VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logů - torpig, mebroot problém

https://forum.viry.cz:443/viewtopic.php?t=111420

Stránka 1 z 2

Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 29 dub 2011 09:47
od filip610
Ahoj, od UPC mi dorazilo, že rozesílám viry:

BOTS srcport 3495 mwtype Mebroot destaddr 91.19.30.122
BOTS srcport 1142 mwtype Torpig destaddr 91.19.49.90
BOTS srcport 1702 mwtype Torpig destaddr 91.19.33.253

Prošel jsem fórum a čistil a čistil - při vypnutém bodu obnovení, v nouzovém režimu, bez připojení na internet, vypnuté antiviry, čisté %tmp%. Projel jsem to vším možným, co doporučujete ve vláknech - co bylo nalezeno se odstranilo, nebo jsem odstranil ručně,
jen přes MBR.EXE mi to hází pořád "copy of MBR has been found.." což by asi být nemělo a nedaří se mi to nijak odstranit.

Systém je Win XP+SP3 - aktualizovaný, Avast + Microsoft Security Essentials - aktualizovane, firewall původně Kerio - zastaraly asi, nyní pouze firewall integrovaný v XP. Pro čištění jsem použil: CCleaner, Spy-bot, Dr. Web CureIt 6, MBAM, MWAV, TDSSkiller kaspersky, Combofix a SDfix, MBRfix, SAS, AVP, DDS, GMER, RootkitRevealer, Avenger po restartu..

Můžete se mi prosím podívat na logy?

MBR.exe:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JS-60MHB1 rev.10.02E02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 7 !
copy of MBR has been found in sector 312560640



RSIT:


Logfile of random's system information tool 1.08 (written by random/random)
Run by HP_DX5150 at 2011-04-28 22:22:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 58 GB (38%) free of 153 GB
Total RAM: 2494 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:22:33, on 28.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Filip\Údržba\AUDITY\RSIT.exe
C:\Filip\Údržba\AUDITY\HP_DX5150.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\HP_DX5150\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {11352A67-0178-46B1-8855-D50B2F81C054} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Přečti to! - C:\WINDOWS\Speech\gbs\Precti_to.htm
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.cz/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6614511546
O16 - DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} (WirelessContactHandler Class) - http://xtraz.icq.com/xtraz/products/wir ... ontact.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - about:home

--
End of file - 7636 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{09DFABC5-C6B3-44CB-9EB7-1BF22D3D233C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{11352A67-0178-46B1-8855-D50B2F81C054}
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WEBIE.DLL [2006-08-02 360448]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"Adobe LM Service"=3
"ioloFileInfoList"=2
"ioloSystemService"=2
"UxTuneUp"=2
"SDhelper"=2


1-Click Maintenance.job
AppleSoftwareUpdate.job
HPpromotions journeysoftware.job
MP Scheduled Scan.job
SA.DAT
User_Feed_Synchronization-{09DFABC5-C6B3-44CB-9EB7-1BF22D3D233C}.job

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-02-08 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0CD68AC9-FF63-3E61-626B-B663E62F6236}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Disabled:ICQ"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.txt - open - C:\WINDOWS\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2011-06-05 18:42:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2011-04-28 22:05:56 ----D---- C:\WINDOWS\temp
2011-04-28 21:56:56 ----D---- C:\ComboFix
2011-04-28 21:51:12 ----A---- C:\WINDOWS\NIRCMD.exe
2011-04-28 21:47:32 ----A---- C:\TDSSKiller.2.4.21.0_28.04.2011_21.47.32_log.txt
2011-04-28 21:21:51 ----A---- C:\WINDOWS\system32\drivers\tmcomm.sys
2011-04-28 21:18:50 ----AD---- C:\WINDOWS\rundll16.exe
2011-04-28 21:18:50 ----AD---- C:\WINDOWS\logo1_.exe
2011-04-28 17:06:15 ----A---- C:\WINDOWS\MbrFix.exe
2011-04-28 13:38:36 ----D---- C:\Program Files\trend micro
2011-04-28 13:38:35 ----D---- C:\rsit
2011-04-28 13:14:22 ----D---- C:\Documents and Settings\HP_DX5150\Data aplikací\WinRAR
2011-04-28 01:26:54 ----A---- C:\WINDOWS\system32\tmp.txt
2011-04-28 01:26:26 ----A---- C:\WINDOWS\system32\swsc.exe
2011-04-28 01:24:21 ----A---- C:\WINDOWS\zip.exe
2011-04-28 01:24:21 ----A---- C:\WINDOWS\SWREG.exe
2011-04-28 01:24:21 ----A---- C:\WINDOWS\PEV.exe
2011-04-28 01:24:21 ----A---- C:\WINDOWS\MBR.exe
2011-04-28 01:24:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-04-28 01:24:20 ----A---- C:\WINDOWS\SWSC.exe
2011-04-28 01:24:20 ----A---- C:\WINDOWS\sed.exe
2011-04-28 01:24:20 ----A---- C:\WINDOWS\grep.exe
2011-04-28 01:24:01 ----D---- C:\WINDOWS\ERDNT
2011-04-28 01:21:40 ----D---- C:\Qoobox
2011-04-28 00:35:41 ----D---- C:\Program Files\ESET
2011-04-27 22:04:56 ----D---- C:\Program Files\Secunia
2011-04-27 21:12:21 ----AD---- C:\WINDOWS\VDLL.DLL
2011-04-27 21:12:21 ----AD---- C:\WINDOWS\system32\runouce.exe
2011-04-27 21:12:21 ----AD---- C:\WINDOWS\RUNDL132.EXE
2011-04-27 21:12:21 ----AD---- C:\WINDOWS\logo_1.exe
2011-04-27 21:09:17 ----A---- C:\WINDOWS\system32\msvcr80.dll
2011-04-27 21:09:16 ----A---- C:\WINDOWS\system32\msvcp80.dll
2011-04-27 21:09:14 ----A---- C:\WINDOWS\system32\eEmpty.exe
2011-04-27 21:09:09 ----A---- C:\WINDOWS\system32\T.COM
2011-04-27 21:09:08 ----A---- C:\WINDOWS\R.COM
2011-04-27 21:09:06 ----D---- C:\Program Files\Common Files\MicroWorld
2011-04-27 21:08:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2011-04-27 20:02:56 ----D---- C:\TDSSKiller_Quarantine
2011-04-22 19:17:40 ----D---- C:\Program Files\QuickTime
2011-04-20 13:50:24 ----A---- C:\WINDOWS\ntbtlog.txt
2011-04-20 12:45:20 ----D---- C:\Program Files\Torpig Removal Tool
2011-04-20 12:41:31 ----D---- C:\Documents and Settings\HP_DX5150\Data aplikací\Malwarebytes
2011-04-20 12:37:14 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-04-20 12:37:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-04-20 12:37:05 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-04-20 12:37:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-04-18 21:15:38 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2011-04-18 21:07:30 ----D---- C:\Program Files\Microsoft Security Client
2011-04-17 15:50:05 ----A---- C:\WINDOWS\system32\javaws.exe
2011-04-17 15:50:05 ----A---- C:\WINDOWS\system32\javaw.exe
2011-04-17 15:50:05 ----A---- C:\WINDOWS\system32\java.exe
2011-04-15 14:38:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-04-15 14:37:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2506223$
2011-04-15 14:36:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-04-15 14:31:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-04-15 14:31:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2503658$
2011-04-15 14:30:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-04-15 14:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-04-15 14:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2511455$
2011-04-15 14:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-04-15 14:25:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-04-14 21:18:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Axure
2011-04-14 21:18:53 ----D---- C:\Documents and Settings\HP_DX5150\Data aplikací\Axure
2011-04-14 21:18:01 ----HD---- C:\Documents and Settings\All Users\Data aplikací\{013089CD-00C7-4A1B-BDA5-C3CB2E09BD4F}
2011-04-14 21:17:53 ----D---- C:\Program Files\Axure
2011-04-11 23:07:26 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-04-11 23:07:26 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-04-11 23:07:23 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-04-11 23:07:22 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-04-11 23:07:22 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-04-11 23:07:21 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-04-11 23:07:21 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-04-11 23:07:21 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-04-11 23:07:02 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-04-11 23:06:53 ----D---- C:\Program Files\AVAST Software
2011-04-11 23:06:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-04-04 21:04:26 ----D---- C:\Program Files\ICQ7.4

======List of files/folders modified in the last 1 months======

2011-06-05 19:00:24 ----D---- C:\Program Files\Alwil Software
2011-04-28 22:18:28 ----SD---- C:\WINDOWS\Tasks
2011-04-28 22:17:42 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-28 22:09:29 ----D---- C:\WINDOWS
2011-04-28 22:09:29 ----A---- C:\WINDOWS\system.ini
2011-04-28 22:09:20 ----D---- C:\WINDOWS\system32\drivers\etc
2011-04-28 22:08:35 ----SHD---- C:\System Volume Information
2011-04-28 22:08:35 ----D---- C:\WINDOWS\system32\Restore
2011-04-28 22:06:14 ----D---- C:\WINDOWS\system32\config
2011-04-28 22:05:35 ----D---- C:\WINDOWS\system32
2011-04-28 22:04:25 ----D---- C:\WINDOWS\system32\drivers
2011-04-28 22:03:14 ----D---- C:\WINDOWS\AppPatch
2011-04-28 22:03:14 ----D---- C:\Program Files\Common Files
2011-04-28 21:05:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-04-28 21:04:59 ----D---- C:\WINDOWS\Prefetch
2011-04-28 20:52:42 ----RD---- C:\Program Files
2011-04-28 20:41:08 ----A---- C:\WINDOWS\wincmd.ini
2011-04-28 20:32:07 ----A---- C:\WINDOWS\NeroDigital.ini
2011-04-28 20:32:06 ----SHD---- C:\WINDOWS\Installer
2011-04-28 20:32:06 ----D---- C:\Config.Msi
2011-04-28 13:52:39 ----D---- C:\Program Files\Bonjour
2011-04-28 02:12:04 ----A---- C:\WINDOWS\win.ini
2011-04-27 23:39:21 ----D---- C:\Program Files\WinRAR
2011-04-27 22:05:03 ----HD---- C:\WINDOWS\inf
2011-04-27 21:28:53 ----D---- C:\Program Files\PowerISO
2011-04-27 11:44:07 ----D---- C:\WINDOWS\WinSxS
2011-04-26 22:59:38 ----D---- C:\Documents and Settings\HP_DX5150\Data aplikací\Adobe
2011-04-26 14:40:22 ----D---- C:\Documents and Settings\HP_DX5150\Data aplikací\ICQ
2011-04-21 14:53:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-04-21 13:11:21 ----D---- C:\Program Files\Microsoft Silverlight
2011-04-20 13:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2011-04-20 12:05:05 ----D---- C:\WINDOWS\security
2011-04-20 11:25:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-04-20 11:25:16 ----D---- C:\Warez
2011-04-20 11:03:25 ----A---- C:\WINDOWS\wcx_ftp.ini
2011-04-19 20:12:47 ----D---- C:\Program Files\Mozilla Firefox
2011-04-19 11:05:47 ----D---- C:\Program Files\QIP Infium
2011-04-19 11:05:13 ----D---- C:\Documents and Settings\HP_DX5150\Data aplikací\Netscape
2011-04-19 11:04:51 ----D---- C:\Program Files\MyFree Codec
2011-04-19 11:02:47 ----D---- C:\Program Files\Utorrent
2011-04-19 11:02:46 ----D---- C:\Documents and Settings\HP_DX5150\Data aplikací\uTorrent
2011-04-18 23:22:14 ----D---- C:\dev
2011-04-18 21:10:14 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-04-18 20:44:19 ----D---- C:\WINDOWS\system32\CatRoot
2011-04-18 15:46:44 ----A---- C:\WINDOWS\system32\MRT.exe
2011-04-18 14:21:10 ----D---- C:\Program Files\Mozilla Thunderbird
2011-04-17 15:50:34 ----D---- C:\Program Files\Common Files\Java
2011-04-17 15:49:52 ----D---- C:\Program Files\Java
2011-04-17 15:49:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-04-16 12:02:18 ----D---- C:\WINDOWS\Microsoft.NET
2011-04-16 12:01:57 ----RSD---- C:\WINDOWS\assembly
2011-04-15 14:39:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-04-15 14:37:58 ----HD---- C:\WINDOWS\$hf_mig$
2011-04-15 14:37:54 ----A---- C:\WINDOWS\imsins.BAK
2011-04-15 14:37:53 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-04-15 14:36:43 ----D---- C:\Program Files\Internet Explorer
2011-04-15 14:36:27 ----D---- C:\WINDOWS\ie8updates
2011-04-11 22:40:48 ----D---- C:\791b7b2f568af514231a
2011-04-04 21:05:09 ----HD---- C:\Program Files\InstallShield Installation Information
2011-04-04 01:46:01 ----D---- C:\Documents and Settings\HP_DX5150\Data aplikací\Skype
2011-04-04 01:10:40 ----D---- C:\Documents and Settings\HP_DX5150\Data aplikací\skypePM
2011-03-31 14:39:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-03-29 16:02:47 ----SD---- C:\Documents and Settings\HP_DX5150\Data aplikací\Microsoft
2011-03-29 15:25:20 ----D---- C:\Program Files\Common Files\Adobe
2011-03-29 15:25:19 ----D---- C:\Program Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 imagedrv;imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [2005-08-15 5888]
R0 imagesrv;imagesrv; C:\WINDOWS\system32\DRIVERS\imagesrv.sys [2005-08-15 127488]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2008-03-21 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-04-18 25432]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-05 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-05 2560]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-03-17 132608]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-11 14604]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-04-18 30680]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-04-18 441176]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-04-18 307288]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-04-18 49240]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
S1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
S1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
S1 sp_rsdrv2;Spyware Terminator Driver 2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-04-18 19544]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-04-18 102488]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-02-08 970240]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\catchme.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 Egatebus;Egatebus; C:\WINDOWS\system32\drivers\egatebus.sys [2006-05-19 15328]
S3 Egatecard;Egatecard; C:\WINDOWS\System32\Drivers\egate.sys [2006-05-19 18880]
S3 Egaterdr;Egaterdr; C:\WINDOWS\system32\drivers\egaterdr.sys [2006-05-19 13440]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-01-31 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 mbr;mbr; \??\C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\mbr.sys []
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SliceDisk5;SliceDisk5; C:\WINDOWS\system32\drivers\SliceDisk5.sys []
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2010-08-27 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2010-08-27 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2010-08-27 121576]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2010-04-27 104648]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2010-04-27 14920]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2010-04-27 132424]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-08 105472]
S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-02-08 348160]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-04-18 42184]
S2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-08 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-06-23 72704]
S4 Apache2.2;Apache2.2; C:\dev\prog\Apache2\bin\httpd.exe [2008-10-10 24636]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-03-17 38912]
S4 MySQL;MySQL; C:\dev\prog\Mysql\bin\mysqld-nt --defaults-file=C:\dev\prog\Mysql\my.ini MySQL []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S4 Secunia Update Agent;Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [2011-04-19 399416]

-----------------EOF-----------------


MWAV: (zakladni scan + spyware, windows+c: scan jel cca 5 hodin a nekončil..)

29 IV 2011 10:10:33 - **********************************************************

29 IV 2011 10:10:33 - eScan AntiVirus & Spyware Toolkit Utility.
29 IV 2011 10:10:33 - Copyright © MicroWorld Technologies
29 IV 2011 10:10:33 - **********************************************************
29 IV 2011 10:10:33 - Source: C:\Filip\Údržba\Install\mwav.exe
29 IV 2011 10:10:33 - Version 12.0.127 (C:\DOCUMENTS AND SETTINGS\HP_DX5150\LOCAL SETTINGS\TEMP\MEXE.COM)
29 IV 2011 10:10:33 - Log File: C:\Documents and Settings\HP_DX5150\Local Settings\temp\MWAV.LOG
29 IV 2011 10:10:33 - Last Scan Date and Time: 29.04.2011 09:05:56
29 IV 2011 10:10:33 - MWAV Registered: TRUE
29 IV 2011 10:10:33 - User Account: HP_DX5150 (Administrator Mode)
29 IV 2011 10:10:33 - OS Type: Windows Workstation
29 IV 2011 10:10:33 - OS: Windows XP [OS Install Date: 15 Dec 2005 01:58:31]
29 IV 2011 10:10:33 - Ver: Service Pack 3 (Build 2600)
29 IV 2011 10:10:33 - System Up Time: 1 Hour, 13 Minutes, 14 Seconds
29 IV 2011 10:10:33 - Windows Root Folder: C:\WINDOWS
29 IV 2011 10:10:33 - Windows Sys32 Folder: C:\WINDOWS\system32
29 IV 2011 10:10:33 - Local Fixed Drives: c:\
29 IV 2011 10:10:33 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)
29 IV 2011 10:10:33 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ******
29 IV 2011 10:10:33 - C:\WINDOWS\avastSS.scr (40112), 18-Apr-2011, AVAST Software, avast! Antivirus
29 IV 2011 10:10:33 - C:\WINDOWS\MBR.exe (89088), 27-Apr-2011
29 IV 2011 10:10:33 - C:\WINDOWS\MbrFix.exe (58368), 28-Apr-2011, Systemintegrasjon AS, MbrFix Application
29 IV 2011 10:10:33 - C:\WINDOWS\MbrFix.htm (7622), 28-Apr-2011
29 IV 2011 10:10:34 - C:\WINDOWS\R.COM (147968), 27-Apr-2011, Microsoft Corporation, Microsoft® Windows® Operating System
29 IV 2011 10:10:34 - C:\WINDOWS\SWREG.exe (161792), 27-Apr-2011, SteelWerX, SteelWerX Registry Editor
29 IV 2011 10:10:34 - C:\WINDOWS\SWSC.exe (136704), 27-Apr-2011, SteelWerX, SteelWerX Service Controller
29 IV 2011 10:10:34 - C:\WINDOWS\SWXCACLS.exe (212480), 27-Apr-2011, SteelWerX, SteelWerX Extended Configurator ACLists
29 IV 2011 10:10:34 - C:\WINDOWS\system32\aswBoot.exe (199304), 18-Apr-2011, AVAST Software, avast! Antivirus
29 IV 2011 10:10:34 - C:\WINDOWS\system32\eEmpty.exe (34048), 27-Apr-2011, MicroWorld Technologies Inc., eScan For Windows
29 IV 2011 10:10:34 - C:\WINDOWS\system32\MpSigStub.exe (222080), 18-Apr-2011, Microsoft Corporation, Microsoft Malware Protection
29 IV 2011 10:10:34 - C:\WINDOWS\system32\MRT.exe (42181064), 18-Apr-2011, Microsoft Corporation, Nástroj pro odstranění škodlivého softwaru systému Microsoft Windows
29 IV 2011 10:10:34 - C:\WINDOWS\system32\swsc.exe (40960), 27-Apr-2011
29 IV 2011 10:10:34 - C:\WINDOWS\system32\T.COM (137216), 27-Apr-2011, Microsoft Corporation, Microsoft(R) Windows (R) 2000 Operating System
29 IV 2011 10:10:34 - C:\WINDOWS\system32\TASKMGR.COM (137216), 28-Apr-2011, Microsoft Corporation, Microsoft(R) Windows (R) 2000 Operating System
29 IV 2011 10:10:34 - C:\WINDOWS\system32\dllcache\user32.dll (578560), 28-Apr-2011, Microsoft Corporation, Operační systém Microsoft® Windows®
29 IV 2011 10:10:34 - C:\WINDOWS\system32\drivers\aavmker4.sys (30680), 18-Apr-2011, AVAST Software, avast! Antivirus System
29 IV 2011 10:10:34 - C:\WINDOWS\system32\drivers\aswFsBlk.sys (19544), 18-Apr-2011, AVAST Software, avast! Antivirus System
29 IV 2011 10:10:34 - C:\WINDOWS\system32\drivers\aswmon.sys (96344), 18-Apr-2011, AVAST Software, avast! Antivirus System
29 IV 2011 10:10:34 - C:\WINDOWS\system32\drivers\aswmon2.sys (102488), 18-Apr-2011, AVAST Software, avast! Antivirus System
29 IV 2011 10:10:34 - C:\WINDOWS\system32\drivers\aswRdr.sys (25432), 18-Apr-2011, AVAST Software, avast! Antivirus System
29 IV 2011 10:10:34 - C:\WINDOWS\system32\drivers\aswSnx.sys (441176), 18-Apr-2011, AVAST Software, avast! Antivirus System
29 IV 2011 10:10:34 - C:\WINDOWS\system32\drivers\aswSP.sys (307288), 18-Apr-2011, AVAST Software, avast! Antivirus System
29 IV 2011 10:10:34 - C:\WINDOWS\system32\drivers\aswTdi.sys (49240), 18-Apr-2011, AVAST Software, avast! Antivirus System
29 IV 2011 10:10:34 - C:\WINDOWS\system32\drivers\mbam.sys (20952), 20-Apr-2011, Malwarebytes Corporation, Malwarebytes' Anti-Malware
29 IV 2011 10:10:34 - C:\WINDOWS\system32\drivers\mbamswissarmy.sys (38224), 20-Apr-2011, Malwarebytes Corporation, Malwarebytes' Anti-Malware
29 IV 2011 10:10:34 - C:\WINDOWS\system32\drivers\tmcomm.sys (190032), 28-Apr-2011, Trend Micro Inc., Trend Micro AEGIS
29 IV 2011 10:10:34 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\bdc.exe (91904), 28-Apr-2011, MicroWorld Tech, eScan
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\bdfltlib2k.dll (231944), 28-Apr-2011, MicroWorld Technologies Inc., eScan for Windows
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\clean.bat (11), 28-Apr-2011
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\DEVCON.EXE (61184), 28-Apr-2011, Microsoft Corporation, Microsoft® Windows® Operating System
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\encdec.dll (180744), 28-Apr-2011, MicroWorld Technologies Inc., eScan/MailScan/eConceal
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\erootdrv.sys (13832), 28-Apr-2011, MicroWorld Technologies Inc., eScan/MWAV
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\GX.exe (383872), 29-Apr-2011, Sysinternals - www.sysinternals.com, Sysinternals Rootkitrevealer
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\LC.exe (338816), 29-Apr-2011, Sysinternals - www.sysinternals.com, Sysinternals Rootkitrevealer
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\mexe.com (2554440), 29-Apr-2011, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\msvclnt.dll (240136), 28-Apr-2011, MicroWorld Technologies Inc., MailScan
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\mwavdwnl.exe (838152), 28-Apr-2011, MicroWorld Technologies Inc., eScan
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\MWAVSCAN.COM (2554440), 28-Apr-2011, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\red32.dll (10248), 28-Apr-2011, Microsoft Corporation, Microsoft® Windows® Operating System
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\Reload.exe (375304), 28-Apr-2011, MicroWorld Technologies Inc., eScan for Windows
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\setpriv.exe (66568), 28-Apr-2011, MicroWorld Technologies Inc., eScan AntiVirus Toolkit Utility
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\unregx.exe (77832), 28-Apr-2011, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\ViewTCP.exe (1680904), 28-Apr-2011, MicroWorld Technologies Inc., ViewTCP
29 IV 2011 10:10:35 - C:\WINDOWS\$hf_mig$, 15-Dec-2005 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\$MSI31Uninstall_KB893803v2$, 23-Jan-2006 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$, 24-Feb-2008 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$, 24-Feb-2008 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\$NtUninstallMSCompPackV1$, 03-Nov-2006 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\$NtUninstallWgaNotify$, 04-Apr-2006 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\$NtUninstallWIC$, 05-Feb-2008 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\$NtUninstallWMFDist11$, 03-Nov-2006 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\$NtUninstallwmp11$, 21-Jan-2008 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\$NtUninstallWudf01000$, 03-Nov-2006 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\ERDNT, 27-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\ERUNT, 28-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\Fonts, 15-Dec-2005 [SR] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\ftpcache, 11-Mar-2006 [HS] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\ie7, 25-Feb-2008 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\ie8, 06-May-2010 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\inf, 15-Dec-2005 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\logo_1.exe, 27-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\msdownld.tmp, 12-Jan-2005 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\PIF, 13-Mar-2006 [H] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\RUNDL132.EXE, 28-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\VDLL.DLL, 27-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\system32\dllcache, 15-Dec-2005 [HSR] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\system32\Microsoft, 15-Dec-2005 [S] [Folder]
29 IV 2011 10:10:35 - C:\WINDOWS\system32\runouce.exe, 27-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\AVCBack, 28-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\LOCK, 28-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\plugins, 28-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\tmp000042f3, 29-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\WPDNSE, 29-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\Axure, 14-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\Malwarebytes, 20-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\Microsoft, 14-Dec-2005 [S] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\WinRAR, 28-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\Data aplikací, 14-Dec-2005 [HR] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\DoctorWeb, 20-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\IECompatCache, 13-Dec-2009 [HS] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\IETldCache, 31-May-2009 [HS] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\Local Settings, 14-Dec-2005 [H] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\Okolní síť, 14-Dec-2005 [H] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\Okolní tiskárny, 14-Dec-2005 [H] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\PrivacIE, 04-Jun-2009 [HS] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\Recent, 28-Apr-2011 [HR] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\SendTo, 14-Dec-2005 [HR] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\UserData, 10-Jan-2005 [HS] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\Šablony, 14-Dec-2005 [H] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\All Users\Data aplikací\Axure, 14-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\All Users\Data aplikací\Malwarebytes, 20-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\All Users\Data aplikací\Microsoft, 15-Dec-2005 [S] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\All Users\Data aplikací\MicroWorld, 27-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\All Users\Data aplikací\{013089CD-00C7-4A1B-BDA5-C3CB2E09BD4F}, 14-Apr-2011 [H] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\All Users\Data aplikací\..\Data aplikací, 15-Dec-2005 [HR] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\All Users\Data aplikací\..\DRM, 15-Dec-2005 [HS] [Folder]
29 IV 2011 10:10:35 - C:\Documents and Settings\All Users\Data aplikací\..\Šablony, 15-Dec-2005 [H] [Folder]
29 IV 2011 10:10:35 - C:\Program Files\Axure, 14-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Program Files\ESET, 27-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Program Files\Malwarebytes' Anti-Malware, 20-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Program Files\Microsoft Security Client, 18-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Program Files\QuickTime, 22-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Program Files\Secunia, 27-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Program Files\Torpig Removal Tool, 20-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Program Files\trend micro, 28-Apr-2011 [Folder]
29 IV 2011 10:10:35 - C:\Program Files\WindowsUpdate, 15-Dec-2005 [H] [Folder]
29 IV 2011 10:10:35 - C:\Program Files\Zero G Registry, 03-Jun-2008 [H] [Folder]
29 IV 2011 10:10:35 - C:\Program Files\Common Files\MicroWorld, 27-Apr-2011 [Folder]


29 IV 2011 10:10:35 - *********************************************************************************************

29 IV 2011 10:10:36 - Options Selected by User:
29 IV 2011 10:10:36 - Memory Check: Enabled
29 IV 2011 10:10:36 - Registry Check: Enabled
29 IV 2011 10:10:36 - StartUp Folder Check: Enabled
29 IV 2011 10:10:36 - System Folder Check: Enabled
29 IV 2011 10:10:36 - Services Check: Enabled
29 IV 2011 10:10:36 - Scan Spyware: Enabled
29 IV 2011 10:10:36 - Drive Check Option Disabled
29 IV 2011 10:10:36 - Folder Check: Disabled
29 IV 2011 10:10:36 - SCAN: All_Files
29 IV 2011 10:10:36 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)


29 IV 2011 10:10:37 - ***** Scanning Memory Files *****
29 IV 2011 10:10:40 - ***** Scanning Registry Files *****
29 IV 2011 10:10:42 - ***** Scanning StartUp Folders *****
29 IV 2011 10:10:57 - ***** Scanning Service Files *****

29 IV 2011 10:10:59 - ***** Scanning Registry and File system for Adware/Spyware *****
29 IV 2011 10:10:59 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\HP_DX5~1\LOCALS~1\temp\spydb.avs, Size: 970284]...
29 IV 2011 10:10:59 - Indexed Spyware Databases Successfully Created...

29 IV 2011 10:12:10 - Unable to Open [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]! Reason: Přístup byl odepřen. (0x5)
29 IV 2011 10:12:12 - Unable to Open [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]! Reason: Přístup byl odepřen. (0x5)

29 IV 2011 10:12:12 - ***** Scanning Registry Files *****
29 IV 2011 10:12:15 - ***** Scanning System32 Folders *****

29 IV 2011 10:12:49 - ScanFile took 22.19 Secs [C:\Documents and Settings\HP_DX5150\Local Settings\temp\mwXface.log]...

29 IV 2011 10:14:07 - ***** Checking for specific ITW Viruses *****



29 IV 2011 10:14:08 - ***** Scanning complete. *****



29 IV 2011 10:14:08 - Total Objects Scanned: 95273
29 IV 2011 10:14:08 - Total Critical Objects: 0
29 IV 2011 10:14:08 - Total Disinfected Objects: 0
29 IV 2011 10:14:08 - Total Objects Renamed: 0
29 IV 2011 10:14:08 - Total Deleted Objects: 0
29 IV 2011 10:14:08 - Total Errors: 0
29 IV 2011 10:14:08 - Time Elapsed: 00:03:32
29 IV 2011 10:14:08 - Virus Database Date: 23 Mar 2011
29 IV 2011 10:14:08 - Virus Database Count: 6969404

29 IV 2011 10:14:08 - Scan Completed.



MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6405

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.4.2011 10:18:55
mbam-log-2011-04-29 (10-18-55).txt

Typ kontroly: Rychlý test
Testované objekty: 184841
Uplynulý čas: 4 minut, 52 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0


DDS:

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by HP_DX5150 at 21:41:52,34 on čt 28.04.2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
.
============== Running Processes ===============
.
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
G:\Nová složka\dds.com
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&r ... :{language}
uStart Page = hxxp://seznam.cz/
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: QIPBHO Class: {a55f9c95-2bb1-4ea2-bc77-dfaab78832ce} - c:\documents and settings\hp_dx5150\data aplikací\microsoft\internet explorer\qipsearchbar.dll
uURLSearchHooks: H - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {11352A67-0178-46B1-8855-D50B2F81C054} - No File
TB: WebTranslator: {bfc32e1d-ee75-4a48-bc60-104e11ee2431} - c:\translat\WEBIE.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Přečti to! - c:\windows\speech\gbs\Precti_to.htm
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: {BFC32E1D-EE75-4A48-BC60-104E11EE2431}
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.cz/buxus/docs/OnlineScanner.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156614511546
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} - hxxp://xtraz.icq.com/xtraz/products/wirelesscl/WirelessContact.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {0CD68AC9-FF63-3E61-626B-B663E62F6236} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\hp_dx5~1\dataap~1\mozilla\firefox\profiles\7ng0epfe.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.google.cz/#hl=cs&lr=lang_cs&q=
FF - prefs.js: network.proxy.ftp - 86.49.121.82
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 86.49.121.82
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 86.49.121.82
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 86.49.121.82
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\hp_dx5150\local settings\data aplikacă­\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\npdrmv2.dll
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: InFormEnter: {5546F97E-11A5-46b0-9082-32AD74AAA920} - %profile%\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
============= SERVICES / DRIVERS ===============
.
R? Apache2.2;Apache2.2
R? aswFsBlk;aswFsBlk
R? aswSnx;aswSnx
R? aswSP;aswSP
R? avast! Antivirus;avast! Antivirus
R? Egatebus;Egatebus
R? Egatecard;Egatecard
R? Egaterdr;Egaterdr
R? FsUsbExDisk;FsUsbExDisk
R? ioloFileInfoList;iolo FileInfoList Service
R? ioloSystemService;iolo System Service
R? MpFilter;Microsoft Malware Protection Driver
R? PSI;PSI
R? Secunia PSI Agent;Secunia PSI Agent
R? Secunia Update Agent;Secunia Update Agent
R? SGSSQPH;SGSSQPH
R? SliceDisk5;SliceDisk5
R? sp_rsdrv2;Spyware Terminator Driver 2
R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)
R? ssadmdfl;SAMSUNG Android USB Modem (Filter)
R? ssadmdm;SAMSUNG Android USB Modem Drivers
S? d347bus;d347bus
S? d347prt;d347prt
S? PSched;Plánova
.
=============== Created Last 30 ================
.
2011-06-05 16:42:51 -------- d-----w- c:\docume~1\alluse~1\dataap~1\Alwil Software
2011-04-28 19:21:51 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-28 19:18:50 -------- d---a-w- c:\windows\rundll16.exe
2011-04-28 19:18:50 -------- d---a-w- c:\windows\logo1_.exe
2011-04-28 18:39:58 -------- d-----w- c:\docume~1\hp_dx5~1\locals~1\dataap~1\GHISLER
2011-04-28 15:06:15 58368 ----a-w- c:\windows\MbrFix.exe
2011-04-28 11:38:36 -------- d-----w- c:\program files\trend micro
2011-04-27 23:24:21 89088 ----a-w- c:\windows\MBR.exe
2011-04-27 23:24:21 256512 ----a-w- c:\windows\PEV.exe
2011-04-27 23:24:21 161792 ----a-w- c:\windows\SWREG.exe
2011-04-27 23:24:20 98816 ----a-w- c:\windows\sed.exe
2011-04-27 22:35:41 -------- d-----w- c:\program files\ESET
2011-04-27 20:06:20 -------- d-----w- c:\docume~1\hp_dx5~1\locals~1\dataap~1\Secunia PSI
2011-04-27 20:04:56 -------- d-----w- c:\program files\Secunia
2011-04-27 19:25:36 30575038 ----a-w- c:\windows\hkcrRT.reg
2011-04-27 19:12:21 -------- d---a-w- c:\windows\VDLL.DLL
2011-04-27 19:12:21 -------- d---a-w- c:\windows\system32\runouce.exe
2011-04-27 19:12:21 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-04-27 19:12:21 -------- d---a-w- c:\windows\logo_1.exe
2011-04-27 19:09:17 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-04-27 19:09:16 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-04-27 19:09:14 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-04-27 19:09:09 137216 ----a-w- c:\windows\system32\TASKMGR.COM
2011-04-27 19:09:09 137216 ----a-w- c:\windows\system32\T.COM
2011-04-27 19:09:08 147968 ----a-w- c:\windows\REGEDIT.COM
2011-04-27 19:09:08 147968 ----a-w- c:\windows\R.COM
2011-04-27 19:09:06 -------- d-----w- c:\program files\common files\MicroWorld
2011-04-27 19:08:50 -------- d-----w- c:\docume~1\alluse~1\dataap~1\MicroWorld
2011-04-27 18:28:30 28752 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\{d2f277ca-0881-4427-a46e-750286dae6a3}\MpKslad2bb9a4.sys
2011-04-27 18:02:56 -------- d-----w- C:\TDSSKiller_Quarantine
2011-04-27 17:35:18 7071056 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\{d2f277ca-0881-4427-a46e-750286dae6a3}\mpengine.dll
2011-04-20 12:05:34 -------- d-----w- c:\documents and settings\hp_dx5150\DoctorWeb
2011-04-20 10:45:20 -------- d-----w- c:\program files\Torpig Removal Tool
2011-04-20 10:41:31 -------- d-----w- c:\docume~1\hp_dx5~1\dataap~1\Malwarebytes
2011-04-20 10:37:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 10:37:12 -------- d-----w- c:\docume~1\alluse~1\dataap~1\Malwarebytes
2011-04-20 10:37:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 10:37:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-19 08:41:45 7071056 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-04-18 19:15:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-18 19:07:30 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-14 19:19:11 -------- d-----w- c:\docume~1\hp_dx5~1\locals~1\dataap~1\Axure
2011-04-14 19:18:58 -------- d-----w- c:\docume~1\alluse~1\dataap~1\Axure
2011-04-14 19:18:53 -------- d-----w- c:\docume~1\hp_dx5~1\dataap~1\Axure
2011-04-14 19:18:01 -------- d--h--w- c:\docume~1\alluse~1\dataap~1\{013089CD-00C7-4A1B-BDA5-C3CB2E09BD4F}
2011-04-14 19:17:53 -------- d-----w- c:\program files\Axure
2011-04-11 21:07:22 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-11 21:07:02 40112 ----a-w- c:\windows\avastSS.scr
2011-04-11 21:06:53 -------- d-----w- c:\program files\AVAST Software
2011-04-11 21:06:53 -------- d-----w- c:\docume~1\alluse~1\dataap~1\AVAST Software
2011-04-04 19:04:26 -------- d-----w- c:\program files\ICQ7.4
.
==================== Find3M ====================
.
2011-04-27 23:26:54 1462 ----a-w- c:\windows\system32\tmp.reg
2011-03-07 05:33:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:57 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:33 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08:04 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:54:06 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:50 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:50 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 19:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:33 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 21:42:57,95 ===============


MBRcheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000006d

Kernel Drivers (total 103):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7590000 d347bus.sys
0xF7562000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7551000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF7492000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF747A000
0xF798B000 d347prt.sys
0xF7462000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF798D000 imagedrv.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7442000 fltmgr.sys
0xF7647000 PxHelp20.sys
0xF742B000 KSecDD.sys
0xF7418000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF786A000 NDIS.sys
0xF7850000 Mup.sys
0xBA6E5000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF7747000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xBA6C1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF774F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7677000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF791F000 \SystemRoot\system32\drivers\pfc.sys
0xF7927000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0xF7687000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7697000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA69E000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7767000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7777000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF777F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7937000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA687000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF779F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA64E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7993000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF794B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7531000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7521000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7997000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77CF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA70F000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xBA70D000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF799B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA707000 \SystemRoot\System32\Drivers\Null.SYS
0xF799F000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77E7000 \SystemRoot\System32\drivers\vga.sys
0xBA522000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF79A3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77F7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7807000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA72C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xBA4EF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA496000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA470000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA448000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF773F000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xBA720000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF74F1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF775F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA718000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xBA710000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA426000 \SystemRoot\System32\drivers\afd.sys
0xF74E1000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA3DB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA36B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA34B000 \SystemRoot\system32\DRIVERS\imagesrv.sys
0xF74C1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA2E3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79A9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA7DC000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77C7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AAC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF70000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xBA0BF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9DC1000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA556000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB9D9E000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB9C62000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF7797000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7787000 \??\C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\mbr.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 16):
0 System Idle Process
4 System
268 C:\WINDOWS\system32\smss.exe
412 csrss.exe
436 C:\WINDOWS\system32\winlogon.exe
480 C:\WINDOWS\system32\services.exe
492 C:\WINDOWS\system32\lsass.exe
636 C:\WINDOWS\system32\svchost.exe
704 svchost.exe
760 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
812 C:\WINDOWS\system32\svchost.exe
860 svchost.exe
924 svchost.exe
1624 C:\WINDOWS\explorer.exe
1920 C:\WINDOWS\explorer.exe
1652 C:\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JS-60MHB1, Rev: 10.02E02

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528

Done!


Avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46

Ok.

Re: Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 29 dub 2011 09:48
od filip610
ComboFix:

ComboFix 11-04-28.01 - HP_DX5150 28.04.2011 21:58:06.2.1 - x86 NETWORK
Spuštěný z: C:\Documents and Settings\HP_DX5150\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\HP_DX5150\SendTo\RemoveOnReboot.exe
C:\Documents and Settings\HP_DX5150\System
C:\Documents and Settings\HP_DX5150\System\win_qs8.jqx
C:\Documents and Settings\HP_DX5150\WINDOWS
C:\Recycled\Recycled
C:\WINDOWS\hkcrRT.reg
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\Agent.OMZ.Fix.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\Ijl11.dll
C:\WINDOWS\system32\o4Patch.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\Thumbs.db
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\vbpng1.dll
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\wrt.acx
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\v10neformatic.dll
C:\WINDOWS\v10neformatic.ocx
C:\WINDOWS\w32dasm8.ini
C:\WINDOWS\XSxS


((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FAD
-------\Legacy_G
-------\Legacy_NPF
-------\Service_G


((((((((((((((((((((((((( Soubory vytvořené od 2011-03-28 do 2011-04-28 )))))))))))))))))))))))))))))))


2011-06-05 16:42:51 . 2011-04-11 21:01:35 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2011-04-28 19:21:51 . 2011-04-28 19:21:50 190032 ----a-w- C:\WINDOWS\system32\drivers\tmcomm.sys
2011-04-28 19:18:50 . 2011-04-28 19:18:50 -------- d---a-w- C:\WINDOWS\rundll16.exe
2011-04-28 19:18:50 . 2011-04-28 19:18:50 -------- d---a-w- C:\WINDOWS\logo1_.exe
2011-04-28 18:39:58 . 2011-04-28 18:39:58 -------- d-----w- C:\Documents and Settings\HP_DX5150\Local Settings\Data aplikací\GHISLER
2011-04-28 15:06:15 . 2011-04-28 15:01:32 58368 ----a-w- C:\WINDOWS\MbrFix.exe
2011-04-28 11:38:36 . 2011-04-28 11:38:36 -------- d-----w- C:\Program Files\trend micro
2011-04-28 11:38:35 . 2011-04-28 11:38:42 -------- d-----w- C:\rsit
2011-04-27 22:35:41 . 2011-04-27 22:35:41 -------- d-----w- C:\Program Files\ESET
2011-04-27 20:06:20 . 2011-04-27 20:06:20 -------- d-----w- C:\Documents and Settings\HP_DX5150\Local Settings\Data aplikací\Secunia PSI
2011-04-27 20:04:56 . 2011-04-27 20:04:56 -------- d-----w- C:\Program Files\Secunia
2011-04-27 19:12:21 . 2011-04-27 19:12:21 -------- d---a-w- C:\WINDOWS\VDLL.DLL
2011-04-27 19:12:21 . 2011-04-27 19:12:21 -------- d---a-w- C:\WINDOWS\system32\runouce.exe
2011-04-27 19:12:21 . 2011-04-27 19:12:21 -------- d---a-w- C:\WINDOWS\RUNDL132.EXE
2011-04-27 19:12:21 . 2011-04-27 19:12:21 -------- d---a-w- C:\WINDOWS\logo_1.exe
2011-04-27 19:09:17 . 2011-04-27 19:09:16 632064 ----a-w- C:\WINDOWS\system32\msvcr80.dll
2011-04-27 19:09:16 . 2011-04-27 19:09:15 554240 ----a-w- C:\WINDOWS\system32\msvcp80.dll
2011-04-27 19:09:14 . 2011-04-27 19:09:13 34048 ----a-w- C:\WINDOWS\system32\eEmpty.exe
2011-04-27 19:09:09 . 2008-04-14 03:22:49 137216 ----a-w- C:\WINDOWS\system32\T.COM
2011-04-27 19:09:08 . 2008-04-14 03:22:42 147968 ----a-w- C:\WINDOWS\R.COM
2011-04-27 19:09:06 . 2011-04-27 19:09:06 -------- d-----w- C:\Program Files\Common Files\MicroWorld
2011-04-27 19:08:50 . 2011-04-27 19:09:06 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2011-04-27 18:28:30 . 2011-04-27 18:28:30 28752 ----a-w- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D2F277CA-0881-4427-A46E-750286DAE6A3}\MpKslad2bb9a4.sys
2011-04-27 18:02:56 . 2011-04-27 18:02:56 -------- d-----w- C:\TDSSKiller_Quarantine
2011-04-27 17:35:18 . 2011-04-11 07:04:07 7071056 ----a-w- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D2F277CA-0881-4427-A46E-750286DAE6A3}\mpengine.dll
2011-04-20 12:05:34 . 2011-04-20 12:05:34 -------- d-----w- C:\Documents and Settings\HP_DX5150\DoctorWeb
2011-04-20 10:45:20 . 2011-04-28 18:30:28 -------- d-----w- C:\Program Files\Torpig Removal Tool
2011-04-20 10:41:31 . 2011-04-20 10:41:31 -------- d-----w- C:\Documents and Settings\HP_DX5150\Data aplikací\Malwarebytes
2011-04-20 10:37:14 . 2010-12-20 16:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-04-20 10:37:12 . 2011-04-20 10:37:12 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-04-20 10:37:05 . 2010-12-20 16:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-04-20 10:37:04 . 2011-04-20 10:37:18 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-04-19 08:41:45 . 2011-04-11 07:04:07 7071056 ----a-w- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-18 19:15:38 . 2010-10-19 20:51:33 222080 ------w- C:\WINDOWS\system32\MpSigStub.exe
2011-04-18 19:07:30 . 2011-04-18 19:11:38 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-04-14 19:19:11 . 2011-04-14 19:19:11 -------- d-----w- C:\Documents and Settings\HP_DX5150\Local Settings\Data aplikací\Axure
2011-04-14 19:18:58 . 2011-04-14 19:18:58 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Axure
2011-04-14 19:18:53 . 2011-04-14 19:18:53 -------- d-----w- C:\Documents and Settings\HP_DX5150\Data aplikací\Axure
2011-04-14 19:18:01 . 2011-04-14 19:18:02 -------- d--h--w- C:\Documents and Settings\All Users\Data aplikací\{013089CD-00C7-4A1B-BDA5-C3CB2E09BD4F}
2011-04-14 19:17:53 . 2011-04-14 19:17:53 -------- d-----w- C:\Program Files\Axure
2011-04-11 21:07:26 . 2011-04-18 17:17:34 307288 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-04-11 21:07:26 . 2011-04-18 17:12:58 19544 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-04-11 21:07:23 . 2011-04-18 17:13:21 25432 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-04-11 21:07:22 . 2011-04-18 17:17:46 441176 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-04-11 21:07:22 . 2011-04-18 17:16:18 49240 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-04-11 21:07:21 . 2011-04-18 17:16:06 102488 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-04-11 21:07:21 . 2011-04-18 17:16:02 96344 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-04-11 21:07:21 . 2011-04-18 17:13:02 30680 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-04-11 21:07:02 . 2011-04-18 17:25:12 40112 ----a-w- C:\WINDOWS\avastSS.scr
2011-04-11 21:07:02 . 2011-04-18 17:25:10 199304 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-04-11 21:06:53 . 2011-04-11 21:06:53 -------- d-----w- C:\Program Files\AVAST Software
2011-04-11 21:06:53 . 2011-04-11 21:06:53 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-04-04 19:04:26 . 2011-04-04 19:05:58 -------- d-----w- C:\Program Files\ICQ7.4
.


(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-04-27 19:28:41 . 2011-04-27 19:25:35 7394373 ----a-w- C:\WINDOWS\REGBK00.ZIP
2011-03-07 05:33:34 . 2004-08-18 02:00:00 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:36:57 . 2004-08-18 02:00:00 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:53:33 . 2004-08-18 02:00:00 1857920 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-02-22 23:08:04 . 2004-08-18 02:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-02-22 23:08:03 . 2004-08-18 02:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-02-22 23:08:03 . 2004-08-18 02:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-02-22 11:41:59 . 2004-08-18 02:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-02-17 13:18:24 . 2004-08-18 02:00:00 455936 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-02-17 13:18:03 . 2004-08-18 02:00:00 357888 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2011-02-17 12:54:06 . 2008-05-05 05:25:04 5632 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2011-02-15 12:56:39 . 2004-08-18 02:00:00 290432 ----a-w- C:\WINDOWS\system32\atmfd.dll
2011-02-09 13:53:50 . 2004-08-18 02:00:00 270848 ----a-w- C:\WINDOWS\system32\sbe.dll
2011-02-09 13:53:50 . 2004-08-18 02:00:00 186880 ----a-w- C:\WINDOWS\system32\encdec.dll
2011-02-08 13:33:55 . 2004-08-18 02:00:00 978944 ----a-w- C:\WINDOWS\system32\mfc42.dll
2011-02-08 13:33:55 . 2004-08-18 02:00:00 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll
2011-02-02 19:40:23 . 2010-05-16 07:36:18 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2011-02-02 17:19:39 . 2008-03-20 20:54:50 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2011-02-02 07:58:33 . 2004-08-18 02:00:00 2067456 ----a-w- C:\WINDOWS\system32\mstscax.dll
2009-02-24 19:34:32 . 2009-02-24 19:34:32 1044480 ----a-w- C:\Program Files\opera\program\plugins\libdivx.dll
2009-02-24 19:34:32 . 2009-02-24 19:34:32 200704 ----a-w- C:\Program Files\opera\program\plugins\ssldivx.dll
2009-10-05 17:34:50 . 2010-01-12 15:38:30 118000 ----a-w- C:\Program Files\mozilla firefox\components\qippipe.dll


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))


*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25:04 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19:44 94208 ----a-w- C:\Documents and Settings\HP_DX5150\Data aplikací\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19:44 94208 ----a-w- C:\Documents and Settings\HP_DX5150\Data aplikací\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19:44 94208 ----a-w- C:\Documents and Settings\HP_DX5150\Data aplikací\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2010-11-30 11:20:36 997408]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"ioloFileInfoList"=2 (0x2)
"ioloSystemService"=2 (0x2)
"UxTuneUp"=2 (0x2)
"SDhelper"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\ICQ7.4\\ICQ.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:Remote Desktop
"65533:TCP"= 65533:TCP:*:Disabled:Services
"52344:TCP"= 52344:TCP:*:Disabled:Services
"3145:TCP"= 3145:TCP:*:Disabled:Services
"6287:TCP"= 6287:TCP:*:Disabled:Services
"6083:TCP"= 6083:TCP:*:Disabled:Services
"2959:TCP"= 2959:TCP:*:Disabled:Services
"5255:TCP"= 5255:TCP:*:Disabled:Services
"9411:TCP"= 9411:TCP:*:Disabled:Services
"5864:TCP"= 5864:TCP:*:Disabled:Services
"3489:TCP"= 3489:TCP:*:Disabled:Services
"4739:TCP"= 4739:TCP:*:Disabled:Services

R0 d347bus;d347bus;C:\WINDOWS\system32\drivers\d347bus.sys [12.4.2006 17:03:36 155136]
R0 d347prt;d347prt;C:\WINDOWS\system32\drivers\d347prt.sys [12.4.2006 17:03:36 5248]
S1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [11.4.2011 23:07:22 441176]
S1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [11.4.2011 23:07:26 307288]
S1 sp_rsdrv2;Spyware Terminator Driver 2; [x]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [11.4.2011 23:07:26 19544]
S3 Egatebus;Egatebus;C:\WINDOWS\system32\drivers\egatebus.sys [19.5.2006 11:22:58 15328]
S3 Egatecard;Egatecard;C:\WINDOWS\system32\drivers\egate.sys [19.5.2006 11:22:58 18880]
S3 Egaterdr;Egaterdr;C:\WINDOWS\system32\drivers\egaterdr.sys [19.5.2006 11:22:58 13440]
S3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [12.8.2010 20:20:38 36640]
S3 PSI;PSI;C:\WINDOWS\system32\drivers\psi_mf.sys [1.9.2010 10:30:58 15544]
S3 SliceDisk5;SliceDisk5; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\WINDOWS\system32\drivers\ssadbus.sys [14.12.2010 20:21:13 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\WINDOWS\system32\drivers\ssadmdfl.sys [14.12.2010 20:21:16 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\WINDOWS\system32\drivers\ssadmdm.sys [14.12.2010 20:21:16 121576]
S4 Apache2.2;Apache2.2;C:\dev\prog\Apache2\bin\httpd.exe [10.10.2008 13:39:30 24636]
S4 ioloFileInfoList;iolo FileInfoList Service; [x]
S4 ioloSystemService;iolo System Service; [x]
S4 PHPGeekUtil;PHPGeekUtil; [x]
S4 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files\Secunia\PSI\psia.exe [19.4.2011 8:44:40 993848]
S4 Secunia Update Agent;Secunia Update Agent;C:\Program Files\Secunia\PSI\sua.exe [19.4.2011 8:44:40 399416]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

Obsah adresáře 'Naplánované úlohy'

2011-03-18 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 15:53:42 . 2006-12-30 13:13:57]

2011-04-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]

2011-04-28 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36:52 . 2005-04-22 16:36:52]

2011-04-28 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26:42 . 2010-11-11 10:26:42]

2011-06-05 C:\WINDOWS\Tasks\User_Feed_Synchronization-{09DFABC5-C6B3-44CB-9EB7-1BF22D3D233C}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 17:36:40 . 2009-03-08 02:31:54]


------- Doplňkový sken -------

uDefault_Search_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&r ... :{language}
uStart Page = hxxp://seznam.cz/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Přečti to! - C:\WINDOWS\Speech\gbs\Precti_to.htm
IE: Připojit cíl vazby k existujícímu PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} - hxxp://xtraz.icq.com/xtraz/products/wirelesscl/WirelessContact.cab
FF - ProfilePath - C:\Documents and Settings\HP_DX5150\Data aplikací\Mozilla\Firefox\Profiles\7ng0epfe.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.google.cz/#hl=cs&lr=lang_cs&q=
FF - prefs.js: network.proxy.ftp - 86.49.121.82
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 86.49.121.82
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 86.49.121.82
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 86.49.121.82
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: InFormEnter: {5546F97E-11A5-46b0-9082-32AD74AAA920} - %profile%\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

ShellExecuteHooks-{0CD68AC9-FF63-3E61-626B-B663E62F6236} - (no file)
SafeBoot-klmdb.sys


SDfix:

SDFix: Version 1.240
Run by HP_DX5150 on čt 28.04.2011 at 22:42

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:


Could Not Remove C:\WINDOWS\rundll16.exe - odstraneno rucne, killbox, nevytvari se znovu
Could Not Remove C:\WINDOWS\rundl132.exe - odstraneno rucne, killbox, nevytvari se znovu



Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-28 23:30:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a273]
"0015a83d1716"=hex:e0,25,d4,e1,94,b7,03,a9,f8,6a,59,cf,c4,eb,7a,c5
"001979bf2817"=hex:e6,89,bc,f5,d5,cb,58,7a,2a,6b,f2,83,3e,8c,24,a9
"8c541dda3e1b"=hex:7d,24,3c,53,e0,7c,c2,08,f1,b6,79,59,a6,46,4b,5b
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b107a273]
"0015a83d1716"=hex:e0,25,d4,e1,94,b7,03,a9,f8,6a,59,cf,c4,eb,7a,c5
"001979bf2817"=hex:e6,89,bc,f5,d5,cb,58,7a,2a,6b,f2,83,3e,8c,24,a9
"8c541dda3e1b"=hex:7d,24,3c,53,e0,7c,c2,08,f1,b6,79,59,a6,46,4b,5b

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"RequireSignedAppInit_DLLs"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D70B030E-B7CC-15B7-530A-07C3B3F4975B}]
"oakbkkgfpmanfllffkemlonamlijbb"=hex:6a,61,68,6f,6a,64,6b,70,6d,63,70,62,6c,6d,6c,70,63,66,6c,6d,00,..
"naabelnepjoipkohncckkflcbfik"=hex:6a,61,68,6f,6a,64,6b,70,6d,63,70,62,6c,6d,6c,70,63,66,6c,6d,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\ICQ7.4\\ICQ.exe"="C:\\Program Files\\ICQ7.4\\ICQ.exe:*:Disabled:ICQ"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

C:\WINDOWS\rundll16.exe Found - pozdeji sem odstranil rucne
C:\WINDOWS\rundl132.exe Found - to same

