VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Problém s bootem win XP

https://forum.viry.cz:443/viewtopic.php?t=133389

Stránka 3 z 4

Re: Problém s bootem win XP

Napsal: 21 říj 2013 16:59
od JoS
Díky, je to tady:

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/21/2013 05:53:33 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\OETRN.EXE (PID: 2244) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\UxTheme.dll : 218624 : 04/25/2008 08:41 PM : e35fabbe7f63cb9ae2a06a449392e3f6 [NoSig]
+-> C:\WINDOWS\system32\dllcache\uxtheme.dll : 218624 : 04/25/2008 08:41 PM : e35fabbe7f63cb9ae2a06a449392e3f6 [Pos Repl]

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/21/2013 05:54:59 PM
Execution time: 0 hours(s), 1 minute(s), and 26 seconds(s)

Re: Problém s bootem win XP

Napsal: 21 říj 2013 18:03
od JoS
Omlouvám se, teď musím pryč, celé to zopakuji zítra (RK+combofix).Díky za pochopení. :)

Re: Problém s bootem win XP

Napsal: 21 říj 2013 18:49
od vyosek
OK, ono je potreba ty kroky udelat hned po sobe :)

Re: Problém s bootem win XP

Napsal: 22 říj 2013 09:55
od JoS
Takže díky za posečkání. Je to zde:
Rkill:

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/22/2013 09:36:26 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\OETRN.EXE (PID: 1768) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\UxTheme.dll : 218624 : 04/25/2008 08:41 PM : e35fabbe7f63cb9ae2a06a449392e3f6 [NoSig]
+-> C:\WINDOWS\system32\dllcache\uxtheme.dll : 218624 : 04/25/2008 08:41 PM : e35fabbe7f63cb9ae2a06a449392e3f6 [Pos Repl]

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/22/2013 09:37:55 AM
Execution time: 0 hours(s), 1 minute(s), and 28 seconds(s)




ComboFix:
ComboFix 13-10-21.01 - Josef 22.10.2013 10:20:01.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1314 [GMT 2:00]
Spuštěný z: c:\documents and settings\Josef\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Josef\Local Settings\Temporary Internet Files\SLOVA.WAV
c:\documents and settings\Josef\Local Settings\Temporary Internet Files\TRNCOM.INI
C:\END
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{D54FE054-27F4-438F-BE9C-2092349BDB05}\setup.msi
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a4a883d8c3e183b8.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\office.exe
c:\windows\system32\skinboxer43.dll
c:\windows\system32\tempdir
c:\windows\system32\tempdir\tinypdf.dll
c:\windows\system32\tempdir\tinypdf.chm
c:\windows\system32\tempdir\tinypdf1.dll
c:\windows\system32\tempdir\tinypdf2.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-22 do 2013-10-22 )))))))))))))))))))))))))))))))
.
.
2013-10-21 11:14 . 2013-10-21 11:14 -------- d-----w- c:\documents and settings\Josef\Data aplikací\AVAST Software
2013-10-21 11:04 . 2013-10-21 11:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-10-18 15:09 . 2013-10-18 15:09 -------- d-----w- c:\program files\Common Files\Java
2013-10-18 15:08 . 2013-10-08 05:29 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-18 15:08 . 2013-10-08 05:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-17 08:32 . 2013-10-17 08:32 -------- d-----w- c:\windows\system32\wbem\Repository
2013-10-16 17:55 . 2013-10-17 08:15 -------- d-----w- c:\program files\Audacity
2013-10-16 11:36 . 2013-10-16 11:36 -------- d-----w- c:\program files\Redsystem
2013-10-16 08:17 . 2013-10-17 08:54 -------- d-----w- c:\program files\HD Tune
2013-10-14 12:55 . 2013-10-14 12:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2013-10-14 12:53 . 2013-10-14 12:53 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-11 09:29 . 2013-10-11 09:29 -------- d-----w- c:\program files\Defraggler
2013-09-30 13:59 . 2001-03-28 14:38 69632 ----a-w- c:\windows\system32\GkSui18.EXE
2013-09-30 13:59 . 2013-09-30 13:59 -------- d-----w- c:\program files\RAM Defrag V2.55
2013-09-30 13:06 . 2013-09-30 13:06 -------- d-----w- c:\program files\Playlist Creator 3
2013-09-27 13:04 . 2013-09-27 13:06 -------- d-----w- c:\documents and settings\Josef\Data aplikací\DVDVideoSoft
2013-09-27 13:04 . 2013-09-27 13:05 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2013-09-27 13:04 . 2013-09-27 13:06 -------- d-----w- c:\program files\DVDVideoSoft
2013-09-27 12:55 . 2013-09-27 12:55 -------- d-----w- c:\program files\Bigasoft
2013-09-23 09:20 . 2013-10-04 09:37 -------- d-----w- c:\documents and settings\Josef\Data aplikací\Vso
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-21 11:08 . 2013-03-14 06:25 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-21 11:08 . 2013-03-14 06:25 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-21 11:08 . 2013-03-14 06:25 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-21 11:08 . 2011-05-28 08:53 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-21 11:08 . 2010-03-02 20:26 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-10-21 11:08 . 2010-03-02 20:26 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-21 11:08 . 2010-03-02 20:26 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-21 11:08 . 2010-03-02 20:26 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-10-21 11:08 . 2010-07-06 08:55 43152 ----a-w- c:\windows\avastSS.scr
2013-10-21 11:08 . 2010-03-02 20:25 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-09 09:57 . 2013-03-14 06:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 09:57 . 2011-07-07 05:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:25 . 2008-04-14 06:52 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2008-04-14 06:51 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 07:01 . 2008-04-14 05:45 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2008-04-14 06:52 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2008-04-13 22:15 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2001-10-25 14:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2008-04-14 06:51 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2009-02-16 09:29 . 2010-03-02 21:37 1767424 ----a-w- c:\program files\CrystalFree.exe
2008-11-19 10:37 . 2010-03-02 21:37 3400542 ----a-w- c:\program files\Crystal Player Professional 1.98.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-21 11:08 321752 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\windows\OETRN.EXE" [2010-03-02 26624]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"RTHDCPL"="RTHDCPL.EXE" [2000-01-01 20064872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 137752]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\AcronisDiskDirector\oss_reinstall.exe" [2005-11-09 1557560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2013-10-21 3567800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW7]
2011-12-12 11:12 10448384 ----a-w- c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Lectra\\Kaledo Style V1R1c9\\bin\\KaledoStyle.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"d:\\Opera10Portable\\App\\Opera10\\opera.exe"=
"c:\\Program Files\\atube\\dtUser.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\VSO\\VSO Downloader\\3\\VsoDownloader.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [14.3.2013 8:25 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [14.3.2013 8:25 178304]
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28.11.2002 12:43 22016]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.5.2011 10:53 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.3.2010 22:26 403440]
R1 Eve;EVE Protocol Driver;c:\windows\system32\drivers\eve.sys [20.9.2013 16:32 33624]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [17.5.2010 13:05 142592]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [14.1.2011 16:13 158736]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [14.1.2011 16:12 42960]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.3.2010 22:26 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [14.3.2013 8:25 70384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17.9.2012 12:02 652872]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.7.2010 2:45 35088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17.9.2012 12:02 20464]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3.3.2010 13:42 47360]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [22.12.2010 16:31 109328]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [22.12.2010 16:31 120208]
S2 esihdrv;esihdrv;\??\c:\docume~1\Josef\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\Josef\LOCALS~1\Temp\esihdrv.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.1.2012 15:06 1691480]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [14.10.2013 14:53 47064]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\F5.tmp --> c:\windows\system32\F5.tmp [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [26.1.2012 14:09 12984]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [14.1.2011 16:13 31888]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\drivers\XLoader.sys [21.1.2004 19:55 13696]
S4 freenet;Freenet background service;c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [12.10.2010 2:11 241664]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [22.4.2011 16:20 247096]
S4 Modaservice;Modaservice;c:\program files\Lectra\Modaservice\modaserv.exe [26.1.2011 15:12 162304]
S4 Update lucky leap;Update lucky leap;c:\program files\lucky leap\updateluckyleap.exe [30.8.2013 5:34 65312]
S4 Util lucky leap;Util lucky leap;c:\program files\lucky leap\bin\utilluckyleap.exe [3.10.2013 11:28 65312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-14 09:57]
.
2013-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-10-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-03 11:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/web?l=dis&o=APN10147&gct=hp&apn_dtid=^YYYYYY^YY^CZ&apn_ptnrs=^A6E&apn_uid=0273394124564542&p2=^A6E^YYYYYY^YY^CZ
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-WgaLogon - (no file)
AddRemove-Audio Recorder for Free - c:\progra~1\AUDIOR~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-22 10:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet013\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F5.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="6EA15AED965F2B50A4029D18D3B1F2A0F96E5C88660FC65D2C69C9660F9FF24C66067D81A495B4B0685F031DAA7174A188A6B6D3B353CA6FFC3AFB0597595A9DF8D239CFF79BF9E6973BA9261226AB521B9C7FE8E80DE2DBF9D9D096B29323AC36795D8822D861DC0F9C9845F99E434EFB1010DAF1972090F862974E68D062FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DC038D530D6EB3452C038D530D6EB3452E624152378CE044B60B999D94E1999AB6CF1B9808EC1CA5AB06609C21D6C3CD48132676A53F42CD5CC3B228FE52B552E8851999E6A5366EEC41AFE22E1F87F5EB34C1EE8DA9AC34460BD366F9995818056BEE52A5F6EDF7272C7A68C30E724B332F453EFB76300A0A2D14841B4967A2FCB770B80F8925C17C1798214F31337CC36214468D8A7F5481B79F05F46A67D9DE32B989085F16265C02D3CDC5E0A2B7579BC534AEEF420EAD9AB68B81EEEAE801DFDC2DF19746036FA5221A0E112D44DC02406A4ED89DC8EEED40F52D4CA17617986E0068BB2A439084F232CB89F6DC74D2B071A905DEE0A70D268C1424E9F1F01537030F5FBE571FCFAD4E1DDE1922DE91524E0D295FB0C7878993385BE996BBC630F1E38D33A35F5A4F0B691B54519E11ECD42F6118F94230EEEE48213B74ABC2A8123F56F9FAE930CD3B357AFECFA85749B1E025F96F714CD57ABDC7B9018148F31A81739765DF8677D75F717CF162C394765BBC4E4DEEE66646D7FD9218057EFA72B465081944D5E942F80E69C042C022D9EB13B31C75F7BCE2619C04806A11C963A70876B7ABC8EE024BF5065AEE1D951E4376D9381922470659BFBC8FE1357507A4CE53F0A760A4F2ECA359F582F3DD8E4DDBD0DB1B86AC74EBC884A93CD59CEA34E24ED922F54F0BAF9ADA312F7A00CE2823EFD5189CDF818F619584477CDAC833232CBB41EE6FACBE70630C3A5E85BB3BEB92E2DBC42C90D0910E2603CD62978F8329069FD2EC5F475BCE5AB256FD7C1F62BC66511ADA50D730B3C8E4A86A9F7E2F95AFA8E8C4EE04705C8D66503B68C4EC4D7EFC76C1B0CFED31C495366350AF89527089456B5CCC548C4ABDCE4D124ADE9D21427CBDD11B3EE9F5C8E71F74A8642DC82D755C00A9B2026DF03CC28B1C3338E6FF790C4B75F1043EBB697C16A9AF3C3B2A244587DBADC9E0055E25AEC816D44F288EF49AD16A06C6C0BBC862D074E88B245D68A205601C26A54C52FA59A199263AA968BB8ACBF62A7CCB9DEEB632FBAF0933186FE66468CD50487903D0A6A7D58B3A24FADBDBD4F3C445A05130C24CFB0656BA2BC271659C76CAE0C2B0BC9EABFFCA6F8F8A79F441BBBDED9211FED9F091693D50E9912EA9C1DB454F7A0D4245A64AB951A8B21340A7F"
.
Celkový čas: 2013-10-22 10:39:08
ComboFix-quarantined-files.txt 2013-10-22 08:38
.
Před spuštěním: 8 366 411 776
Po spuštění: 8 583 254 016
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FA0D53BD0E066BE5BA2701F916C22618
413FC2A0C716421B3158746D63736515

Re: Problém s bootem win XP

Napsal: 22 říj 2013 15:51
od vyosek
:arrow: Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
:arrow: Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.
  • Utilitu spustte a prikazte ji, at skenuje - klik na Scan
  • Kliknutim na Save log ulozte log aswMBR na plochu
  • Obsah logu aswMBR mi sem vlozte
:arrow: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
  • Ulozte nejlepe na Plochu a rozbalte
  • Spustte kliknutim na mbar
  • Nyni postupne kliknete na Next a Update
  • Po dokonceni update (aktualizace) databaze kliknete opet na Next
  • Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
  • Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
  • Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
  • Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
  • PC bude restartovan
  • Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Re: Problém s bootem win XP

Napsal: 22 říj 2013 16:50
od JoS
Díky za váš zájem, vše provedu, jen mi to bude možná zase trvat do zítřka. :)

Re: Problém s bootem win XP

Napsal: 22 říj 2013 17:32
od vyosek
:thumbsup:

Re: Problém s bootem win XP

Napsal: 23 říj 2013 14:20
od JoS
Tak se loguju z druhého kompu. Ten adwcleaner po kliknutí na clean chroupe už skoro 4 hodiny a pořád se v tom šedém proužku neobjevil ani kousíček. Přitom ledka HDD občas pravidelně poblikává. Je to normální, mám čekat dál? To vypadá na měsíc. :( Dík.

Re: Problém s bootem win XP

Napsal: 23 říj 2013 14:23
od vyosek
Ne, nejak se zacykloval zrejme...

Zkuste jej aplikovat v nouzovem rezimu...

Re: Problém s bootem win XP

Napsal: 23 říj 2013 14:24
od JoS
Jdu na ten nouzový režim. :)

Re: Problém s bootem win XP

Napsal: 23 říj 2013 18:18
od JoS
Tak se to v nouzovám režimu povedlo. Dávám sem všechny tři logy. V mbar vše smazáno, to svinstvo nalezené v aswMBR smažu hned ručně. Tak tedy:

adwcleaner
# AdwCleaner v3.010 - Report created 23/10/2013 at 15:30:25
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Josef - DOMA-D96CABFB66
# Running from : C:\Documents and Settings\Josef\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : ICQ Service
[#] Service Deleted : Update lucky leap

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\FreeRIP
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Nabídka Start\Programy\FreeRIP3
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\FreeRIP3
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\lucky leap
Folder Deleted : C:\Program Files\Mail.Ru
Folder Deleted : C:\Program Files\orbitdownloader
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Documents and Settings\Josef\Local Settings\Data aplikací\AskToolbar
Folder Deleted : C:\Documents and Settings\Josef\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\Josef\Local Settings\Data aplikací\Mail.Ru
Folder Deleted : C:\Documents and Settings\Josef\Local Settings\Data aplikací\thinstall
Folder Deleted : C:\Documents and Settings\Josef\Data aplikací\Ask.com
Folder Deleted : C:\Documents and Settings\Josef\Data aplikací\Desktopicon
Folder Deleted : C:\Documents and Settings\Josef\Data aplikací\pdfforge
Folder Deleted : C:\Documents and Settings\Josef\Data aplikací\thinstall
Folder Deleted : C:\Documents and Settings\Josef\Nabídka Start\Programy\eType

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[#] Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[#] Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitdm.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Orbitdownloader\orbitnet.exe]
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DSNR Labs
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\lucky leap
Key Deleted : HKCU\Software\Orbit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\lucky leap
Key Deleted : HKLM\Software\Magical Jelly Bean\OpenCandy
Key Deleted : HKLM\Software\Orbit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lucky leap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

*************************

AdwCleaner[R0].txt - [12667 octets] - [23/10/2013 11:00:29]
AdwCleaner[R1].txt - [12787 octets] - [23/10/2013 11:25:01]
AdwCleaner[R2].txt - [12907 octets] - [23/10/2013 15:29:04]
AdwCleaner[S0].txt - [319 octets] - [23/10/2013 11:02:06]
AdwCleaner[S1].txt - [319 octets] - [23/10/2013 11:27:36]
AdwCleaner[S2].txt - [12672 octets] - [23/10/2013 15:30:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [12733 octets] ##########

aswMBR
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-23 15:41:15
-----------------------------
15:41:15.828 OS Version: Windows 5.1.2600 Service Pack 3
15:41:15.828 Number of processors: 1 586 0x1601
15:41:15.843 ComputerName: DOMA-D96CABFB66 UserName: Josef
15:41:16.687 Initialize success
15:41:21.234 AVAST engine defs: 13102201
15:41:38.500 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\Pnp680r1Port0Path1Target0Lun0
15:41:38.500 Disk 0 Vendor: ST380011 8.01 Size: 76319MB BusType: 1
15:41:38.500 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-4
15:41:38.500 Disk 1 Vendor: ST380215A 3.AAD Size: 76189MB BusType: 3
15:41:38.734 Disk 1 MBR read successfully
15:41:38.734 Disk 1 MBR scan
15:41:38.734 Disk 1 Windows XP default MBR code
15:41:38.765 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63
15:41:38.796 Disk 1 Partition - 00 05 Extended 35824 MB offset 81915435
15:41:38.859 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 35824 MB offset 81915498
15:41:38.890 Disk 1 scanning sectors +155284290
15:41:39.109 Disk 1 scanning C:\WINDOWS\system32\drivers
15:41:52.281 Service scanning
15:42:27.703 Modules scanning
15:42:46.796 Disk 1 trace - called modules:
15:42:46.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:42:46.812 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ae06ab8]
15:42:46.812 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000075[0x8ae40f18]
15:42:46.812 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8ae65d98]
15:42:47.718 AVAST engine scan C:\WINDOWS
15:42:59.437 AVAST engine scan C:\WINDOWS\system32
15:47:06.390 AVAST engine scan C:\WINDOWS\system32\drivers
15:47:29.953 AVAST engine scan C:\Documents and Settings\Josef
15:53:13.234 File: C:\Documents and Settings\Josef\Dokumenty\Rainlendar Pro 2.9.0.111.Incl_keygen_ZWT\ZWT\keygen.exe **INFECTED** Win32:Malware-gen
16:05:44.609 File: C:\Documents and Settings\Josef\Plocha\AVprogramy\PORTABLE\Dvd-to-mpeg\DVDTo MPEG 2.0 key.exe **INFECTED** Win32:Evo-gen [Susp]
16:08:09.875 File: C:\Documents and Settings\Josef\Plocha\AVprogramy\Portable Total Video Converter 3.11\MediaBurner.exe **INFECTED** Win32:Evo-gen [Susp]
16:11:19.156 File: C:\Documents and Settings\Josef\Plocha\Nástroje\Taskbar Repair Tool Plus v1.1.1 cracked\TaskbarRepairToolPlus.v1.1.1-patch.exe **INFECTED** Win32:Malware-gen
16:17:09.453 File: C:\Documents and Settings\Josef\Plocha\Programy\e-book Programy\Mobipocket Creator Portable\Mobipocket Creator 4.2\40000017500002i\AcroRd32.exe **INFECTED** Win32:Evo-gen [Susp]
16:18:26.812 AVAST engine scan C:\Documents and Settings\All Users
16:24:45.312 Scan finished successfully
16:25:15.062 Disk 1 MBR has been saved successfully to "F:\Temp\ČIŠTĚNÍ POČÍTAČE\MBR.dat"
16:25:15.078 The log file has been saved successfully to "F:\Temp\ČIŠTĚNÍ POČÍTAČE\aswMBR.txt"




mbar
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 1.800000 GHz
Memory total: 2138554368, free: 801067008

Downloaded database version: v2013.10.14.05
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
10/14/2013 14:55:21
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
cmdide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
pnp680r.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
ElbyVCD.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
snapman.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\ElbyCDFL.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\system32\DRIVERS\eve.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\8514782drv.sys
\SystemRoot\system32\DRIVERS\24690591.sys
\??\C:\DOCUME~1\Josef\LOCALS~1\Temp\fwtdrkob.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8ae05ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff8ae7cd98
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8ae3bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\Pnp680r1Port0Path1Target1Lun0\
Lower Device Object: 0xffffffff8ae7fa38
Lower Device Driver Name: \Driver\Pnp680r\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8ae79ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\Pnp680r1Port0Path1Target0Lun0\
Lower Device Object: 0xffffffff8ae7f030
Lower Device Driver Name: \Driver\Pnp680r\
<<<2>>>
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8ae05ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae3ab78, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8ae3ae08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae05ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae40f18, DeviceName: \Device\00000075\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ae7cd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ae79ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae79938, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8ae608f8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae79ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae7f030, DeviceName: \Device\Scsi\Pnp680r1Port0Path1Target0Lun0\, DriverName: \Driver\Pnp680r\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FC1EFC1E

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 20482812
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 20482875 Numsec = 135797445

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8ae3bab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae06a78, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8ae06b88, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae3bab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae7fa38, DeviceName: \Device\Scsi\Pnp680r1Port0Path1Target1Lun0\, DriverName: \Driver\Pnp680r\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B8B9F93E

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 80389197
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 41173057024 bytes
Sector size: 512 bytes

Done!
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B731B731

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 81915372
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with CSH (0x5)
Partition is NOT ACTIVE.
Partition starts at LBA: 81915435 Numsec = 73368855

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 79890043904 bytes
Sector size: 512 bytes

Done!
Scan Interrupted
Scan Interrupted
Scan Interrupted
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 1.800000 GHz
Memory total: 2138554368, free: 1195524096

Could not load protection driver
Host not found
Downloaded database version: v2013.10.23.06
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
10/23/2013 16:28:22
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
cmdide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
pnp680r.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
ElbyVCD.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
snapman.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\ElbyCDFL.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\??\C:\WINDOWS\system32\drivers\aswTdi.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\??\C:\WINDOWS\system32\drivers\aswRdr.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\eve.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\??\C:\WINDOWS\system32\drivers\aswSP.sys
\??\C:\WINDOWS\system32\drivers\aswSnx.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\??\C:\WINDOWS\system32\drivers\aswFsBlk.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\DOCUME~1\Josef\LOCALS~1\Temp\aswMBR.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8ae06ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff8ae65d98
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8ae5fab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\Pnp680r1Port0Path1Target0Lun0\
Lower Device Object: 0xffffffff8ae7f030
Lower Device Driver Name: \Driver\Pnp680r\
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8ae06ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae06928, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8ae3be08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae06ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae40f18, DeviceName: \Device\00000075\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ae65d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ae5fab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae07a08, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8ae608f8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae5fab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae7f030, DeviceName: \Device\Scsi\Pnp680r1Port0Path1Target0Lun0\, DriverName: \Driver\Pnp680r\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FC1EFC1E

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 20482812
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 20482875 Numsec = 135797445

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B731B731

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 81915372
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with CSH (0x5)
Partition is NOT ACTIVE.
Partition starts at LBA: 81915435 Numsec = 73368855

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 79890043904 bytes
Sector size: 512 bytes

Done!
Infected: C:\Documents and Settings\Josef\Plocha\AVprogramy\Replay.Media.Catcher.4.0.9.0.Portable\keygen.exe --> [Packer.ModifiedUPX]
Infected: C:\Documents and Settings\Josef\Plocha\AVprogramy\DVDFab.v8.0.1.6.Port\DVDFab 8\Patch.exe --> [Trojan.MSIL.Disfa]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 1.800000 GHz
Memory total: 2138554368, free: 1711292416

=======================================

Re: Problém s bootem win XP

Napsal: 24 říj 2013 11:21
od vyosek
:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

Re: Problém s bootem win XP

Napsal: 24 říj 2013 11:28
od JoS
Děkuji, hned se do toho pustím a dám vědět. :)

Re: Problém s bootem win XP

Napsal: 24 říj 2013 11:30
od vyosek
:thumbsup:

Re: Problém s bootem win XP

Napsal: 24 říj 2013 11:33
od JoS
Tak bohužel, combofix si drží explorer a nemohu ho přejmenovat ani v Unlockeru. Mám to zkusit třeba v nouzáku? díky.
Všechny časy jsou v UTC+01:00
Stránka 3 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz