:18 . 2011-07-25 19:19 -------- d-----w- c:\documents and settings\Monča\Data aplikací\.minecraft
2011-07-25 19:18 . 2011-07-25 19:18 -------- d-----w- c:\program files\Common Files\Java
2011-07-25 19:17 . 2011-07-25 19:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-25 19:17 . 2011-07-25 19:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-25 19:17 . 2011-07-25 19:17 -------- d-----w- c:\program files\Java
2011-07-25 09:18 . 2011-07-25 09:18 -------- d-----w- c:\documents and settings\Monča\Local Settings\Data aplikací\WMTools Downloaded Files
2011-07-19 20:29 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-19 20:03 . 2011-07-19 20:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-17 12:09 . 2011-07-17 12:09 -------- d-----w- c:\program files\Electronic Arts
2011-07-16 20:58 . 2008-04-14 05:44 58496 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-07-16 20:58 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-07-16 20:55 . 2004-08-22 14:31 5248 ----a-w- c:\windows\system32\drivers\d347prt.sys
2011-07-16 20:55 . 2004-08-22 14:31 155136 ----a-w- c:\windows\system32\drivers\d347bus.sys
2011-07-16 20:55 . 2011-07-16 20:55 -------- d-----w- c:\program files\D-Tools
2011-07-08 02:55 . 2010-12-07 12:23 25088 ----a-w- c:\windows\system32\drivers\lgandmodem.sys
2011-07-08 02:55 . 2010-12-07 12:23 20736 ----a-w- c:\windows\system32\drivers\lganddiag.sys
2011-07-08 02:55 . 2010-12-07 12:23 20096 ----a-w- c:\windows\system32\drivers\lgandgps.sys
2011-07-08 02:55 . 2010-12-07 12:22 14336 ----a-w- c:\windows\system32\drivers\lgandbus.sys
2011-07-08 02:55 . 2011-07-08 02:55 -------- d-----w- c:\program files\LG Electronics
2011-07-08 02:53 . 2011-07-08 02:53 -------- d-----w- C:\LGP500
2011-07-08 02:52 . 2011-05-10 11:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2011-07-08 02:52 . 2011-05-10 11:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2011-07-08 02:52 . 2011-05-10 11:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2011-07-08 02:52 . 2006-05-04 06:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2011-07-08 02:52 . 2005-10-03 23:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-07-08 02:52 . 2011-07-08 02:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LGMOBILEAX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 14:09 . 2011-06-10 14:09 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-06 11:35 . 2010-02-03 02:15 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-14 11:04 . 2011-03-28 15:49 253952 -c----w- c:\windows\Setup1.exe
2011-05-14 11:04 . 2011-03-28 15:49 73728 ----a-w- c:\windows\ST6UNST.EXE
2011-05-10 12:10 . 2011-02-04 11:09 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-02-04 11:09 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-05-26 16:42 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-02-04 11:10 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-02-04 11:10 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-02-04 11:10 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-02-04 11:10 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-02-04 11:10 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-02-04 11:10 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-02-04 11:10 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 15:32 . 2010-02-02 17:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-02-03 02:15 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-02-03 02:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2011-04-08 00:43 351448 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-07-12 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-18 1157128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-16 196608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SiteRanker"="c:\program files\SiteRanker\SiteRankTray.exe" [2011-04-08 319488]
"B2C_AGENT"="c:\documents and settings\All Users\Data aplikací\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-06-14 404568]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Monźa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-2-2 708608]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [16.7.2011 22:55 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [16.7.2011 22:55 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26.5.2011 18:42 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.2.2011 13:10 307928]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2.2.2010 23:27 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2.2.2010 23:27 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2.2.2010 23:27 58800]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.2.2011 13:10 19544]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.10.2010 16:07 247608]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2.2.2010 23:49 253952]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2.2.2010 23:09 240160]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3.2.2010 4:16 38912]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [10.9.2009 15:42 305448]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.2.2010 22:35 1684736]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [8.7.2011 4:55 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [8.7.2011 4:55 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [8.7.2011 4:55 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [8.7.2011 4:55 25088]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2.2.2010 22:30 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-07-26 06:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aspire_one&r=0xph10103305l04f4wui5w55323129
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 213.192.60.6 213.192.60.5
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-PCSpeedUp - c:\program files\Zrychleni Pocitace\PCSpeedUp.exe
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 22:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(2052)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\XmlLite.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-07-26 22:19:59
ComboFix-quarantined-files.txt 2011-07-26 20:19
.
Před spuštěním: Volných bajtů: 110 250 786 816
Po spuštění: Volných bajtů: 111 305 867 264
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 28E4C85E880567A998A260522AFB4469
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.438 [GMT 2:00]
Spuštěný z: c:\documents and settings\MonŔa\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 19:05 . 2011-07-26 19:13 -------- dc----w- C:\Minecraftcrack
2011-07-26 18:46 . 2011-07-26 18:46 -------- d-----w- c:\windows\Sun
2011-07-26 17:34 . 2011-07-26 17:34 -------- d-----w- c:\documents and settings\Monča\Data aplikací\Malwarebytes
2011-07-26 17:34 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 17:34 . 2011-07-26 17:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-26 17:34 . 2011-07-26 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 17:34 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 13:23 . 2011-07-26 13:23 -------- d-----w- c:\documents and settings\Monča\Data aplikací\Uniblue
2011-07-26 13:23 . 2011-07-26 13:23 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-07-26 13:23 . 2011-07-26 13:23 -------- d-----w- c:\program files\Uniblue
2011-07-26 12:27 . 2011-07-26 12:28 -------- d-----w- c:\program files\trend micro
2011-07-26 12:27 . 2011-07-26 12:28 -------- dc----w- C:\rsit
2011-07-26 02:44 . 2011-07-26 02:44 -------- d-----w- c:\program files\Microsoft.NET
2011-07-26 02:44 . 2011-07-26 02:44 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-07-26 02:39 . 2011-07-26 02:46 -------- d-----w- c:\windows\SHELLNEW
2011-07-26 02:39 . 2011-07-26 02:39 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-07-26 02:38 . 2011-07-26 02:38 -------- dc----r- C:\MSOCache
2011-07-25 19:18 . 2011-07-25 19:19 -------- d-----w- c:\documents and settings\Monča\Data aplikací\.minecraft
2011-07-25 19:18 . 2011-07-25 19:18 -------- d-----w- c:\program files\Common Files\Java
2011-07-25 19:17 . 2011-07-25 19:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-25 19:17 . 2011-07-25 19:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-25 19:17 . 2011-07-25 19:17 -------- d-----w- c:\program files\Java
2011-07-25 09:18 . 2011-07-25 09:18 -------- d-----w- c:\documents and settings\Monča\Local Settings\Data aplikací\WMTools Downloaded Files
2011-07-19 20:29 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-19 20:03 . 2011-07-19 20:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-17 12:09 . 2011-07-17 12:09 -------- d-----w- c:\program files\Electronic Arts
2011-07-16 20:58 . 2008-04-14 05:44 58496 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-07-16 20:58 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-07-16 20:55 . 2004-08-22 14:31 5248 ----a-w- c:\windows\system32\drivers\d347prt.sys
2011-07-16 20:55 . 2004-08-22 14:31 155136 ----a-w- c:\windows\system32\drivers\d347bus.sys
2011-07-16 20:55 . 2011-07-16 20:55 -------- d-----w- c:\program files\D-Tools
2011-07-08 02:55 . 2010-12-07 12:23 25088 ----a-w- c:\windows\system32\drivers\lgandmodem.sys
2011-07-08 02:55 . 2010-12-07 12:23 20736 ----a-w- c:\windows\system32\drivers\lganddiag.sys
2011-07-08 02:55 . 2010-12-07 12:23 20096 ----a-w- c:\windows\system32\drivers\lgandgps.sys
2011-07-08 02:55 . 2010-12-07 12:22 14336 ----a-w- c:\windows\system32\drivers\lgandbus.sys
2011-07-08 02:55 . 2011-07-08 02:55 -------- d-----w- c:\program files\LG Electronics
2011-07-08 02:53 . 2011-07-08 02:53 -------- d-----w- C:\LGP500
2011-07-08 02:52 . 2011-05-10 11:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2011-07-08 02:52 . 2011-05-10 11:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2011-07-08 02:52 . 2011-05-10 11:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2011-07-08 02:52 . 2006-05-04 06:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2011-07-08 02:52 . 2005-10-03 23:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-07-08 02:52 . 2011-07-08 02:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LGMOBILEAX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 14:09 . 2011-06-10 14:09 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-06 11:35 . 2010-02-03 02:15 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-14 11:04 . 2011-03-28 15:49 253952 -c----w- c:\windows\Setup1.exe
2011-05-14 11:04 . 2011-03-28 15:49 73728 ----a-w- c:\windows\ST6UNST.EXE
2011-05-10 12:10 . 2011-02-04 11:09 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-02-04 11:09 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-05-26 16:42 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-02-04 11:10 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-02-04 11:10 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-02-04 11:10 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-02-04 11:10 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-02-04 11:10 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-02-04 11:10 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-02-04 11:10 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 15:32 . 2010-02-02 17:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-02-03 02:15 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-02-03 02:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2011-04-08 00:43 351448 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-07-12 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-18 1157128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-16 196608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SiteRanker"="c:\program files\SiteRanker\SiteRankTray.exe" [2011-04-08 319488]
"B2C_AGENT"="c:\documents and settings\All Users\Data aplikací\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-06-14 404568]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Monźa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-2-2 708608]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [16.7.2011 22:55 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [16.7.2011 22:55 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26.5.2011 18:42 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.2.2011 13:10 307928]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2.2.2010 23:27 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2.2.2010 23:27 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2.2.2010 23:27 58800]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.2.2011 13:10 19544]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.10.2010 16:07 247608]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2.2.2010 23:49 253952]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2.2.2010 23:09 240160]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3.2.2010 4:16 38912]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [10.9.2009 15:42 305448]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.2.2010 22:35 1684736]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [8.7.2011 4:55 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [8.7.2011 4:55 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [8.7.2011 4:55 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [8.7.2011 4:55 25088]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2.2.2010 22:30 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-07-26 06:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aspire_one&r=0xph10103305l04f4wui5w55323129
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 213.192.60.6 213.192.60.5
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-PCSpeedUp - c:\program files\Zrychleni Pocitace\PCSpeedUp.exe
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 22:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(2052)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\XmlLite.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-07-26 22:19:59
ComboFix-quarantined-files.txt 2011-07-26 20:19
.
Před spuštěním: Volných bajtů: 110 250 786 816
Po spuštění: Volných bajtů: 111 305 867 264
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 28E4C85E880567A998A260522AFB4469
.