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 13 Aug 2007 71,680 A..H. --- "C:\791b7b2f568af514231a\admparse.dll"
Mon 13 Aug 2007 123,904 A..H. --- "C:\791b7b2f568af514231a\advpack.dll"
Sat 23 Sep 2006 1,022,976 A..H. --- "C:\791b7b2f568af514231a\browseui.dll"
Mon 13 Aug 2007 17,408 A..H. --- "C:\791b7b2f568af514231a\corpol.dll"
Mon 13 Aug 2007 33,792 A..H. --- "C:\791b7b2f568af514231a\custsat.dll"
Mon 13 Aug 2007 346,624 A..H. --- "C:\791b7b2f568af514231a\dxtmsft.dll"
Mon 13 Aug 2007 214,528 A..H. --- "C:\791b7b2f568af514231a\dxtrans.dll"
Mon 13 Aug 2007 131,584 A..H. --- "C:\791b7b2f568af514231a\extmgr.dll"
Mon 13 Aug 2007 60,416 A..H. --- "C:\791b7b2f568af514231a\hmmapi.dll"
Mon 13 Aug 2007 61,952 A..H. --- "C:\791b7b2f568af514231a\icardie.dll"
Mon 13 Aug 2007 54,784 A..H. --- "C:\791b7b2f568af514231a\ie4uinit.exe"
Mon 13 Aug 2007 152,064 A..H. --- "C:\791b7b2f568af514231a\ieakeng.dll"
Mon 13 Aug 2007 229,376 A..H. --- "C:\791b7b2f568af514231a\ieaksie.dll"
Mon 13 Aug 2007 161,792 A..H. --- "C:\791b7b2f568af514231a\ieakui.dll"
Wed 11 Jul 2007 383,488 A..H. --- "C:\791b7b2f568af514231a\ieapfltr.dll"
Mon 13 Aug 2007 382,976 A..H. --- "C:\791b7b2f568af514231a\iedkcs32.dll"
Mon 13 Aug 2007 69,120 A..H. --- "C:\791b7b2f568af514231a\iedw.exe"
Mon 13 Aug 2007 78,336 A..H. --- "C:\791b7b2f568af514231a\ieencode.dll"
Mon 13 Aug 2007 6,049,280 A..H. --- "C:\791b7b2f568af514231a\ieframe.dll"
Mon 13 Aug 2007 191,488 A..H. --- "C:\791b7b2f568af514231a\iepeers.dll"
Mon 13 Aug 2007 287,744 A..H. --- "C:\791b7b2f568af514231a\ieproxy.dll"
Mon 13 Aug 2007 43,008 A..H. --- "C:\791b7b2f568af514231a\iernonce.dll"
Mon 13 Aug 2007 266,752 A..H. --- "C:\791b7b2f568af514231a\iertutil.dll"
Mon 13 Aug 2007 55,296 A..H. --- "C:\791b7b2f568af514231a\iesetup.dll"
Mon 13 Aug 2007 13,312 A..H. --- "C:\791b7b2f568af514231a\ieudinit.exe"
Mon 13 Aug 2007 180,736 A..H. --- "C:\791b7b2f568af514231a\ieui.dll"
Mon 13 Aug 2007 622,080 A..H. --- "C:\791b7b2f568af514231a\iexplore.exe"
Mon 13 Aug 2007 36,352 A..H. --- "C:\791b7b2f568af514231a\imgutil.dll"
Mon 13 Aug 2007 92,672 A..H. --- "C:\791b7b2f568af514231a\inseng.dll"
Mon 13 Aug 2007 491,520 A..H. --- "C:\791b7b2f568af514231a\jscript.dll"
Mon 13 Aug 2007 27,136 A..H. --- "C:\791b7b2f568af514231a\jsproxy.dll"
Mon 13 Aug 2007 40,960 A..H. --- "C:\791b7b2f568af514231a\licmgr10.dll"
Mon 13 Aug 2007 458,752 A..H. --- "C:\791b7b2f568af514231a\msfeeds.dll"
Mon 13 Aug 2007 50,688 A..H. --- "C:\791b7b2f568af514231a\msfeedsbs.dll"
Mon 13 Aug 2007 12,288 A..H. --- "C:\791b7b2f568af514231a\msfeedssync.exe"
Mon 13 Aug 2007 45,568 A..H. --- "C:\791b7b2f568af514231a\mshta.exe"
Mon 13 Aug 2007 3,578,368 A..H. --- "C:\791b7b2f568af514231a\mshtml.dll"
Mon 13 Aug 2007 475,648 A..H. --- "C:\791b7b2f568af514231a\mshtmled.dll"
Mon 13 Aug 2007 48,128 A..H. --- "C:\791b7b2f568af514231a\mshtmler.dll"
Mon 13 Aug 2007 156,160 A..H. --- "C:\791b7b2f568af514231a\msls31.dll"
Mon 13 Aug 2007 192,000 A..H. --- "C:\791b7b2f568af514231a\msrating.dll"
Mon 13 Aug 2007 670,720 A..H. --- "C:\791b7b2f568af514231a\mstime.dll"
Mon 13 Aug 2007 101,376 A..H. --- "C:\791b7b2f568af514231a\occache.dll"
Mon 13 Aug 2007 44,544 A..H. --- "C:\791b7b2f568af514231a\pngfilt.dll"
Sat 23 Sep 2006 1,497,088 A..H. --- "C:\791b7b2f568af514231a\shdocvw.dll"
Sat 23 Sep 2006 474,112 A..H. --- "C:\791b7b2f568af514231a\shlwapi.dll"
Wed 6 Sep 2006 14,048 A..H. --- "C:\791b7b2f568af514231a\spmsg.dll"
Wed 6 Sep 2006 213,216 A..H. --- "C:\791b7b2f568af514231a\spuninst.exe"
Wed 6 Sep 2006 22,752 A..H. --- "C:\791b7b2f568af514231a\spupdsvc.exe"
Mon 13 Aug 2007 105,984 A..H. --- "C:\791b7b2f568af514231a\url.dll"
Mon 13 Aug 2007 1,162,240 A..H. --- "C:\791b7b2f568af514231a\urlmon.dll"
Mon 13 Aug 2007 413,696 A..H. --- "C:\791b7b2f568af514231a\vbscript.dll"
Mon 13 Aug 2007 765,952 A..H. --- "C:\791b7b2f568af514231a\vgx.dll"
Mon 13 Aug 2007 231,424 A..H. --- "C:\791b7b2f568af514231a\webcheck.dll"
Mon 13 Aug 2007 206,336 A..H. --- "C:\791b7b2f568af514231a\winfxdocobj.exe"
Mon 13 Aug 2007 818,688 A..H. --- "C:\791b7b2f568af514231a\wininet.dll"
Wed 6 Sep 2006 589,672 A..H. --- "C:\791b7b2f568af514231a\update\idndl.exe"
Mon 13 Aug 2007 32,960 A..H. --- "C:\791b7b2f568af514231a\update\iecustom.dll"
Mon 13 Aug 2007 66,048 A..H. --- "C:\791b7b2f568af514231a\update\iereseticons.exe"
Mon 13 Aug 2007 1,084,096 A..H. --- "C:\791b7b2f568af514231a\update\iesetup.exe"
Mon 12 Feb 2007 635,696 A..H. --- "C:\791b7b2f568af514231a\update\legitlibm.dll"
Wed 6 Sep 2006 498,016 A..H. --- "C:\791b7b2f568af514231a\update\nlsdl.exe"
Wed 6 Sep 2006 716,000 A..H. --- "C:\791b7b2f568af514231a\update\update.exe"
Wed 6 Sep 2006 371,424 A..H. --- "C:\791b7b2f568af514231a\update\updspapi.dll"
Wed 6 Sep 2006 536,888 A..H. --- "C:\791b7b2f568af514231a\update\xmllitesetup.exe"
Wed 4 Nov 2009 1,168,216 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Tue 28 Mar 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 19 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\HP_DX5150\Data aplikacˇ\U3\temp\Launchpad Removal.exe"
Mon 31 Jan 2011 0 A.SH. --- "C:\Documents and Settings\All Users\Data aplikacˇ\Microsoft\PlayReady\Cache\indiv01.tmp"

Finished!

Re: Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 29 dub 2011 10:08
od motji
Hezké poledne :)
Můžete prosím odstranit logy z code, špatně se to čte, díky :) .
já Vám hned trošku nadám :D - zbytečně používáte zastaralý SDFix a jiné programy...máte napsat rovnou, a ne si cpát do pc hromadu programů, které se vesměs používají se skriptem na dočištění :roll: .

Budeme čistit Mbr sektor - máte pouze jeden disk, nepoužíváte žádné šifrování dat, linux a podobně?

Re: Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 29 dub 2011 10:28
od filip610
Dobré odpoledne,

přesně jak píšete - jeden disk, žádný linux, žádné šifrování.

Díky za odpověď

Re: Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 29 dub 2011 10:45
od motji
:arrow: Tyto porty znáte, máte povolené schválně?
3145:TCP"= 3145:TCP:*:Disabled:Services
"6287:TCP"= 6287:TCP:*:Disabled:Services
"6083:TCP"= 6083:TCP:*:Disabled:Services

:arrow: Stáhněte HxD portable http://mh-nexus.de/en/downloads.php?product=HxD
-uložte ho na plochu
-rozbalte ho a program uložte přímo na disk C
-spustte ho
-klikněte na otevřít disk - zvolte pevné disky(fyzické disky) :!: (nepoplette to)
-vyberte pevný disk 1
-do nabídky napište, který sektor chcete otevřít, potvrdíte enter, a budete přímo v tom sektoru
-napište mi, co máte na sektoru 1-62

Aby jste měl představu, co hledat, takto vypadá můj 60.sektor, měly by tak vypadat všechny od 1-62, ale Vy je tak mít pravděpodobně nebudete.

Obrázek



Já tu budu večer asi kolem 9.hodiny a vrhneme se na tu opravu :)

Re: Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 29 dub 2011 12:15
od filip610
Tyto Porty neznám, určitě jsem ručně nenastavoval. Zakázat na routeru? Nebo někde na firewallu?

S tím fyzickým diskem - přesně jak jste psala 1-62 občas nejsou vůbec prázdné,
přikládám HTML export, rozdělil jsem to ručně na sektory dle výstupu z toho programu
aby bylo patrné kde jsou problémy.

Večer tu bohužel nemůžu být, ale budu se snažit rychle reagovat, abych vás moc nezdržel. Díky

Re: Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 29 dub 2011 13:32
od motji
Mě nezdržujete :) .

:!: Zazálohujte si důležitá data, pro jistotu :) Pokud by systém náhodou nenabootoval, lze sektory uvést do původního stavu, když nabootujete z jiného disku nebo třeba přes HIrents. Ale nic by se nemělo stát, je to spíš pro jistotu, přece jen zasahujeme do Mbr :)

:arrow: znovu spustte HxD
klikněte na otevřít disk - zvolte pevné disky(fyzické disky) :!: (nepoplette to)
-vyberte pevný disk 1
-ze čtverečku odkliknete fajfku jen pro čtení
- otevře se program v edit modu
-najdete sektor 7, 61, 53
-označte myšítkem celý sektor 7, 61, 53 (můžete si čísílka zkopírovat a uložit v notepadu, kdyby se něco nepovedlo, vrátíte je zpět)
-zvolte možnost vyplnit výběr (3. možnost odspodu mezi dvěma čarami,) otevřou se přednastavené hodnoty ( 00 00 00...)
-potvrdíte Ok
-zavřete program, potvrdíte změnu.
-pak restartujte počítač a zkontrolujte, zda je sektor přepsaný.


:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-
"3145:TCP"=-
"6287:TCP"=-
"6083:TCP"=-
"2959:TCP"=-
"5255:TCP"=-
"9411:TCP"=-
"5864:TCP"=-
"3489:TCP"=-
"4739:TCP"=-

Driver::
ioloFileInfoList
ioloSystemService
S4 PHPGeekUtil
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


Ty povolené porty jsem Vám zakázala. Já tu teď tak do 5Hodin budu, jinak zítra se tu taky budu pohybovat :)

Re: Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 29 dub 2011 15:06
od filip610
Sektory jsou přepsané a vše Ok, systém naběhl v pořádku. Mám takto vyčistit i ostatní sektory v rozsahu 1-62?
Případně proč jsme právě čistili jen ty dané, podle jakého klíče jestli se mohu zeptat?
Jinak přes MBR.exe už to hlásí jen jednu věc v sektoru 312...

Váš skript jsem spustil přes Combofix tak se snad provedl.

Mbr.exe log:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JS-60MHB1 rev.10.02E02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 312560640


Nový Combofix log:

ComboFix 11-04-28.01 - HP_DX5150 29.04.2011 15:20:33.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2494.1969 [GMT 2:00]
Spuštěný z: c:\documents and settings\HP_DX5150\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\HP_DX5150\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IOLOFILEINFOLIST
-------\Legacy_IOLOSYSTEMSERVICE
-------\Service_ioloFileInfoList
-------\Service_ioloSystemService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-28 do 2011-04-29 )))))))))))))))))))))))))))))))
.
.
2011-06-05 16:42 . 2011-04-11 21:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-04-29 12:17 . 2011-04-29 12:17 -------- d---a-w- c:\windows\rundll16.exe
2011-04-29 12:17 . 2011-04-29 12:17 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-04-29 12:17 . 2011-04-29 12:17 -------- d---a-w- c:\windows\logo1_.exe
2011-04-29 12:17 . 2011-04-29 12:17 -------- d---a-w- c:\windows\logo_1.exe
2011-04-29 10:00 . 2009-04-01 19:38 1681920 ----a-w- C:\HxD.exe
2011-04-29 09:08 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{1E1E4D14-3E22-4E50-873F-7402E5F0C4D4}\mpengine.dll
2011-04-28 20:39 . 2011-04-28 20:39 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2011-04-28 20:29 . 2011-04-28 20:29 -------- d-----w- c:\windows\ERUNT
2011-04-28 19:21 . 2011-04-28 19:21 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-28 18:39 . 2011-04-28 18:39 -------- d-----w- c:\documents and settings\HP_DX5150\Local Settings\Data aplikací\GHISLER
2011-04-28 15:06 . 2011-04-28 15:01 58368 ----a-w- c:\windows\MbrFix.exe
2011-04-28 11:38 . 2011-04-28 11:38 -------- d-----w- c:\program files\trend micro
2011-04-27 22:35 . 2011-04-27 22:35 -------- d-----w- c:\program files\ESET
2011-04-27 20:06 . 2011-04-27 20:06 -------- d-----w- c:\documents and settings\HP_DX5150\Local Settings\Data aplikací\Secunia PSI
2011-04-27 20:04 . 2011-04-27 20:04 -------- d-----w- c:\program files\Secunia
2011-04-27 19:12 . 2011-04-27 19:12 -------- d---a-w- c:\windows\VDLL.DLL
2011-04-27 19:12 . 2011-04-27 19:12 -------- d---a-w- c:\windows\system32\runouce.exe
2011-04-27 19:09 . 2011-04-27 19:09 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-04-27 19:09 . 2011-04-27 19:09 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-04-27 19:09 . 2011-04-27 19:09 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-04-27 19:09 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-04-27 19:09 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-04-27 19:09 . 2011-04-27 19:09 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-04-27 19:08 . 2011-04-27 19:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-04-20 12:05 . 2011-04-20 12:05 -------- d-----w- c:\documents and settings\HP_DX5150\DoctorWeb
2011-04-20 10:45 . 2011-04-28 18:30 -------- d-----w- c:\program files\Torpig Removal Tool
2011-04-20 10:41 . 2011-04-20 10:41 -------- d-----w- c:\documents and settings\HP_DX5150\Data aplikací\Malwarebytes
2011-04-20 10:37 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 10:37 . 2011-04-20 10:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-04-20 10:37 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 10:37 . 2011-04-20 10:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-19 08:41 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-18 19:15 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-18 19:07 . 2011-04-18 19:11 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-14 19:19 . 2011-04-14 19:19 -------- d-----w- c:\documents and settings\HP_DX5150\Local Settings\Data aplikací\Axure
2011-04-14 19:18 . 2011-04-14 19:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Axure
2011-04-14 19:18 . 2011-04-14 19:18 -------- d-----w- c:\documents and settings\HP_DX5150\Data aplikací\Axure
2011-04-14 19:18 . 2011-04-14 19:18 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\{013089CD-00C7-4A1B-BDA5-C3CB2E09BD4F}
2011-04-14 19:17 . 2011-04-14 19:17 -------- d-----w- c:\program files\Axure
2011-04-11 21:07 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-11 21:07 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-11 21:07 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-11 21:07 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-11 21:07 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-11 21:07 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-11 21:07 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-11 21:07 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-11 21:07 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-04-11 21:07 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-11 21:06 . 2011-04-11 21:06 -------- d-----w- c:\program files\AVAST Software
2011-04-11 21:06 . 2011-04-11 21:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-04-04 19:04 . 2011-04-04 19:05 -------- d-----w- c:\program files\ICQ7.4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-27 19:28 . 2011-04-27 19:25 7394373 ----a-w- c:\windows\REGBK00.ZIP
2011-03-07 05:33 . 2004-08-18 02:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2004-08-18 02:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2004-08-18 02:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2004-08-18 02:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2004-08-18 02:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2004-08-18 02:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-18 02:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-18 02:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-18 02:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-18 02:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-18 02:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-18 02:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-18 02:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-18 02:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 19:40 . 2010-05-16 07:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:19 . 2008-03-20 20:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2004-08-18 02:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-10-05 17:34 . 2010-01-12 15:38 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_DX5150\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_DX5150\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_DX5150\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"ioloFileInfoList"=2 (0x2)
"ioloSystemService"=2 (0x2)
"UxTuneUp"=2 (0x2)
"SDhelper"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:Remote Desktop
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [12.4.2006 17:03 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [12.4.2006 17:03 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11.4.2011 23:07 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.4.2011 23:07 307288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.4.2011 23:07 19544]
R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [19.5.2006 11:22 15328]
R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [19.5.2006 11:22 13440]
S1 MpKslbeeed01c;MpKslbeeed01c;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{1E1E4D14-3E22-4E50-873F-7402E5F0C4D4}\MpKslbeeed01c.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{1E1E4D14-3E22-4E50-873F-7402E5F0C4D4}\MpKslbeeed01c.sys [?]
S1 sp_rsdrv2;Spyware Terminator Driver 2; [x]
S3 Egatecard;Egatecard;c:\windows\system32\drivers\egate.sys [19.5.2006 11:22 18880]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [12.8.2010 20:20 36640]
S3 GX;GX;c:\docume~1\HP_DX5~1\LOCALS~1\Temp\GX.exe --> c:\docume~1\HP_DX5~1\LOCALS~1\Temp\GX.exe [?]
S3 LC;LC;c:\docume~1\HP_DX5~1\LOCALS~1\Temp\LC.exe --> c:\docume~1\HP_DX5~1\LOCALS~1\Temp\LC.exe [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 10:30 15544]
S3 SliceDisk5;SliceDisk5; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [14.12.2010 20:21 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [14.12.2010 20:21 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [14.12.2010 20:21 121576]
S4 Apache2.2;Apache2.2;c:\dev\prog\Apache2\bin\httpd.exe [10.10.2008 13:39 24636]
S4 PHPGeekUtil;PHPGeekUtil; [x]
S4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [19.4.2011 8:44 993848]
S4 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [19.4.2011 8:44 399416]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
.
2011-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-04-29 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]
.
2011-04-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-06-05 c:\windows\Tasks\User_Feed_Synchronization-{09DFABC5-C6B3-44CB-9EB7-1BF22D3D233C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&r ... :{language}
uStart Page = hxxp://seznam.cz/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Přečti to! - c:\windows\Speech\gbs\Precti_to.htm
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} - hxxp://xtraz.icq.com/xtraz/products/wirelesscl/WirelessContact.cab
FF - ProfilePath - c:\documents and settings\HP_DX5150\Data aplikací\Mozilla\Firefox\Profiles\7ng0epfe.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.google.cz/#hl=cs&lr=lang_cs&q=
FF - prefs.js: network.proxy.ftp - 86.49.121.82
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 86.49.121.82
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 86.49.121.82
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 86.49.121.82
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: InFormEnter: {5546F97E-11A5-46b0-9082-32AD74AAA920} - %profile%\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellExecuteHooks-{0CD68AC9-FF63-3E61-626B-B663E62F6236} - (no file)
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-29 15:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\dev\prog\Mysql\bin\mysqld-nt\" --defaults-file=\"c:\dev\prog\Mysql\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3878110322-869357524-2769158190-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D70B030E-B7CC-15B7-530A-07C3B3F4975B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oakbkkgfpmanfllffkemlonamlijbb"=hex:6a,61,68,6f,6a,64,6b,70,6d,63,70,62,6c,6d,
6c,70,63,66,6c,6d,00,6f
"naabelnepjoipkohncckkflcbfik"=hex:6a,61,68,6f,6a,64,6b,70,6d,63,70,62,6c,6d,
6c,70,63,66,6c,6d,00,6f
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:c5,44,9d,2b,9e,46,1a,e7,46,d5,ba,6d,30,18,38,75,2a,2f,f8,11,80,
b2,9b,df,61,e2,4a,4c,60,41,56,ba,68,2d,c1,1a,87,ae,75,82,92,fe,53,54,1e,8f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c5,44,9d,2b,9e,46,1a,e7,46,d5,ba,6d,30,18,38,75,2a,2f,f8,11,80,
b2,9b,df,61,e2,4a,4c,60,41,56,ba,68,2d,c1,1a,87,ae,75,82,92,fe,53,54,1e,8f,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2544)
c:\windows\system32\msi.dll
c:\documents and settings\HP_DX5150\Data aplikací\Dropbox\bin\DropboxExt.13.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Ahead\lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Nero\Nero 7\Nero BackItUp\NBShell.dll
c:\program files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
c:\program files\WinRAR\rarext.dll
c:\progra~1\TUNEUP~1\SDShelEx-win32.dll
c:\windows\system32\erasext.dll
c:\windows\system32\ERASER.dll
c:\progra~1\MI239C~1\shellext.dll
c:\program files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
c:\program files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.cze
c:\windows\system32\CmdLineExt03.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-04-29 15:55:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-29 13:55
.
Před spuštěním: Volných bajtů: 62 519 582 720
Po spuštění: Volných bajtů: 62 849 069 056
.
- - End Of File - - 2976583D97958B870E7FA2F812759FA2

Re: Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 29 dub 2011 17:41
od motji
:arrow: Mám pocit, že 32. a 33.sektor je ok, tam si programy něco ukládají. Ale jestli to chcete risknout, zkuste to. Opravte 1-62., ale víc ne :!:
1-3 je kopie 0.sektoru, přiznám se že to jsem nikdy neviděla, jestli to chcete zkusit opravit :) .
:!: 0. sektor a 63.-64. se neopravuje :!:


Pak restartujte a doufejte, že systém naběhne :D . určitě si udělejte zase zálohu.


:arrow: Máte instalační cd? Pokud ano, tak z konzole zotavení udělejte ještě fixmbr.

:arrow: Půjdete na konzolu zotavení a zadáte příkaz
fixmbr \device\harddisk0

-přesně takto, za FIXMBR je mezera


A pak napište, ještě něco domažeme přes combofix .

Re: Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 29 dub 2011 19:23
od filip610
Sektory v rozsahu přepsány - vše Ok, systém po restartu naběhl v pořádku.

Fixmbr přes konzolu - provedeno, taky Ok.
http://www.tipypropc.cz/konzola-pro-zot ... a-fixboot/

pořád ale zůstává "copy of MBR has been found in sector 312560640"..

Re: Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 29 dub 2011 19:32
od motji
Můžete ten sektor zkusit najít, ale to bude jen zbytek. Pro jistotu udělejte ještě gmer.

:arrow: Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

Re: Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 30 dub 2011 12:31
od filip610
Gmer spuštění log - normální režim:

GMER 1.0.15.15572 - http://www.gmer.net
Rootkit quick scan 2011-04-30 11:31:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JS-60MHB1 rev.10.02E02
Running: gmer.exe; Driver: C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\pxtdipob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB5381BD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB5381A3D]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 8A981328
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A981328
Device \Driver\atapi \Device\Ide\IdePort1 8A981328
Device \Driver\atapi \Device\Ide\IdePort2 8A981328
Device \Driver\atapi \Device\Ide\IdePort3 8A981328
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 8A981328
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 8A62A008
Device \Driver\d347prt \Device\Scsi\d347prt1 8A62A008
Device \FileSystem\Ntfs \Ntfs 8A8CF418

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat 89F5ED20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Modules - GMER 1.0.15 ----

Module _________ B9EEB000-B9F03000 (98304 bytes)

---- EOF - GMER 1.0.15 ----


Gmer spuštění log - nouzový režim:

GMER 1.0.15.15572 - http://www.gmer.net
Rootkit quick scan 2011-04-30 11:56:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JS-60MHB1 rev.10.02E02
Running: gmer.exe; Driver: C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\pxtdipob.sys


---- System - GMER 1.0.15 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF75922A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF759D910]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 8A6BF4B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A6BF4B8
Device \Driver\atapi \Device\Ide\IdePort1 8A6BF4B8
Device \Driver\atapi \Device\Ide\IdePort2 8A6BF4B8
Device \Driver\atapi \Device\Ide\IdePort3 8A6BF4B8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 8A6BF4B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 8A69A3C8
Device \Driver\d347prt \Device\Scsi\d347prt1 8A69A3C8
Device \FileSystem\Ntfs \Ntfs 8A7ACFB0
Device \FileSystem\Fastfat \Fat 8A494310

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

---- Modules - GMER 1.0.15 ----

Module _________ F747A000-F7492000 (98304 bytes)

---- EOF - GMER 1.0.15 ----



Gmer scan log - nouzový:

GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-04-30 12:49:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD1600JS-60MHB1 rev.10.02E02
Running: gmer.exe; Driver: C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\pxtdipob.sys


---- System - GMER 1.0.15 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF759D818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF759D7D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF7591A20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF75922A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF759D910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF759D794]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF75922C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF759D866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF759D0B0]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A7ACFB0
Device \FileSystem\Fastfat \FatCdrom 8A494310

AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

Device \Driver\Cdrom \Device\CdRom0 8A6BF3B0
Device \FileSystem\Rdbss \Device\FsWrap 8A5F8660
Device \Driver\atapi \Device\Ide\IdePort0 8A6BF4B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A6BF4B8
Device \Driver\atapi \Device\Ide\IdePort1 8A6BF4B8
Device \Driver\atapi \Device\Ide\IdePort2 8A6BF4B8
Device \Driver\atapi \Device\Ide\IdePort3 8A6BF4B8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 8A6BF4B8
Device \Driver\Cdrom \Device\CdRom1 8A6BF3B0
Device \FileSystem\Srv \Device\LanmanServer 8A47FD38
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A7747D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A7747D8
Device \FileSystem\Npfs \Device\NamedPipe 8A69AE80
Device \FileSystem\Msfs \Device\Mailslot 8A6B6550
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 8A69A3C8
Device \Driver\d347prt \Device\Scsi\d347prt1 8A69A3C8
Device \FileSystem\Fastfat \Fat 8A494310

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A823D68
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A823D68
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A823D68
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A823D68
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A823D68
Device \FileSystem\Cdfs \Cdfs 8A5FFFB0

---- Modules - GMER 1.0.15 ----

Module _________ F747A000-F7492000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a273
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a273@0015a83d1716 0xE0 0x25 0xD4 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a273@001979bf2817 0xE6 0x89 0xBC 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a273@8c541dda3e1b 0x7D 0x24 0x3C 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b107a273 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b107a273@0015a83d1716 0xE0 0x25 0xD4 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b107a273@001979bf2817 0xE6 0x89 0xBC 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b107a273@8c541dda3e1b 0x7D 0x24 0x3C 0x53 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA920107747706000000000040\Usage@AcrobatElements 1050547673
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xC5 0x44 0x9D 0x2B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D70B030E-B7CC-15B7-530A-07C3B3F4975B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D70B030E-B7CC-15B7-530A-07C3B3F4975B}@oakbkkgfpmanfllffkemlonamlijbb 0x6A 0x61 0x68 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D70B030E-B7CC-15B7-530A-07C3B3F4975B}@naabelnepjoipkohncckkflcbfik 0x6A 0x61 0x68 0x6F ...

---- EOF - GMER 1.0.15 ----


Mwav scan:

30 IV 2011 12:05:52 - **********************************************************
30 IV 2011 12:05:52 - eScan AntiVirus & Spyware Toolkit Utility.
30 IV 2011 12:05:52 - Copyright © MicroWorld Technologies
30 IV 2011 12:05:52 - **********************************************************
30 IV 2011 12:05:52 - Source: C:\Filip\Údržba\Install\mwav.exe
30 IV 2011 12:05:52 - Version 12.0.128 (C:\DOCUMENTS AND SETTINGS\HP_DX5150\LOCAL SETTINGS\TEMP\MEXETMP.EX~)
30 IV 2011 12:05:52 - Log File: C:\Documents and Settings\HP_DX5150\Local Settings\temp\MWAV.LOG
30 IV 2011 12:05:52 - Last Scan Date and Time: 29.04.2011 14:16:40
30 IV 2011 12:05:52 - MWAV Registered: TRUE
30 IV 2011 12:05:52 - User Account: HP_DX5150 (Administrator Mode)
30 IV 2011 12:05:52 - OS Type: Windows Workstation
30 IV 2011 12:05:52 - OS: Windows XP [OS Install Date: 15 Dec 2005 01:58:31]
30 IV 2011 12:05:52 - Ver: Service Pack 3 (Build 2600)
30 IV 2011 12:05:52 - System Up Time: 12 Minutes, 4 Seconds

30 IV 2011 12:05:52 - Windows Root Folder: C:\WINDOWS
30 IV 2011 12:05:52 - Windows Sys32 Folder: C:\WINDOWS\system32
30 IV 2011 12:05:52 - Local Fixed Drives: c:\
30 IV 2011 12:05:52 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

30 IV 2011 12:05:52 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ******

30 IV 2011 12:05:52 - C:\WINDOWS\avastSS.scr (40112), 18-Apr-2011, AVAST Software, avast! Antivirus
30 IV 2011 12:05:52 - C:\WINDOWS\MBR.exe (89088), 27-Apr-2011
30 IV 2011 12:05:52 - C:\WINDOWS\MbrFix.exe (58368), 28-Apr-2011, Systemintegrasjon AS, MbrFix Application
30 IV 2011 12:05:52 - C:\WINDOWS\MbrFix.htm (7622), 28-Apr-2011
30 IV 2011 12:05:52 - C:\WINDOWS\NIRCMD.exe (31232), 29-Apr-2011, NirSoft, NirCmd
30 IV 2011 12:05:52 - C:\WINDOWS\R.COM (147968), 27-Apr-2011, Microsoft Corporation, Microsoft® Windows® Operating System
30 IV 2011 12:05:52 - C:\WINDOWS\SWREG.exe (161792), 27-Apr-2011, SteelWerX, SteelWerX Registry Editor
30 IV 2011 12:05:52 - C:\WINDOWS\SWSC.exe (136704), 27-Apr-2011, SteelWerX, SteelWerX Service Controller
30 IV 2011 12:05:52 - C:\WINDOWS\SWXCACLS.exe (212480), 27-Apr-2011, SteelWerX, SteelWerX Extended Configurator ACLists
30 IV 2011 12:05:52 - C:\WINDOWS\system32\aswBoot.exe (199304), 18-Apr-2011, AVAST Software, avast! Antivirus
30 IV 2011 12:05:52 - C:\WINDOWS\system32\eEmpty.exe (34048), 27-Apr-2011, MicroWorld Technologies Inc., eScan For Windows
30 IV 2011 12:05:52 - C:\WINDOWS\system32\MpSigStub.exe (222080), 18-Apr-2011, Microsoft Corporation, Microsoft Malware Protection

30 IV 2011 12:05:52 - C:\WINDOWS\system32\MRT.exe (42181064), 18-Apr-2011, Microsoft Corporation, Nástroj pro odstranění škodlivého softwaru systému Microsoft Windows

30 IV 2011 12:05:52 - C:\WINDOWS\system32\T.COM (137216), 27-Apr-2011, Microsoft Corporation, Microsoft(R) Windows (R) 2000 Operating System

30 IV 2011 12:05:52 - C:\WINDOWS\system32\TASKMGR.COM (137216), 30-Apr-2011, Microsoft Corporation, Microsoft(R) Windows (R) 2000 Operating System

30 IV 2011 12:05:52 - C:\HxD.exe (1681920), 29-Apr-2011, Maël Hörz, HxD
30 IV 2011 12:05:52 - C:\WINDOWS\system32\dllcache\user32.dll (578560), 28-Apr-2011, Microsoft Corporation, Operační systém Microsoft® Windows®

30 IV 2011 12:05:52 - C:\WINDOWS\system32\drivers\aavmker4.sys (30680), 18-Apr-2011, AVAST Software, avast! Antivirus System
30 IV 2011 12:05:52 - C:\WINDOWS\system32\drivers\aswFsBlk.sys (19544), 18-Apr-2011, AVAST Software, avast! Antivirus System
30 IV 2011 12:05:52 - C:\WINDOWS\system32\drivers\aswmon.sys (96344), 18-Apr-2011, AVAST Software, avast! Antivirus System
30 IV 2011 12:05:52 - C:\WINDOWS\system32\drivers\aswmon2.sys (102488), 18-Apr-2011, AVAST Software, avast! Antivirus System

30 IV 2011 12:05:52 - C:\WINDOWS\system32\drivers\aswRdr.sys (25432), 18-Apr-2011, AVAST Software, avast! Antivirus System
30 IV 2011 12:05:52 - C:\WINDOWS\system32\drivers\aswSnx.sys (441176), 18-Apr-2011, AVAST Software, avast! Antivirus System
30 IV 2011 12:05:52 - C:\WINDOWS\system32\drivers\aswSP.sys (307288), 18-Apr-2011, AVAST Software, avast! Antivirus System
30 IV 2011 12:05:52 - C:\WINDOWS\system32\drivers\aswTdi.sys (49240), 18-Apr-2011, AVAST Software, avast! Antivirus System
30 IV 2011 12:05:52 - C:\WINDOWS\system32\drivers\mbam.sys (20952), 20-Apr-2011, Malwarebytes Corporation, Malwarebytes' Anti-Malware
30 IV 2011 12:05:52 - C:\WINDOWS\system32\drivers\mbamswissarmy.sys (38224), 20-Apr-2011, Malwarebytes Corporation, Malwarebytes' Anti-Malware
30 IV 2011 12:05:52 - C:\WINDOWS\system32\drivers\tmcomm.sys (190032), 28-Apr-2011, Trend Micro Inc., Trend Micro AEGIS
30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\BACKUP.94556741.mexe.com (2554440), 30-Apr-2011, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)
30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\bdc.exe (91904), 30-Apr-2011, MicroWorld Tech, eScan
30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\bdfltlib2k.dll (231944), 30-Apr-2011, MicroWorld Technologies Inc., eScan for Windows

30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\clean.bat (11), 30-Apr-2011
30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\DEVCON.EXE (61184), 30-Apr-2011, Microsoft Corporation, Microsoft® Windows® Operating System

30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\encdec.dll (180744), 30-Apr-2011, MicroWorld Technologies Inc., eScan/MailScan/eConceal

30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\erootdrv.sys (13832), 30-Apr-2011, MicroWorld Technologies Inc., eScan/MWAV

30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\mexe.com (2554440), 30-Apr-2011, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\msvclnt.dll (240136), 30-Apr-2011, MicroWorld Technologies Inc., MailScan

30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\mwavdwnl.exe (838152), 30-Apr-2011, MicroWorld Technologies Inc., eScan

30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\MWAVSCAN.COM (2554440), 30-Apr-2011, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\red32.dll (10248), 30-Apr-2011, Microsoft Corporation, Microsoft® Windows® Operating System

30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\Reload.exe (375304), 30-Apr-2011, MicroWorld Technologies Inc., eScan for Windows

30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\setpriv.exe (66568), 30-Apr-2011, MicroWorld Technologies Inc., eScan AntiVirus Toolkit Utility

30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\unregx.exe (77832), 30-Apr-2011, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility

30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\UPDLL10.DLL (891912), 30-Apr-2011, MicroWorld Technologies Inc., eScan/MailScan/MWAV

30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\ViewTCP.exe (1680904), 30-Apr-2011, MicroWorld Technologies Inc., ViewTCP



30 IV 2011 12:05:52 - C:\WINDOWS\$hf_mig$, 15-Dec-2005 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\$MSI31Uninstall_KB893803v2$, 23-Jan-2006 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$, 24-Feb-2008 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$, 24-Feb-2008 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\$NtUninstallMSCompPackV1$, 03-Nov-2006 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\$NtUninstallWgaNotify$, 04-Apr-2006 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\$NtUninstallWIC$, 05-Feb-2008 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\$NtUninstallWMFDist11$, 03-Nov-2006 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\$NtUninstallwmp11$, 21-Jan-2008 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\$NtUninstallWudf01000$, 03-Nov-2006 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\ERDNT, 27-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\ERUNT, 28-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\Fonts, 15-Dec-2005 [SR] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\ftpcache, 11-Mar-2006 [HS] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\ie7, 25-Feb-2008 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\ie8, 06-May-2010 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\inf, 15-Dec-2005 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\logo_1.exe, 29-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\msdownld.tmp, 12-Jan-2005 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\PIF, 13-Mar-2006 [H] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\RUNDL132.EXE, 29-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\VDLL.DLL, 27-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\system32\dllcache, 15-Dec-2005 [HSR] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\system32\Microsoft, 15-Dec-2005 [S] [Folder]
30 IV 2011 12:05:52 - C:\WINDOWS\system32\runouce.exe, 27-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Qoobox, 29-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\AVCBack, 30-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\FtpTemp, 30-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\FtpTempF, 30-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\LOCK, 30-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\Log, 30-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\plugins, 30-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\tmp000018e3, 30-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\tmp00001a26, 30-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\WPDNSE, 30-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\Axure, 14-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\Malwarebytes, 20-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\Microsoft, 14-Dec-2005 [S] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\WinRAR, 28-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\Data aplikací, 14-Dec-2005 [HR] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\DoctorWeb, 20-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\IECompatCache, 13-Dec-2009 [HS] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\IETldCache, 31-May-2009 [HS] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\Local Settings, 14-Dec-2005 [H] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\Okolní síť, 14-Dec-2005 [H] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\Okolní tiskárny, 14-Dec-2005 [H] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\PrivacIE, 04-Jun-2009 [HS] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\Recent, 28-Apr-2011 [HR] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\SendTo, 14-Dec-2005 [HR] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\UserData, 10-Jan-2005 [HS] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\HP_DX5150\Data aplikací\..\Šablony, 14-Dec-2005 [H] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\All Users\Data aplikací\Axure, 14-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\All Users\Data aplikací\Malwarebytes, 20-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\All Users\Data aplikací\Microsoft, 15-Dec-2005 [S] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\All Users\Data aplikací\MicroWorld, 27-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\All Users\Data aplikací\{013089CD-00C7-4A1B-BDA5-C3CB2E09BD4F}, 14-Apr-2011 [H] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\All Users\Data aplikací\..\Data aplikací, 15-Dec-2005 [HR] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\All Users\Data aplikací\..\DRM, 15-Dec-2005 [HS] [Folder]
30 IV 2011 12:05:52 - C:\Documents and Settings\All Users\Data aplikací\..\Šablony, 15-Dec-2005 [H] [Folder]
30 IV 2011 12:05:52 - C:\Program Files\Axure, 14-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Program Files\ESET, 27-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Program Files\Malwarebytes' Anti-Malware, 20-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Program Files\Microsoft Security Client, 18-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Program Files\QuickTime, 22-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Program Files\Secunia, 27-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Program Files\Torpig Removal Tool, 20-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Program Files\trend micro, 28-Apr-2011 [Folder]
30 IV 2011 12:05:52 - C:\Program Files\WindowsUpdate, 15-Dec-2005 [H] [Folder]
30 IV 2011 12:05:52 - C:\Program Files\Zero G Registry, 03-Jun-2008 [H] [Folder]
30 IV 2011 12:05:52 - C:\Program Files\Common Files\MicroWorld, 27-Apr-2011 [Folder]


30 IV 2011 12:05:52 - *********************************************************************************************

30 IV 2011 12:05:52 - Command Line Options Given: /xsign

30 IV 2011 12:06:00 - Scheduler Service not enabled. Scheduler Feature Disabled.



30 IV 2011 12:06:00 - **********************************************************

30 IV 2011 12:06:00 - eScan AntiVirus & Spyware Toolkit Utility.
30 IV 2011 12:06:00 - Copyright © MicroWorld Technologies
30 IV 2011 12:06:00 -
30 IV 2011 12:06:00 - Support: support@escanav.com

30 IV 2011 12:06:00 - Web: http://www.escanav.com

30 IV 2011 12:06:00 - **********************************************************

30 IV 2011 12:06:00 - Version 12.0.128[DB] (C:\DOCUMENTS AND SETTINGS\HP_DX5150\LOCAL SETTINGS\TEMP\MEXETMP.EX~)
30 IV 2011 12:06:00 - Log File: C:\Documents and Settings\HP_DX5150\Local Settings\temp\MWAV.LOG
30 IV 2011 12:06:00 - User Account: HP_DX5150 (Administrator Mode)
30 IV 2011 12:06:00 - Windows Root Folder: C:\WINDOWS
30 IV 2011 12:06:00 - Windows Sys32 Folder: C:\WINDOWS\system32
30 IV 2011 12:06:00 - OS: Windows XP [OS Install Date: 15 Dec 2005 01:58:31]
30 IV 2011 12:06:00 - Ver: Service Pack 3 (Build 2600)
30 IV 2011 12:06:00 - Latest Date of files inside MWAV: Sat Apr 30 12:09:21 2011.
30 IV 2011 12:06:00 - Plugins FileCount: 791 Sign Version: 7.37297

30 IV 2011 12:06:00 - Options Selected by User:
30 IV 2011 12:06:00 - Memory Check: Enabled
30 IV 2011 12:06:00 - Registry Check: Enabled
30 IV 2011 12:06:00 - StartUp Folder Check: Enabled
30 IV 2011 12:06:00 - System Folder Check: Enabled
30 IV 2011 12:06:00 - Services Check: Enabled
30 IV 2011 12:06:00 - Scan Spyware: Enabled
30 IV 2011 12:06:00 - Drive Check Option Disabled
30 IV 2011 12:06:00 - Folder Check: Enabled
30 IV 2011 12:06:00 - Folder Selected = C:\WINDOWS
30 IV 2011 12:06:00 - SCAN: All_Files

30 IV 2011 12:06:00 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

30 IV 2011 12:06:01 - ***** Scanning Memory Files *****

30 IV 2011 12:07:51 - ***** Scanning Registry Files *****

30 IV 2011 12:08:34 - ***** Scanning StartUp Folders *****

30 IV 2011 12:11:34 - ***** Scanning Service Files *****

30 IV 2011 12:11:37 - ERROR(2)!!! Invalid Entry %SystemRoot%\System32\appmgmts.dll. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt.

30 IV 2011 12:11:39 - ERROR(2)!!! Invalid Entry \??\C:\ComboFix\catchme.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\catchme.

30 IV 2011 12:11:44 - ERROR(2)!!! Invalid Entry C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\GX.exe. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\GX.

30 IV 2011 12:11:49 - ERROR(2)!!! Invalid Entry C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\LC.exe. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\LC.

30 IV 2011 12:11:50 - ERROR(2)!!! Invalid Entry \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{1E1E4D14-3E22-4E50-873F-7402E5F0C4D4}\MpKslbeeed01c.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\MpKslbeeed01c.

30 IV 2011 12:12:08 - ERROR(2)!!! Invalid Entry \??\C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\mbr.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\mbr.

30 IV 2011 12:12:08 - ERROR(2)!!! Invalid Entry \??\C:\DOCUME~1\HP_DX5~1\LOCALS~1\Temp\pxtdipob.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\pxtdipob.



30 IV 2011 12:12:08 - ***** Scanning Registry and File system for Adware/Spyware *****

30 IV 2011 12:12:09 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\HP_DX5~1\LOCALS~1\temp\spydb.avs, Size: 971850]...

30 IV 2011 12:12:09 - Indexed Spyware Databases Successfully Created...


30 IV 2011 12:13:06 - Offending Registry Entry found: HKCU\SOFTWARE\Wget

30 IV 2011 12:13:06 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: Entries Removed.

30 IV 2011 12:13:06 - Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.


30 IV 2011 12:13:06 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE

30 IV 2011 12:13:06 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Entries Removed.

30 IV 2011 12:13:06 - Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.


30 IV 2011 12:13:07 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers

30 IV 2011 12:13:07 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Entries Removed.

30 IV 2011 12:13:07 - Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.


30 IV 2011 12:13:07 - ***** Scanning Registry Files *****

30 IV 2011 12:13:09 - Clearing Temporary sub-folders as Spyware/Adware found in system...

30 IV 2011 12:13:09 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

30 IV 2011 12:13:09 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://seznam.cz/

30 IV 2011 12:13:09 - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome



30 IV 2011 12:13:09 - ***** Scanning System32 Folders *****

30 IV 2011 12:13:27 - Scanning File C:\WINDOWS\NIRCMD.exe

30 IV 2011 12:13:27 - File C:\WINDOWS\NIRCMD.exe infected by "Malware.Win32 (ES)" Virus! Action Taken: File Renamed.


30 IV 2011 12:18:57 - ScanFile took 5.52 Secs [C:\WINDOWS\system32\MRT.exe]...
30 IV 2011 12:40:31 - ScanFile took 5.23 Secs [C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\mshtmled.dll]...
30 IV 2011 12:41:38 - ScanFile took 5.00 Secs [C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\mstime.dll]...
30 IV 2011 12:43:38 - ScanFile took 5.25 Secs [C:\WINDOWS\$hf_mig$\KB938464\update\update_SP3QFE.inf]...
30 IV 2011 13:07:24 - ScanFile took 5.11 Secs [C:\WINDOWS\$NtUninstallKB918899$\mshtmled.dll]...
30 IV 2011 13:14:03 - ScanFile took 5.50 Secs [C:\WINDOWS\$NtUninstallKB931768$\wininet.dll]...
30 IV 2011 13:16:59 - ScanFile took 5.34 Secs [C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll]...


30 IV 2011 13:26:49 - ***** Scanning complete. *****

30 IV 2011 13:26:49 - Total Objects Scanned: 80622
30 IV 2011 13:26:49 - Total Critical Objects: 4
30 IV 2011 13:26:49 - Total Disinfected Objects: 0
30 IV 2011 13:26:49 - Total Objects Renamed: 1
30 IV 2011 13:26:49 - Total Deleted Objects: 3
30 IV 2011 13:26:49 - Total Errors: 7
30 IV 2011 13:26:49 - Time Elapsed: 01:20:39
30 IV 2011 13:26:49 - Virus Database Date: 30 Apr 2011
30 IV 2011 13:26:49 - Virus Database Count: 7188382

30 IV 2011 13:26:49 - Scan Completed.



---------

Ještě jsem to projel přes MWAV, den dva zpět to házelo že vše čisté, teď jsem to připojil na net
aby se aktualizovala databáze + abych zjistil jestli se něco nenatahuje do PC pořád.. a něco to detekovalo,
bud se tam natahuje něco z internetu nebo to souvisí s těma čistícíma utilitama, nic jiného než jste doporučovala
jsem, ale nespouštěl..
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.
File C:\WINDOWS\NIRCMD.exe infected by "Malware.Win32 (ES)" Virus! Action Taken: File Renamed.
Ještě bych se chtěl zeptat - podobný problém s MBR jsem zjistil i na dalším počítači s Win 7,
můžu aplikovat stejný postup pro čištění? Pročistit sektory 1 - 62, vyjma 33, 32 + fixmbr z konzole?

Dnes už u PC bohužel nebudu, ale zítra bych odepsal co nejdříve.

Re: Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 30 dub 2011 16:46
od motji
Na win můžete pustit combofix a mbr.exe c- sken, založte nový topic pro Motji a vložte mi tam logy. Nic víc zatím nedělejte. U čištění sektorů na win7 bych byla opatrnější, mám pocit, že tam si víc programů zapisuje něco do mbr sektoru. A fixmbr z konzole neuděláte, win7 to mají trošku jinak, tak na mě raději počkejte :) .
Já tu zítra budu jen chviličku ráno, tak do 9.hodin a pak až v noci od 9. hodin :D

:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Regnull::
[HKEY_USERS\S-1-5-21-3878110322-869357524-2769158190-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D70B030E-B7CC-15B7-530A-07C3B3F4975B}*]

Driver::
SliceDisk5
GX
LC

File::
c:\docume~1\HP_DX5~1\LOCALS~1\Temp\GX.exe
c:\docume~1\HP_DX5~1\LOCALS~1\Temp\LC.exe
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


:arrow: Mwaw už není co býval, navíc je poněkud paranoidní, já ho už nerada používám :( . Na mbr rootkity je ještě dobrý web cureit.

:arrow: Stahněte dr. Web CureIt http://www.viry.cz/forum/viewtopic.php?f=29&t=47721
-udělejte sken , co najde nechte léčit, smazat
-sken může trvat několik hodin
-Soubor/Uložit výsledky - uložíte jako textovy soubor a zkopírujete zde

Re: Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 02 kvě 2011 07:11
od filip610
Combofix:


ComboFix 11-04-28.01 - HP_DX5150 01.05.2011 12:53:41.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2494.1991 [GMT 2:00]
Spuštěný z: c:\documents and settings\HP_DX5150\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\HP_DX5150\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\docume~1\HP_DX5~1\LOCALS~1\Temp\GX.exe"
"c:\docume~1\HP_DX5~1\LOCALS~1\Temp\LC.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GX
-------\Legacy_LC
-------\Legacy_SLICEDISK5
-------\Service_SliceDisk5
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-01 do 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-06-05 16:42 . 2011-04-11 21:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-05-01 10:38 . 2011-05-01 10:38 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{147F91DE-EFCE-4F9E-8401-0B210C771789}\MpKsl880cc629.sys
2011-04-29 14:41 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{147F91DE-EFCE-4F9E-8401-0B210C771789}\mpengine.dll
2011-04-29 12:17 . 2011-04-29 12:17 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-04-29 12:17 . 2011-04-29 12:17 -------- d---a-w- c:\windows\logo_1.exe
2011-04-29 10:00 . 2009-04-01 19:38 1681920 ----a-w- C:\HxD.exe
2011-04-28 20:39 . 2011-04-28 20:39 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2011-04-28 20:29 . 2011-04-28 20:29 -------- d-----w- c:\windows\ERUNT
2011-04-28 19:21 . 2011-04-28 19:21 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-28 18:39 . 2011-04-28 18:39 -------- d-----w- c:\documents and settings\HP_DX5150\Local Settings\Data aplikací\GHISLER
2011-04-28 15:06 . 2011-04-28 15:01 58368 ----a-w- c:\windows\MbrFix.exe
2011-04-28 11:38 . 2011-04-28 11:38 -------- d-----w- c:\program files\trend micro
2011-04-27 22:35 . 2011-04-27 22:35 -------- d-----w- c:\program files\ESET
2011-04-27 20:06 . 2011-04-27 20:06 -------- d-----w- c:\documents and settings\HP_DX5150\Local Settings\Data aplikací\Secunia PSI
2011-04-27 20:04 . 2011-04-27 20:04 -------- d-----w- c:\program files\Secunia
2011-04-27 19:12 . 2011-04-27 19:12 -------- d---a-w- c:\windows\VDLL.DLL
2011-04-27 19:12 . 2011-04-27 19:12 -------- d---a-w- c:\windows\system32\runouce.exe
2011-04-27 19:09 . 2011-04-27 19:09 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-04-27 19:09 . 2011-04-27 19:09 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-04-27 19:09 . 2011-04-27 19:09 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-04-27 19:09 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-04-27 19:09 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-04-27 19:09 . 2011-04-27 19:09 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-04-27 19:08 . 2011-04-27 19:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-04-20 12:05 . 2011-04-20 12:05 -------- d-----w- c:\documents and settings\HP_DX5150\DoctorWeb
2011-04-20 10:45 . 2011-04-28 18:30 -------- d-----w- c:\program files\Torpig Removal Tool
2011-04-20 10:41 . 2011-04-20 10:41 -------- d-----w- c:\documents and settings\HP_DX5150\Data aplikací\Malwarebytes
2011-04-20 10:37 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 10:37 . 2011-04-20 10:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-04-20 10:37 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 10:37 . 2011-04-20 10:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-19 08:41 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-18 19:15 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-18 19:07 . 2011-04-18 19:11 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-14 19:19 . 2011-04-14 19:19 -------- d-----w- c:\documents and settings\HP_DX5150\Local Settings\Data aplikací\Axure
2011-04-14 19:18 . 2011-04-14 19:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Axure
2011-04-14 19:18 . 2011-04-14 19:18 -------- d-----w- c:\documents and settings\HP_DX5150\Data aplikací\Axure
2011-04-14 19:18 . 2011-04-14 19:18 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\{013089CD-00C7-4A1B-BDA5-C3CB2E09BD4F}
2011-04-14 19:17 . 2011-04-14 19:17 -------- d-----w- c:\program files\Axure
2011-04-11 21:07 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-11 21:07 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-11 21:07 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-11 21:07 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-11 21:07 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-11 21:07 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-11 21:07 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-11 21:07 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-11 21:07 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-04-11 21:07 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-11 21:06 . 2011-04-11 21:06 -------- d-----w- c:\program files\AVAST Software
2011-04-11 21:06 . 2011-04-11 21:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-04-04 19:04 . 2011-04-04 19:05 -------- d-----w- c:\program files\ICQ7.4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-27 19:28 . 2011-04-27 19:25 7394373 ----a-w- c:\windows\REGBK00.ZIP
2011-03-07 05:33 . 2004-08-18 02:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2004-08-18 02:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2004-08-18 02:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2004-08-18 02:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2004-08-18 02:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2004-08-18 02:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-18 02:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-18 02:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-18 02:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-18 02:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-18 02:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-18 02:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-18 02:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-18 02:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 19:40 . 2010-05-16 07:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:19 . 2008-03-20 20:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2004-08-18 02:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-10-05 17:34 . 2010-01-12 15:38 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_DX5150\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_DX5150\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_DX5150\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.ex\0SsiEfr.e\0SsiEfr.e\0SsiEfr.e\0SsiEfr.e\0SsiEfr.ex\0SsiEfr.ex
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"ioloFileInfoList"=2 (0x2)
"ioloSystemService"=2 (0x2)
"UxTuneUp"=2 (0x2)
"SDhelper"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:Remote Desktop
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [12.4.2006 17:03 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [12.4.2006 17:03 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11.4.2011 23:07 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.4.2011 23:07 307288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.4.2011 23:07 19544]
R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [19.5.2006 11:22 15328]
R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [19.5.2006 11:22 13440]
S1 MpKsl880cc629;MpKsl880cc629;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{147F91DE-EFCE-4F9E-8401-0B210C771789}\MpKsl880cc629.sys [1.5.2011 12:38 28752]
S1 MpKslc8bc80eb;MpKslc8bc80eb;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{147F91DE-EFCE-4F9E-8401-0B210C771789}\MpKslc8bc80eb.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{147F91DE-EFCE-4F9E-8401-0B210C771789}\MpKslc8bc80eb.sys [?]
S1 sp_rsdrv2;Spyware Terminator Driver 2; [x]
S3 Egatecard;Egatecard;c:\windows\system32\drivers\egate.sys [19.5.2006 11:22 18880]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [12.8.2010 20:20 36640]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 10:30 15544]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [14.12.2010 20:21 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [14.12.2010 20:21 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [14.12.2010 20:21 121576]
S4 Apache2.2;Apache2.2;c:\dev\prog\Apache2\bin\httpd.exe [10.10.2008 13:39 24636]
S4 PHPGeekUtil;PHPGeekUtil; [x]
S4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [19.4.2011 8:44 993848]
S4 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [19.4.2011 8:44 399416]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
.
2011-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-04-30 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]
.
2011-05-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-06-05 c:\windows\Tasks\User_Feed_Synchronization-{09DFABC5-C6B3-44CB-9EB7-1BF22D3D233C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&r ... :{language}
uStart Page = hxxp://seznam.cz/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Přečti to! - c:\windows\Speech\gbs\Precti_to.htm
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} - hxxp://xtraz.icq.com/xtraz/products/wirelesscl/WirelessContact.cab
FF - ProfilePath - c:\documents and settings\HP_DX5150\Data aplikací\Mozilla\Firefox\Profiles\7ng0epfe.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.google.cz/#hl=cs&lr=lang_cs&q=
FF - prefs.js: network.proxy.ftp - 86.49.121.82
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 86.49.121.82
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 86.49.121.82
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 86.49.121.82
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: InFormEnter: {5546F97E-11A5-46b0-9082-32AD74AAA920} - %profile%\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-01 13:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\dev\prog\Mysql\bin\mysqld-nt\" --defaults-file=\"c:\dev\prog\Mysql\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:c5,44,9d,2b,9e,46,1a,e7,46,d5,ba,6d,30,18,38,75,2a,2f,f8,11,80,
b2,9b,df,61,e2,4a,4c,60,41,56,ba,68,2d,c1,1a,87,ae,75,82,92,fe,53,54,1e,8f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c5,44,9d,2b,9e,46,1a,e7,46,d5,ba,6d,30,18,38,75,2a,2f,f8,11,80,
b2,9b,df,61,e2,4a,4c,60,41,56,ba,68,2d,c1,1a,87,ae,75,82,92,fe,53,54,1e,8f,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\msi.dll
c:\documents and settings\HP_DX5150\Data aplikací\Dropbox\bin\DropboxExt.13.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Celkový čas: 2011-05-01 13:29:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-01 11:28
.
Před spuštěním: Volných bajtů: 62 439 366 656
Po spuštění: Volných bajtů: 62 790 385 664
.
- - End Of File - - EB5EEC4AA3CFAF9D7CDD7327D962035A

Dr. Web Cureit:

RegUBP2b-HP_DX5150.reg;C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Smazán.;
strun.exe.mwt;C:\Filip\Údržba\CLEAN\strun;Tool.StartupRun.122;Smazán.;
A0000104.reg;C:\System Volume Information\_restore{DBEAD42F-ABEB-4F8B-A598-EB64EFD9F1B7}\RP1;Trojan.StartPage.1505;Smazán.;

Re: Prosím o kontrolu logů - torpig, mebroot problém

Napsal: 02 kvě 2011 08:13
od motji
Fajn, jak je na tom počítač?
Promazal jste ty sektory?
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz