VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu, problém avast hlásí Win32:Rootkit-ge

https://forum.viry.cz:443/viewtopic.php?t=105856

Stránka 1 z 2

Prosím o kontrolu logu, problém avast hlásí Win32:Rootkit-ge

Napsal: 24 říj 2010 16:19
od ZuperMisa
Avast hlásí chybu Win32:Rootkit-gen[Rtk] při jakékoliv akci

zde je výpis z Combofixu

díky předem

ComboFix 10-10-23.01 - Mars 24.10.2010 17:08:52.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3574.2914 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mars\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mars\Dokumenty\24,10,10.reg
c:\windows\system32\win32.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-24 do 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-24 14:20 . 2010-10-24 14:20 -------- d-----w- c:\documents and settings\Mars\Local Settings\Data aplikací\Temp
2010-10-20 19:48 . 2010-10-20 19:48 -------- d-----w- c:\program files\Common Files\Java
2010-10-20 19:48 . 2010-09-15 02:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-20 19:48 . 2010-09-15 02:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-20 19:38 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-20 19:38 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-20 19:38 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-20 19:38 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-20 19:38 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-20 19:38 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-20 19:38 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-20 19:37 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-20 19:37 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-20 19:37 . 2010-10-20 19:37 -------- d-----w- c:\program files\Alwil Software
2010-10-20 19:37 . 2010-10-20 19:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-10-13 10:24 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 10:24 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 10:23 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 07:31 . 2009-11-17 13:10 2516 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2010-09-18 10:23 . 2002-09-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 00:29 . 2008-12-25 19:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:52 . 2002-09-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2002-09-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2002-09-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2002-09-23 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2002-09-23 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2002-09-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2002-09-23 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2002-09-23 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2002-09-23 12:00 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2002-09-23 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2002-09-23 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.10.2010 21:38 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.10.2010 21:38 17744]
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [19.7.2003 3:55 18848]
R3 pmxscan;USB Scanner Driver;c:\windows\system32\drivers\usbscan.sys [25.12.2008 16:48 15104]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [25.12.2008 16:25 222976]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {49887A47-4649-4DCD-9A62-910491CDC7C3} = 81.90.240.1,81.90.240.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mars\Data aplikací\Mozilla\Firefox\Profiles\i5coi9io.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 17:14
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-10-24 17:16:12
ComboFix-quarantined-files.txt 2010-10-24 15:16

Před spuštěním: Volných bajtů: 59 291 222 016
Po spuštění: Volných bajtů: 59 339 743 232

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 71E3A53A8AC8C0D12B73AF33D73D21ED

Re: Prosím o kontrolu logu, problém avast hlásí Win32:Rootki

Napsal: 24 říj 2010 16:22
od vyosek
Zdravim, pekny podvecre preji a vitam Vas u nas na foru :welcome:

:arrow: Takove tri dotazy na uvod
  • Cetl jste pravidla fora :???:
  • Co Vas vedlo k pouziti ComboFixu, umite s nim pracovat :???:
  • Jake jsou podminky pro pouziti CF :???:
:arrow: Jo a jeste jeden, kde Avast hlasi toho rootkita :???:

Re: Prosím o kontrolu logu, problém avast hlásí Win32:Rootki

Napsal: 24 říj 2010 16:33
od ZuperMisa
Odpovědi:
1) ano, četl jsem pravidla, v pravidlech je napsáno, nezakládat nové téma, pokud je již s podobným topicem založen, pročítal jsem podobně zaměřené téma: http://www.viry.cz/forum/viewtopic.php?f=13&t=89965 kde bylo napsáno pro jiného uživatele, který tam chtěl taky dát svůj log aby si založil vlastní topic, tak jsem tomu také udělal.
2) Ve výše uvedeném topicu byl combofix použit včetně návodu, proto jsem ho použil
3) C:\Documents and Settings\Mars\Local Settings\Temp\aklq.dat

Re: Prosím o kontrolu logu, problém avast hlásí Win32:Rootki

Napsal: 24 říj 2010 16:37
od vyosek
:arrow: Pravidla fora, take rikaji, ze se ma nejdrive dat log z RSIT, jeliokz CF nam smaze stopy po haveti...

:arrow: CF nekolik polozek smazal a jelikoz byla havet v tempu tak ji i promazal...Nyni log vypada cisty, Avast stale krici :???:

Re: Prosím o kontrolu logu, problém avast hlásí Win32:Rootki

Napsal: 24 říj 2010 16:45
od ZuperMisa
Aha, tak to se omlouvám, bohužel problém stále přetrvává

Zde je log z RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by Mars at 2010-10-24 17:44:24
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 57 GB (57%) free of 100 GB
Total RAM: 3574 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:44:28, on 24.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mars\Plocha\RSIT.exe
C:\Program Files\trend micro\Mars.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{49887A47-4649-4DCD-9A62-910491CDC7C3}: NameServer = 81.90.240.1,81.90.240.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{49887A47-4649-4DCD-9A62-910491CDC7C3}: NameServer = 81.90.240.1,81.90.240.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{49887A47-4649-4DCD-9A62-910491CDC7C3}: NameServer = 81.90.240.1,81.90.240.2
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 9172 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-28 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-03 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-28 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-28 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2008-04-10 29757440]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="winmm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-03-17 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ Library"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2010-10-24 17:44:24 ----D---- C:\Program Files\trend micro
2010-10-24 17:44:23 ----D---- C:\rsit
2010-10-24 17:16:13 ----A---- C:\ComboFix.txt
2010-10-24 17:06:56 ----A---- C:\Boot.bak
2010-10-24 17:06:51 ----RASHD---- C:\cmdcons
2010-10-24 17:02:00 ----A---- C:\WINDOWS\zip.exe
2010-10-24 17:02:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-10-24 17:02:00 ----A---- C:\WINDOWS\SWSC.exe
2010-10-24 17:02:00 ----A---- C:\WINDOWS\SWREG.exe
2010-10-24 17:02:00 ----A---- C:\WINDOWS\sed.exe
2010-10-24 17:02:00 ----A---- C:\WINDOWS\PEV.exe
2010-10-24 17:02:00 ----A---- C:\WINDOWS\NIRCMD.exe
2010-10-24 17:02:00 ----A---- C:\WINDOWS\MBR.exe
2010-10-24 17:02:00 ----A---- C:\WINDOWS\grep.exe
2010-10-24 17:01:52 ----D---- C:\WINDOWS\ERDNT
2010-10-24 17:00:12 ----D---- C:\Qoobox
2010-10-20 21:48:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-10-20 21:48:47 ----D---- C:\Program Files\Common Files\Java
2010-10-20 21:48:32 ----A---- C:\WINDOWS\system32\javaws.exe
2010-10-20 21:48:32 ----A---- C:\WINDOWS\system32\javaw.exe
2010-10-20 21:48:32 ----A---- C:\WINDOWS\system32\java.exe
2010-10-20 21:48:32 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-10-20 21:38:10 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-10-20 21:38:09 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-10-20 21:38:08 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-10-20 21:38:07 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-10-20 21:38:05 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-10-20 21:38:05 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-10-20 21:38:05 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-10-20 21:37:57 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-10-20 21:37:52 ----D---- C:\Program Files\Alwil Software
2010-10-20 21:37:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software

======List of files/folders modified in the last 3 months======

2010-10-24 17:44:24 ----RD---- C:\Program Files
2010-10-24 17:43:26 ----D---- C:\Program Files\Mozilla Firefox
2010-10-24 17:16:39 ----D---- C:\WINDOWS\Temp
2010-10-24 17:15:32 ----SD---- C:\WINDOWS\Tasks
2010-10-24 17:14:42 ----D---- C:\WINDOWS
2010-10-24 17:14:42 ----A---- C:\WINDOWS\system.ini
2010-10-24 17:14:33 ----D---- C:\WINDOWS\system32\drivers\etc
2010-10-24 17:14:00 ----D---- C:\WINDOWS\system32
2010-10-24 17:11:59 ----D---- C:\WINDOWS\system32\drivers
2010-10-24 17:11:59 ----D---- C:\WINDOWS\AppPatch
2010-10-24 17:11:54 ----D---- C:\Program Files\Common Files
2010-10-24 17:08:27 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-24 17:06:56 ----RASH---- C:\boot.ini
2010-10-24 17:02:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-24 17:00:12 ----D---- C:\WINDOWS\Prefetch
2010-10-24 16:35:24 ----D---- C:\WINDOWS\pss
2010-10-24 16:33:17 ----D---- C:\Documents and Settings\Mars\Data aplikací\Winamp
2010-10-24 16:32:35 ----D---- C:\WINDOWS\system32\LogFiles
2010-10-24 16:32:34 ----D---- C:\WINDOWS\Minidump
2010-10-24 16:32:34 ----D---- C:\WINDOWS\Debug
2010-10-24 16:30:51 ----D---- C:\Program Files\CCleaner
2010-10-24 10:56:12 ----D---- C:\Documents and Settings\Mars\Data aplikací\Skype
2010-10-24 10:56:11 ----D---- C:\Documents and Settings\Mars\Data aplikací\ICQ
2010-10-24 08:02:40 ----D---- C:\Documents and Settings\Mars\Data aplikací\skypePM
2010-10-22 22:40:59 ----A---- C:\WINDOWS\NeroDigital.ini
2010-10-20 21:48:48 ----SHD---- C:\WINDOWS\Installer
2010-10-20 21:48:10 ----D---- C:\Program Files\Java
2010-10-20 21:38:03 ----D---- C:\WINDOWS\WinSxS
2010-10-15 23:22:00 ----HD---- C:\WINDOWS\inf
2010-10-14 03:04:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-14 03:04:24 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-14 03:03:22 ----D---- C:\Program Files\Internet Explorer
2010-10-14 03:01:51 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-08 15:52:23 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-08 15:52:22 ----RSD---- C:\WINDOWS\assembly
2010-10-08 02:09:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-29 12:22:40 ----D---- C:\Program Files\Microsoft Silverlight
2010-09-19 20:40:27 ----D---- C:\Program Files\Canon
2010-09-18 12:23:38 ----A---- C:\WINDOWS\system32\mfc42u.dll
2010-09-18 08:53:37 ----A---- C:\WINDOWS\system32\mfc42.dll
2010-09-18 08:53:37 ----A---- C:\WINDOWS\system32\mfc40u.dll
2010-09-18 08:53:37 ----A---- C:\WINDOWS\system32\mfc40.dll
2010-09-10 07:52:35 ----A---- C:\WINDOWS\system32\wininet.dll
2010-09-10 07:52:35 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-09-10 07:52:34 ----N---- C:\WINDOWS\system32\occache.dll
2010-09-10 07:52:34 ----A---- C:\WINDOWS\system32\mstime.dll
2010-09-10 07:52:34 ----A---- C:\WINDOWS\system32\mshtmled.dll
2010-09-10 07:52:33 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-09-10 07:52:31 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-09-10 07:52:31 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-09-10 07:52:31 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-09-10 07:52:31 ----A---- C:\WINDOWS\system32\licmgr10.dll
2010-09-10 07:52:31 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-09-10 07:52:30 ----N---- C:\WINDOWS\system32\iepeers.dll
2010-09-10 07:52:30 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-09-10 07:52:26 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-09-01 13:52:28 ----A---- C:\WINDOWS\system32\atmfd.dll
2010-08-27 10:03:42 ----A---- C:\WINDOWS\system32\t2embed.dll
2010-08-27 07:54:10 ----A---- C:\WINDOWS\system32\srvsvc.dll
2010-08-27 03:43:50 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2010-08-26 14:22:32 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-08-25 23:36:02 ----N---- C:\WINDOWS\system32\wmp.dll
2010-08-23 18:12:35 ----N---- C:\WINDOWS\system32\comctl32.dll
2010-08-17 15:17:06 ----A---- C:\WINDOWS\system32\spoolsv.exe
2010-08-16 10:45:05 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2010-08-15 03:01:05 ----D---- C:\Program Files\Movie Maker
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 MLPTDR_N;MLPTDR_N; \??\C:\WINDOWS\system32\MLPTDR_N.SYS []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [2008-03-17 5955872]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pmxscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-05-19 108032]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2008-02-14 222976]
S3 catchme;catchme; \??\C:\DOCUME~1\Mars\LOCALS~1\Temp\catchme.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\Mars\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-23 12160]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se45mgmt.sys [2006-11-30 88624]
S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); C:\WINDOWS\system32\DRIVERS\se45nd5.sys [2006-11-30 18704]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:\WINDOWS\system32\DRIVERS\se45unic.sys [2006-11-30 90800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-25 53248]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-25 72704]
S3 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-05-25 163840]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Prosím o kontrolu logu, problém avast hlásí Win32:Rootki

Napsal: 24 říj 2010 16:59
od vyosek
:arrow: RSIT po CF je zybtecny, jelikoz veskere stopy po haveti jsou CFkem uhlazeny :!:

:arrow: Stahnete SPTD http://www.duplexsecure.com/en/downloads
  • Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
  • Ulozte na plochu a spustte
  • Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
:arrow: Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe
  • Ulozte na plochu a spustte
  • Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte
:arrow: Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe

:arrow: Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
  • Vyskoci na Vas okenko, do ktereho zkopirujte text nize

  • Kód: Vybrat vše

    "%userprofile%\plocha\mbr" -t
  • Kliknete na OK
  • Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte
:arrow: Dejte logy z Gmeru - viz muj podpis

Re: Prosím o kontrolu logu, problém avast hlásí Win32:Rootki

Napsal: 24 říj 2010 17:23
od ZuperMisa
Z MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

Co se týče Gmeru, mám problém ho spustit. Stáhnul jsem ho ze všech možných odkazů a nelze spustit....

Re: Prosím o kontrolu logu, problém avast hlásí Win32:Rootki

Napsal: 24 říj 2010 17:26
od ZuperMisa
tak jeden se už rozchodil:
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-10-24 18:25:24
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Mars\LOCALS~1\Temp\kfroqkow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8933BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA89339D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA8933B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Re: Prosím o kontrolu logu, problém avast hlásí Win32:Rootki

Napsal: 24 říj 2010 17:33
od vyosek
:arrow: Ted jeste druhy (hlavni) sken z gmeru

:arrow: Pokud by se gmer sekal, tak jej aplikujte v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Re: Prosím o kontrolu logu, problém avast hlásí Win32:Rootki

Napsal: 24 říj 2010 17:40
od ZuperMisa
jj, na druhém se pracuje hned po skončení toho prvního, ale vypadá to na dlouho...

Re: Prosím o kontrolu logu, problém avast hlásí Win32:Rootki

Napsal: 24 říj 2010 17:44
od vyosek
Je mozne ze to potrva, zalezi kolika soubory se gmer bude prodirat...nelze rici dobu skenu, muze byt pul hodiny ale i 4 hodiny...

Re: Prosím o kontrolu logu, problém avast hlásí Win32:Rootki

Napsal: 24 říj 2010 20:42
od ZuperMisa
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-24 21:41:38
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Mars\LOCALS~1\Temp\kfroqkow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA8926CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA8926BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA8927160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA892708A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA8926782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA8926C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA89266C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA8926726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA8926DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA892722E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA8926D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA8926EE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8933BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA89339D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA8933B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A8933B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A89339D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A892F5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A8930FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A8933BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xA8C60280]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[156] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[156] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[156] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[156] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[156] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[156] ws2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[156] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\WINDOWS\System32\svchost.exe[468] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\WINDOWS\System32\svchost.exe[468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\WINDOWS\System32\svchost.exe[468] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\WINDOWS\System32\svchost.exe[468] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\WINDOWS\System32\svchost.exe[468] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\WINDOWS\System32\svchost.exe[468] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\WINDOWS\System32\svchost.exe[468] ws2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\WINDOWS\System32\svchost.exe[468] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\WINDOWS\system32\NOTEPAD.EXE[660] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\WINDOWS\system32\NOTEPAD.EXE[660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\WINDOWS\system32\NOTEPAD.EXE[660] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\WINDOWS\system32\NOTEPAD.EXE[660] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\WINDOWS\system32\NOTEPAD.EXE[660] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\WINDOWS\system32\NOTEPAD.EXE[660] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\WINDOWS\system32\NOTEPAD.EXE[660] ws2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\WINDOWS\system32\NOTEPAD.EXE[660] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\WINDOWS\system32\winlogon.exe[756] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\WINDOWS\system32\winlogon.exe[756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\WINDOWS\system32\winlogon.exe[756] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\WINDOWS\system32\winlogon.exe[756] WS2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\WINDOWS\system32\winlogon.exe[756] WS2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\WINDOWS\system32\winlogon.exe[756] WS2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\WINDOWS\system32\winlogon.exe[756] WS2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\WINDOWS\system32\winlogon.exe[756] WS2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\WINDOWS\system32\services.exe[808] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\WINDOWS\system32\services.exe[808] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\WINDOWS\system32\services.exe[808] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\WINDOWS\system32\services.exe[808] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\WINDOWS\system32\services.exe[808] ws2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\WINDOWS\system32\services.exe[808] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\WINDOWS\system32\lsass.exe[820] WS2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\WINDOWS\system32\lsass.exe[820] WS2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\WINDOWS\system32\lsass.exe[820] WS2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\WINDOWS\system32\lsass.exe[820] WS2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\WINDOWS\system32\lsass.exe[820] WS2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\WINDOWS\system32\svchost.exe[1016] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\WINDOWS\system32\svchost.exe[1016] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\WINDOWS\system32\svchost.exe[1016] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\WINDOWS\system32\svchost.exe[1016] ws2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\WINDOWS\system32\svchost.exe[1016] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\WINDOWS\System32\svchost.exe[1176] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\WINDOWS\System32\svchost.exe[1176] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\WINDOWS\System32\svchost.exe[1176] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\WINDOWS\System32\svchost.exe[1176] ws2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\WINDOWS\System32\svchost.exe[1176] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1444] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1504] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1504] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1504] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1504] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1504] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1504] ws2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1504] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1656] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\Program Files\Java\jre6\bin\jqs.exe[1656] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1656] WS2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1656] WS2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\Program Files\Java\jre6\bin\jqs.exe[1656] WS2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1656] WS2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\Program Files\Java\jre6\bin\jqs.exe[1656] WS2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2360] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2360] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2360] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2360] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2360] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2360] ws2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[2360] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2708] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2708] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2708] WS2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2708] WS2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2708] WS2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2708] WS2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2708] WS2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\WINDOWS\system32\NOTEPAD.EXE[3068] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\WINDOWS\system32\NOTEPAD.EXE[3068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\WINDOWS\system32\NOTEPAD.EXE[3068] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\WINDOWS\system32\NOTEPAD.EXE[3068] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\WINDOWS\system32\NOTEPAD.EXE[3068] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\WINDOWS\system32\NOTEPAD.EXE[3068] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\WINDOWS\system32\NOTEPAD.EXE[3068] ws2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\WINDOWS\system32\NOTEPAD.EXE[3068] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3348] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3348] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3348] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3348] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3348] ws2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3348] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ws2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF8
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C40
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3816] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E7C
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3816] ws2_32.dll!connect 71A94A07 5 Bytes JMP 10003AF4
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3816] ws2_32.dll!send 71A94C27 5 Bytes JMP 10003268
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3816] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 100027F4
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3816] ws2_32.dll!recv 71A9676F 5 Bytes JMP 10002788
.text C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3816] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 10003AA0

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[808] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 008A0002
IAT C:\WINDOWS\system32\services.exe[808] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 008A0000
IAT C:\Documents and Settings\Mars\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[3672] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

Re: Prosím o kontrolu logu, problém avast hlásí Win32:Rootki

Napsal: 24 říj 2010 20:44
od vyosek
Ja tam nikde rootkit nevidim :o Avastu se stale neco nelibi :???:

Re: Prosím o kontrolu logu, problém avast hlásí Win32:Rootki

Napsal: 24 říj 2010 20:51
od ZuperMisa
jj, stále, při jakékoliv akci

Re: Prosím o kontrolu logu, problém avast hlásí Win32:Rootki

Napsal: 24 říj 2010 20:53
od vyosek
Co si mam pod pojmem "jakakoliv akce" predstavit :???:
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz