Re: Nejde bootovat
Napsal: 24 bře 2010 14:05
Stránka 3 z 4
Re: Nejde bootovat
Napsal: 24 bře 2010 14:08
Mosumac.sys na udajně na disku nemam, nejde mi to vložit na Virustotal..... s hláškou že nebyl nalezen.
Re: Nejde bootovat
Napsal: 24 bře 2010 15:18
Fajn, ještě ten mbam.
Můžu pak udělat ještě test na rootkity?
Můžu pak udělat ještě test na rootkity?
Re: Nejde bootovat
Napsal: 24 bře 2010 15:48
Tady to je:
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3908
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
24.3.2010 15:47:15
mbam-log-2010-03-24 (15-47-07).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|E:\|)
Zkontrolované objekty: 368602
Uplynulý čas: 1 hour(s), 24 minute(s), 27 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
E:\Program Files\Warcraft III\warcraft3 keygen.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Martin\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3908
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
24.3.2010 15:47:15
mbam-log-2010-03-24 (15-47-07).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|E:\|)
Zkontrolované objekty: 368602
Uplynulý čas: 1 hour(s), 24 minute(s), 27 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
E:\Program Files\Warcraft III\warcraft3 keygen.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Martin\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.
Re: Nejde bootovat
Napsal: 24 bře 2010 16:17
V mbamu vše smažte.
Můžu ještě udělat ten test na rootkity?
Máte daemona nebo alcohol?
Můžu ještě udělat ten test na rootkity?
Máte daemona nebo alcohol?
Re: Nejde bootovat
Napsal: 24 bře 2010 16:27
Mam deamona...
Re: Nejde bootovat
Napsal: 24 bře 2010 16:32
odinstalujte všechny virtuální jednotky (Daemon nebo alcohol) Stáhněte SPTD http://www.duplexsecure.com/en/downloads-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.
stáhněte MBR http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu
start-spustit do okénka zkopírujte
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -tRe: Nejde bootovat
Napsal: 25 bře 2010 01:38
GMER maly
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-24 17:11:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\ufliqpoc.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB2D714FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB2D71322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB2D7145C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-24 17:11:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\ufliqpoc.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB2D714FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB2D71322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB2D7145C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
Re: Nejde bootovat
Napsal: 25 bře 2010 01:39
Gmer Hlavní
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-25 01:26:54
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\ufliqpoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB2D64C56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB2D64B12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB2D650C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB2D64FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB2D646E8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB2D64BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB2D64628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB2D6468C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB2D64D0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB2D65194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB2D64CCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB2D64E4C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB2D714FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB2D71322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB2D7145C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2CD4 80504560 4 Bytes CALL 09031BAB
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B2D71460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB3AE 7 Bytes JMP B2D71326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC512 5 Bytes JMP B2D6D4BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F96 5 Bytes JMP B2D6E972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1136 7 Bytes JMP B2D71502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB566C380, 0x3DF545, 0xE8000020]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB3021280]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[560] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[560] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBA 0xF1 0x95 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEC 0x73 0x75 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x55 0x0C 0xFE 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5F 0xD1 0xB0 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xCC 0x2F 0xF2 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBA 0xF1 0x95 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEC 0x73 0x75 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x55 0x0C 0xFE 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5F 0xD1 0xB0 0xDA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xCC 0x2F 0xF2 0x57 ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-25 01:26:54
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\ufliqpoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB2D64C56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB2D64B12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB2D650C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB2D64FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB2D646E8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB2D64BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB2D64628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB2D6468C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB2D64D0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB2D65194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB2D64CCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB2D64E4C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB2D714FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB2D71322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB2D7145C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2CD4 80504560 4 Bytes CALL 09031BAB
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B2D71460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB3AE 7 Bytes JMP B2D71326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC512 5 Bytes JMP B2D6D4BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F96 5 Bytes JMP B2D6E972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1136 7 Bytes JMP B2D71502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB566C380, 0x3DF545, 0xE8000020]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB3021280]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[560] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[560] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBA 0xF1 0x95 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEC 0x73 0x75 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x55 0x0C 0xFE 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5F 0xD1 0xB0 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xCC 0x2F 0xF2 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBA 0xF1 0x95 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEC 0x73 0x75 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x55 0x0C 0xFE 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5F 0xD1 0xB0 0xDA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xCC 0x2F 0xF2 0x57 ...
---- EOF - GMER 1.0.15 ----
Re: Nejde bootovat
Napsal: 25 bře 2010 01:40
MBR
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Re: Nejde bootovat
Napsal: 25 bře 2010 08:06
Log z gmeru je v pořádku.
Poprosím o nový log z combofixu.
Jak to vypadá s počítačem? Funguje vše, jak má?
Poprosím o nový log z combofixu.
Jak to vypadá s počítačem? Funguje vše, jak má?
Re: Nejde bootovat
Napsal: 25 bře 2010 10:51
Dobrý den,
vše dle mého v počítači funguje a chodí tak jak by mělo.log:
ComboFix 10-03-24.02 - Martin 25.03.2010 10:32:53.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2383 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-25 do 2010-03-25 )))))))))))))))))))))))))))))))
.
2010-03-23 15:48 . 2010-03-23 15:49 -------- d-----w- c:\program files\trend micro
2010-03-23 15:48 . 2010-03-23 15:49 -------- d-----w- C:\rsit
2010-03-16 15:01 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-16 15:01 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-16 15:01 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-16 15:01 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-16 15:00 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-13 15:22 . 2010-03-13 15:23 -------- d-----w- c:\program files\Mv2Player
2010-03-10 17:11 . 2010-03-10 17:11 -------- d-----w- c:\documents and settings\LocalService\Dokumenty
2010-03-10 17:10 . 2009-04-14 22:51 96768 ----a-w- c:\windows\system32\htimon.dll
2010-03-10 17:10 . 2010-03-10 17:10 -------- d-----w- c:\program files\Crongreen Software
2010-03-06 16:30 . 2010-03-06 16:30 -------- d-----w- c:\program files\Palm
2010-03-06 00:10 . 2010-03-06 00:12 -------- d-----w- c:\program files\The KMPlayer
2010-02-23 14:04 . 2008-03-09 05:25 236 ---ha-w- c:\program files\Common Files\dx.reg
2010-02-23 14:04 . 2006-11-02 10:46 39936 ----a-w- c:\windows\system32\dwmapi.dll
2010-02-23 14:04 . 2006-11-02 10:46 167936 ----a-w- c:\windows\system32\dxgi.dll
2010-02-23 14:04 . 2006-11-29 12:06 440080 ----a-w- c:\windows\system32\d3dx10.dll
2010-02-23 14:04 . 2006-11-02 10:46 187392 ----a-w- c:\windows\system32\d3d10core.dll
2010-02-23 14:04 . 2006-11-02 10:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
2010-02-23 13:36 . 2010-03-12 17:03 -------- d-----w- c:\documents and settings\Martin\Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 13:10 . 2010-02-22 16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 15:35 . 2009-10-29 15:05 -------- d-----w- c:\program files\Spyware Terminator
2010-03-16 19:35 . 2009-11-30 15:15 -------- d-----w- c:\program files\Vuze
2010-03-12 14:58 . 2009-10-29 15:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-09 11:24 . 2009-10-29 15:03 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2009-10-29 15:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-10-29 15:03 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2009-10-29 15:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-10-29 15:03 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-10-29 15:03 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-10-29 15:03 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2009-10-29 15:03 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-23 17:18 . 2009-10-29 15:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-22 04:42 . 2010-02-21 21:41 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-22 04:41 . 2010-02-21 21:41 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-22 04:37 . 2010-02-21 21:41 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-02-21 21:41 . 2010-02-21 21:41 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-21 20:55 . 2010-02-21 20:27 52273 ----a-w- c:\windows\War3Unin.dat
2010-02-21 20:55 . 2010-02-21 20:27 2829 ----a-w- c:\windows\War3Unin.pif
2010-02-21 20:55 . 2010-02-21 20:27 139264 ----a-w- c:\windows\War3Unin.exe
2010-02-19 12:46 . 2009-11-27 16:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-16 19:47 . 2010-02-16 19:27 -------- d-----w- c:\program files\zFTPServer Administration
2010-02-16 19:27 . 2010-02-16 19:27 -------- d-----w- c:\program files\zFTPServer
2010-02-13 11:42 . 2010-02-13 11:42 -------- d-----w- c:\program files\Alwil Software
2010-02-11 18:53 . 2009-10-29 15:03 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-03 19:19 . 2010-02-03 19:19 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-01 20:27 . 2009-11-09 14:42 -------- d-----w- c:\program files\CDBurnerXP
2010-01-25 21:06 . 2009-10-29 15:24 -------- d-----w- c:\program files\Opera
2010-01-22 16:17 . 2006-03-02 12:00 484044 ----a-w- c:\windows\system32\perfh005.dat
2010-01-22 16:17 . 2006-03-02 12:00 100464 ----a-w- c:\windows\system32\perfc005.dat
2010-01-19 15:50 . 2010-01-19 15:44 73728 ----a-w- c:\windows\ST6UNST.EXE
2010-01-19 15:50 . 2010-01-19 15:44 253952 ------w- c:\windows\Setup1.exe
2010-01-07 15:07 . 2010-02-22 16:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-02-22 16:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 21:03 . 2010-01-02 21:03 1641107 ----a-w- c:\windows\WANEUninstaller.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="e:\steam\steam.exe" [2010-02-20 1217872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-02-17 33595392]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-10-29 1809408]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"zFTPServer"="c:\program files\zFTPServer\zFTPServer.exe" [2008-05-03 3037696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Martin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
zFTPServer Administration.lnk - c:\program files\zFTPServer Administration\zFTPServerAdmin.exe [2010-2-16 4570112]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\X-Men Origins - Wolverine(TM)\\Binaries\\Wolverine.exe"=
"e:\\Program Files\\Damnation\\Binaries\\DamnGame.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\Modern Warfare 2\\iw4mp.exe"=
"e:\\Program Files\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Image\\cs1,6\\hl.exe"=
"d:\\Image\\flatout\\FlatOut2.exe"=
"e:\\Program Files\\DiRT2\\dirt2_game.exe"=
"e:\\Program Files\\NBA 2K10\\nba2k10.exe"=
"d:\\Image\\CS-NS\\CS-NS\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"e:\\steam\\Steam.exe"=
"e:\\Program FilesSTREETFIGHTERIV\\StreetFighterIV.exe"=
"e:\\Program Files@Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"e:\\steam\\steamapps\\mastertegy\\counter-strike\\hl.exe"=
"e:\\UT2004\\System\\UT2004.exe"=
"e:\\Program Files\\Warmonger\\Binaries\\WMGame.exe"=
"c:\\Program Files\\zFTPServer\\zFTPServer.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"e:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Program Files\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Age of Empires III\\age3x.exe"=
"e:\\Program Files\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.10.2009 16:03 162640]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [29.10.2009 16:05 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.10.2009 16:03 19024]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29.10.2009 17:33 222968]
R3 ip100xp;TP-LINK TF-3200 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [19.2.2010 17:27 26752]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [29.10.2009 16:12 1057024]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS --> c:\windows\system32\DRIVERS\MOSUMAC.SYS [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
TCP: {3EF81F71-7646-4F8E-A728-1A25AB063478} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\wojkvvsj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 10:36
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(180)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-03-25 10:37:08
ComboFix-quarantined-files.txt 2010-03-25 09:37
ComboFix2.txt 2010-03-24 11:09
ComboFix3.txt 2009-10-29 17:26
Před spuštěním: 2 695 434 240
Po spuštění: 2 659 913 728
- - End Of File - - C55B272451AEB4A342D1DE9EDDE090EF
vše dle mého v počítači funguje a chodí tak jak by mělo.log:
ComboFix 10-03-24.02 - Martin 25.03.2010 10:32:53.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2383 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-25 do 2010-03-25 )))))))))))))))))))))))))))))))
.
2010-03-23 15:48 . 2010-03-23 15:49 -------- d-----w- c:\program files\trend micro
2010-03-23 15:48 . 2010-03-23 15:49 -------- d-----w- C:\rsit
2010-03-16 15:01 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-16 15:01 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-16 15:01 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-16 15:01 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-16 15:00 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-13 15:22 . 2010-03-13 15:23 -------- d-----w- c:\program files\Mv2Player
2010-03-10 17:11 . 2010-03-10 17:11 -------- d-----w- c:\documents and settings\LocalService\Dokumenty
2010-03-10 17:10 . 2009-04-14 22:51 96768 ----a-w- c:\windows\system32\htimon.dll
2010-03-10 17:10 . 2010-03-10 17:10 -------- d-----w- c:\program files\Crongreen Software
2010-03-06 16:30 . 2010-03-06 16:30 -------- d-----w- c:\program files\Palm
2010-03-06 00:10 . 2010-03-06 00:12 -------- d-----w- c:\program files\The KMPlayer
2010-02-23 14:04 . 2008-03-09 05:25 236 ---ha-w- c:\program files\Common Files\dx.reg
2010-02-23 14:04 . 2006-11-02 10:46 39936 ----a-w- c:\windows\system32\dwmapi.dll
2010-02-23 14:04 . 2006-11-02 10:46 167936 ----a-w- c:\windows\system32\dxgi.dll
2010-02-23 14:04 . 2006-11-29 12:06 440080 ----a-w- c:\windows\system32\d3dx10.dll
2010-02-23 14:04 . 2006-11-02 10:46 187392 ----a-w- c:\windows\system32\d3d10core.dll
2010-02-23 14:04 . 2006-11-02 10:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
2010-02-23 13:36 . 2010-03-12 17:03 -------- d-----w- c:\documents and settings\Martin\Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 13:10 . 2010-02-22 16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 15:35 . 2009-10-29 15:05 -------- d-----w- c:\program files\Spyware Terminator
2010-03-16 19:35 . 2009-11-30 15:15 -------- d-----w- c:\program files\Vuze
2010-03-12 14:58 . 2009-10-29 15:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-09 11:24 . 2009-10-29 15:03 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2009-10-29 15:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-10-29 15:03 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2009-10-29 15:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-10-29 15:03 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-10-29 15:03 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-10-29 15:03 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2009-10-29 15:03 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-23 17:18 . 2009-10-29 15:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-22 04:42 . 2010-02-21 21:41 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-22 04:41 . 2010-02-21 21:41 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-22 04:37 . 2010-02-21 21:41 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-02-21 21:41 . 2010-02-21 21:41 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-21 20:55 . 2010-02-21 20:27 52273 ----a-w- c:\windows\War3Unin.dat
2010-02-21 20:55 . 2010-02-21 20:27 2829 ----a-w- c:\windows\War3Unin.pif
2010-02-21 20:55 . 2010-02-21 20:27 139264 ----a-w- c:\windows\War3Unin.exe
2010-02-19 12:46 . 2009-11-27 16:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-16 19:47 . 2010-02-16 19:27 -------- d-----w- c:\program files\zFTPServer Administration
2010-02-16 19:27 . 2010-02-16 19:27 -------- d-----w- c:\program files\zFTPServer
2010-02-13 11:42 . 2010-02-13 11:42 -------- d-----w- c:\program files\Alwil Software
2010-02-11 18:53 . 2009-10-29 15:03 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-03 19:19 . 2010-02-03 19:19 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-01 20:27 . 2009-11-09 14:42 -------- d-----w- c:\program files\CDBurnerXP
2010-01-25 21:06 . 2009-10-29 15:24 -------- d-----w- c:\program files\Opera
2010-01-22 16:17 . 2006-03-02 12:00 484044 ----a-w- c:\windows\system32\perfh005.dat
2010-01-22 16:17 . 2006-03-02 12:00 100464 ----a-w- c:\windows\system32\perfc005.dat
2010-01-19 15:50 . 2010-01-19 15:44 73728 ----a-w- c:\windows\ST6UNST.EXE
2010-01-19 15:50 . 2010-01-19 15:44 253952 ------w- c:\windows\Setup1.exe
2010-01-07 15:07 . 2010-02-22 16:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-02-22 16:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 21:03 . 2010-01-02 21:03 1641107 ----a-w- c:\windows\WANEUninstaller.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="e:\steam\steam.exe" [2010-02-20 1217872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-02-17 33595392]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-10-29 1809408]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"zFTPServer"="c:\program files\zFTPServer\zFTPServer.exe" [2008-05-03 3037696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Martin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
zFTPServer Administration.lnk - c:\program files\zFTPServer Administration\zFTPServerAdmin.exe [2010-2-16 4570112]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\X-Men Origins - Wolverine(TM)\\Binaries\\Wolverine.exe"=
"e:\\Program Files\\Damnation\\Binaries\\DamnGame.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\Modern Warfare 2\\iw4mp.exe"=
"e:\\Program Files\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Image\\cs1,6\\hl.exe"=
"d:\\Image\\flatout\\FlatOut2.exe"=
"e:\\Program Files\\DiRT2\\dirt2_game.exe"=
"e:\\Program Files\\NBA 2K10\\nba2k10.exe"=
"d:\\Image\\CS-NS\\CS-NS\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"e:\\steam\\Steam.exe"=
"e:\\Program FilesSTREETFIGHTERIV\\StreetFighterIV.exe"=
"e:\\Program Files@Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"e:\\steam\\steamapps\\mastertegy\\counter-strike\\hl.exe"=
"e:\\UT2004\\System\\UT2004.exe"=
"e:\\Program Files\\Warmonger\\Binaries\\WMGame.exe"=
"c:\\Program Files\\zFTPServer\\zFTPServer.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"e:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Program Files\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Age of Empires III\\age3x.exe"=
"e:\\Program Files\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.10.2009 16:03 162640]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [29.10.2009 16:05 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.10.2009 16:03 19024]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29.10.2009 17:33 222968]
R3 ip100xp;TP-LINK TF-3200 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [19.2.2010 17:27 26752]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [29.10.2009 16:12 1057024]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS --> c:\windows\system32\DRIVERS\MOSUMAC.SYS [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
TCP: {3EF81F71-7646-4F8E-A728-1A25AB063478} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\wojkvvsj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 10:36
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(180)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-03-25 10:37:08
ComboFix-quarantined-files.txt 2010-03-25 09:37
ComboFix2.txt 2010-03-24 11:09
ComboFix3.txt 2009-10-29 17:26
Před spuštěním: 2 695 434 240
Po spuštění: 2 659 913 728
- - End Of File - - C55B272451AEB4A342D1DE9EDDE090EF
Re: Nejde bootovat
Napsal: 25 bře 2010 18:45
Ahoj,
je tam neco vidět?
Pořád mi nejdou do hlavy ty rootkity... jedinná teorie která mě napadá, jestli neodesly ty ramky, komp nemel kam zapisovat, tak to hazel na disk, avast to zacal hlasit jako rootkit...blue screen když odejdou ramky to už sem viděl, ale to bootování? Jedine že by byla první do který se zapisovalo, byla ale ve druhym slotu, nevím jestli to má vliv.
Dejte pak prosím vědět jak to dopadlo s těmi logy. Děkuji.
je tam neco vidět?
Pořád mi nejdou do hlavy ty rootkity... jedinná teorie která mě napadá, jestli neodesly ty ramky, komp nemel kam zapisovat, tak to hazel na disk, avast to zacal hlasit jako rootkit...blue screen když odejdou ramky to už sem viděl, ale to bootování? Jedine že by byla první do který se zapisovalo, byla ale ve druhym slotu, nevím jestli to má vliv.
Dejte pak prosím vědět jak to dopadlo s těmi logy. Děkuji.
Re: Nejde bootovat
Napsal: 25 bře 2010 19:28
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Driver::
MOSUMAC
ICQ Service
DDS::
uStart Page = hxxp://start.icq.com/
Firefox::
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\wojkvvsj.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Něco tam bylo
.Popravdě nevím přesně kde byla chyba, možná nějaký infikovaný systémový souborRe: Nejde bootovat
Napsal: 25 bře 2010 21:55
ComboFix 10-03-25.02 - Martin 25.03.2010 21:45:32.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2244 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ICQ_SERVICE
-------\Legacy_MOSUMAC
-------\Service_ICQ Service
-------\Service_MOSUMAC
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-25 do 2010-03-25 )))))))))))))))))))))))))))))))
.
2010-03-23 15:48 . 2010-03-23 15:49 -------- d-----w- c:\program files\trend micro
2010-03-23 15:48 . 2010-03-23 15:49 -------- d-----w- C:\rsit
2010-03-16 15:01 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-16 15:01 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-16 15:01 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-16 15:01 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-16 15:00 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-13 15:22 . 2010-03-13 15:23 -------- d-----w- c:\program files\Mv2Player
2010-03-10 17:11 . 2010-03-10 17:11 -------- d-----w- c:\documents and settings\LocalService\Dokumenty
2010-03-10 17:10 . 2009-04-14 22:51 96768 ----a-w- c:\windows\system32\htimon.dll
2010-03-10 17:10 . 2010-03-10 17:10 -------- d-----w- c:\program files\Crongreen Software
2010-03-06 16:30 . 2010-03-06 16:30 -------- d-----w- c:\program files\Palm
2010-03-06 00:10 . 2010-03-06 00:12 -------- d-----w- c:\program files\The KMPlayer
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 13:10 . 2010-02-22 16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 15:35 . 2009-10-29 15:05 -------- d-----w- c:\program files\Spyware Terminator
2010-03-16 19:35 . 2009-11-30 15:15 -------- d-----w- c:\program files\Vuze
2010-03-12 14:58 . 2009-10-29 15:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-09 11:24 . 2009-10-29 15:03 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2009-10-29 15:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-10-29 15:03 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2009-10-29 15:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-10-29 15:03 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-10-29 15:03 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-10-29 15:03 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2009-10-29 15:03 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-23 17:18 . 2009-10-29 15:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-22 04:42 . 2010-02-21 21:41 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-22 04:41 . 2010-02-21 21:41 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-22 04:37 . 2010-02-21 21:41 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-02-21 21:41 . 2010-02-21 21:41 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-21 20:55 . 2010-02-21 20:27 52273 ----a-w- c:\windows\War3Unin.dat
2010-02-21 20:55 . 2010-02-21 20:27 2829 ----a-w- c:\windows\War3Unin.pif
2010-02-21 20:55 . 2010-02-21 20:27 139264 ----a-w- c:\windows\War3Unin.exe
2010-02-19 12:46 . 2009-11-27 16:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-16 19:47 . 2010-02-16 19:27 -------- d-----w- c:\program files\zFTPServer Administration
2010-02-16 19:27 . 2010-02-16 19:27 -------- d-----w- c:\program files\zFTPServer
2010-02-13 11:42 . 2010-02-13 11:42 -------- d-----w- c:\program files\Alwil Software
2010-02-11 18:53 . 2009-10-29 15:03 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-03 19:19 . 2010-02-03 19:19 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-01 20:27 . 2009-11-09 14:42 -------- d-----w- c:\program files\CDBurnerXP
2010-01-25 21:06 . 2009-10-29 15:24 -------- d-----w- c:\program files\Opera
2010-01-22 16:17 . 2006-03-02 12:00 484044 ----a-w- c:\windows\system32\perfh005.dat
2010-01-22 16:17 . 2006-03-02 12:00 100464 ----a-w- c:\windows\system32\perfc005.dat
2010-01-19 15:50 . 2010-01-19 15:44 73728 ----a-w- c:\windows\ST6UNST.EXE
2010-01-19 15:50 . 2010-01-19 15:44 253952 ------w- c:\windows\Setup1.exe
2010-01-07 15:07 . 2010-02-22 16:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-02-22 16:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 21:03 . 2010-01-02 21:03 1641107 ----a-w- c:\windows\WANEUninstaller.exe
2008-03-09 05:25 . 2010-02-23 14:04 236 ---ha-w- c:\program files\Common Files\dx.reg
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="e:\steam\steam.exe" [2010-02-20 1217872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-02-17 33595392]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-10-29 1809408]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"zFTPServer"="c:\program files\zFTPServer\zFTPServer.exe" [2008-05-03 3037696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Martin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
zFTPServer Administration.lnk - c:\program files\zFTPServer Administration\zFTPServerAdmin.exe [2010-2-16 4570112]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\X-Men Origins - Wolverine(TM)\\Binaries\\Wolverine.exe"=
"e:\\Program Files\\Damnation\\Binaries\\DamnGame.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\Modern Warfare 2\\iw4mp.exe"=
"e:\\Program Files\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Image\\cs1,6\\hl.exe"=
"d:\\Image\\flatout\\FlatOut2.exe"=
"e:\\Program Files\\DiRT2\\dirt2_game.exe"=
"e:\\Program Files\\NBA 2K10\\nba2k10.exe"=
"d:\\Image\\CS-NS\\CS-NS\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"e:\\steam\\Steam.exe"=
"e:\\Program FilesSTREETFIGHTERIV\\StreetFighterIV.exe"=
"e:\\Program Files@Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"e:\\steam\\steamapps\\mastertegy\\counter-strike\\hl.exe"=
"e:\\UT2004\\System\\UT2004.exe"=
"e:\\Program Files\\Warmonger\\Binaries\\WMGame.exe"=
"c:\\Program Files\\zFTPServer\\zFTPServer.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"e:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Program Files\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Age of Empires III\\age3x.exe"=
"e:\\Program Files\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.10.2009 16:03 162640]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [29.10.2009 16:05 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.10.2009 16:03 19024]
R3 ip100xp;TP-LINK TF-3200 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [19.2.2010 17:27 26752]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [29.10.2009 16:12 1057024]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
TCP: {3EF81F71-7646-4F8E-A728-1A25AB063478} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\wojkvvsj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3168)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkový čas: 2010-03-25 21:53:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-25 20:53
ComboFix2.txt 2010-03-25 09:37
ComboFix3.txt 2010-03-24 11:09
ComboFix4.txt 2009-10-29 17:26
Před spuštěním: 2 605 948 928
Po spuštění: 2 374 332 416
- - End Of File - - B8E00717CCADE2A41CCFA92F3F4D701F
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2244 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ICQ_SERVICE
-------\Legacy_MOSUMAC
-------\Service_ICQ Service
-------\Service_MOSUMAC
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-25 do 2010-03-25 )))))))))))))))))))))))))))))))
.
2010-03-23 15:48 . 2010-03-23 15:49 -------- d-----w- c:\program files\trend micro
2010-03-23 15:48 . 2010-03-23 15:49 -------- d-----w- C:\rsit
2010-03-16 15:01 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-16 15:01 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-16 15:01 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-16 15:01 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-16 15:00 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-13 15:22 . 2010-03-13 15:23 -------- d-----w- c:\program files\Mv2Player
2010-03-10 17:11 . 2010-03-10 17:11 -------- d-----w- c:\documents and settings\LocalService\Dokumenty
2010-03-10 17:10 . 2009-04-14 22:51 96768 ----a-w- c:\windows\system32\htimon.dll
2010-03-10 17:10 . 2010-03-10 17:10 -------- d-----w- c:\program files\Crongreen Software
2010-03-06 16:30 . 2010-03-06 16:30 -------- d-----w- c:\program files\Palm
2010-03-06 00:10 . 2010-03-06 00:12 -------- d-----w- c:\program files\The KMPlayer
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 13:10 . 2010-02-22 16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 15:35 . 2009-10-29 15:05 -------- d-----w- c:\program files\Spyware Terminator
2010-03-16 19:35 . 2009-11-30 15:15 -------- d-----w- c:\program files\Vuze
2010-03-12 14:58 . 2009-10-29 15:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-09 11:24 . 2009-10-29 15:03 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2009-10-29 15:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-10-29 15:03 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2009-10-29 15:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-10-29 15:03 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-10-29 15:03 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-10-29 15:03 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2009-10-29 15:03 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-23 17:18 . 2009-10-29 15:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-22 04:42 . 2010-02-21 21:41 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-22 04:41 . 2010-02-21 21:41 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-22 04:37 . 2010-02-21 21:41 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-02-21 21:41 . 2010-02-21 21:41 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-21 20:55 . 2010-02-21 20:27 52273 ----a-w- c:\windows\War3Unin.dat
2010-02-21 20:55 . 2010-02-21 20:27 2829 ----a-w- c:\windows\War3Unin.pif
2010-02-21 20:55 . 2010-02-21 20:27 139264 ----a-w- c:\windows\War3Unin.exe
2010-02-19 12:46 . 2009-11-27 16:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-16 19:47 . 2010-02-16 19:27 -------- d-----w- c:\program files\zFTPServer Administration
2010-02-16 19:27 . 2010-02-16 19:27 -------- d-----w- c:\program files\zFTPServer
2010-02-13 11:42 . 2010-02-13 11:42 -------- d-----w- c:\program files\Alwil Software
2010-02-11 18:53 . 2009-10-29 15:03 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-03 19:19 . 2010-02-03 19:19 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-01 20:27 . 2009-11-09 14:42 -------- d-----w- c:\program files\CDBurnerXP
2010-01-25 21:06 . 2009-10-29 15:24 -------- d-----w- c:\program files\Opera
2010-01-22 16:17 . 2006-03-02 12:00 484044 ----a-w- c:\windows\system32\perfh005.dat
2010-01-22 16:17 . 2006-03-02 12:00 100464 ----a-w- c:\windows\system32\perfc005.dat
2010-01-19 15:50 . 2010-01-19 15:44 73728 ----a-w- c:\windows\ST6UNST.EXE
2010-01-19 15:50 . 2010-01-19 15:44 253952 ------w- c:\windows\Setup1.exe
2010-01-07 15:07 . 2010-02-22 16:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-02-22 16:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 21:03 . 2010-01-02 21:03 1641107 ----a-w- c:\windows\WANEUninstaller.exe
2008-03-09 05:25 . 2010-02-23 14:04 236 ---ha-w- c:\program files\Common Files\dx.reg
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="e:\steam\steam.exe" [2010-02-20 1217872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-02-17 33595392]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-10-29 1809408]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"zFTPServer"="c:\program files\zFTPServer\zFTPServer.exe" [2008-05-03 3037696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Martin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
zFTPServer Administration.lnk - c:\program files\zFTPServer Administration\zFTPServerAdmin.exe [2010-2-16 4570112]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\X-Men Origins - Wolverine(TM)\\Binaries\\Wolverine.exe"=
"e:\\Program Files\\Damnation\\Binaries\\DamnGame.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\Modern Warfare 2\\iw4mp.exe"=
"e:\\Program Files\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Image\\cs1,6\\hl.exe"=
"d:\\Image\\flatout\\FlatOut2.exe"=
"e:\\Program Files\\DiRT2\\dirt2_game.exe"=
"e:\\Program Files\\NBA 2K10\\nba2k10.exe"=
"d:\\Image\\CS-NS\\CS-NS\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"e:\\steam\\Steam.exe"=
"e:\\Program FilesSTREETFIGHTERIV\\StreetFighterIV.exe"=
"e:\\Program Files@Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"e:\\steam\\steamapps\\mastertegy\\counter-strike\\hl.exe"=
"e:\\UT2004\\System\\UT2004.exe"=
"e:\\Program Files\\Warmonger\\Binaries\\WMGame.exe"=
"c:\\Program Files\\zFTPServer\\zFTPServer.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"e:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Program Files\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Age of Empires III\\age3x.exe"=
"e:\\Program Files\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.10.2009 16:03 162640]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [29.10.2009 16:05 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.10.2009 16:03 19024]
R3 ip100xp;TP-LINK TF-3200 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [19.2.2010 17:27 26752]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [29.10.2009 16:12 1057024]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
TCP: {3EF81F71-7646-4F8E-A728-1A25AB063478} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\wojkvvsj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3168)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkový čas: 2010-03-25 21:53:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-25 20:53
ComboFix2.txt 2010-03-25 09:37
ComboFix3.txt 2010-03-24 11:09
ComboFix4.txt 2009-10-29 17:26
Před spuštěním: 2 605 948 928
Po spuštění: 2 374 332 416
- - End Of File - - B8E00717CCADE2A41CCFA92F3F4D701F