Dobrý den. Mám problém ohledně rootkitu MBR:Whistler-C. Když jsem spustil avasta, našel mi tento vir. Jednou jsem tento rootkit již měl, a tak jsem stáhl aswMBR, který mi ale nic nenašel. Mohli byste mi pomoci, jak tento vir smazat? Děkuji.
Zde log z RSIT.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Uživatel at 2011-12-09 18:40:32
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 82 GB (82%) free of 100 GB
Total RAM: 2047 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:52, on 9.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\MSTMON_N.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
E:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
C:\Program Files\Messenger\msmsgs.exe
E:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINDOWS\system32\MSTMON_N.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "E:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "E:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Vyhledat aktualizace.lnk = C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8249694250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8249729937
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 8249 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\ephpmx9p.default
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"smartwebprinting@hp.com"=E:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
E:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
E:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
E:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-17 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-05-24 98304]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"KONICA MINOLTA PagePro 1300WStatusDisplay"=C:\WINDOWS\system32\MSTMON_N.EXE [2004-11-25 151552]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe [2004-03-10 406016]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]
"SpywareTerminator"=E:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2011-09-17 2216960]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"RemoTerm.exe"=C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe [2010-06-10 226576]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SpywareTerminatorUpdate"=E:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe [2011-11-22 3318784]
"Skype"=E:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Vyhledat aktualizace.lnk - C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
C:\Documents and Settings\Uživatel\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-05-25 188416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"E:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="E:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="E:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="E:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"E:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="E:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"E:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="E:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"E:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="E:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"E:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="E:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"E:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="E:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"E:\Program Files\PCTV Systems\TVCenter\TVCenter.exe"="E:\Program Files\PCTV Systems\TVCenter\TVCenter.exe:*:Enabled:PCTV Systems TVCenter"
"C:\Program Files\Common Files\PCTV Systems\PVR\VideoControl.exe"="C:\Program Files\Common Files\PCTV Systems\PVR\VideoControl.exe:*:Enabled:PCTV Systems VideoControl"
"C:\Program Files\Common Files\PCTV Systems\StreamingServer\StrmServer.exe"="C:\Program Files\Common Files\PCTV Systems\StreamingServer\StrmServer.exe:*:Enabled:PCTV Systems DistanTV classic"
"E:\Call of Duty 4 - Modern Warfare\iw3mp.exe"="E:\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"E:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="E:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="E:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="E:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"E:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="E:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.MJPG"=Pvmjpg30.dll
"VIDC.PIM1"=pclepim1.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
======List of files/folders created in the last 1 month======
2011-12-09 18:38:08 ----D---- C:\Program Files\trend micro
2011-12-09 18:38:07 ----D---- C:\rsit
2011-12-06 20:18:04 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-11-29 15:27:39 ----A---- C:\WINDOWS\system32\vbar332.dll
2011-11-29 15:27:34 ----D---- C:\Clarity
2011-11-29 15:27:09 ----SHD---- C:\WINDOWS\ftpcache
2011-11-26 12:41:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania
2011-11-11 22:31:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
======List of files/folders modified in the last 1 month======
2011-12-09 18:38:25 ----D---- C:\WINDOWS\Prefetch
2011-12-09 18:38:08 ----RD---- C:\Program Files
2011-12-09 18:29:56 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\HPAppData
2011-12-09 18:00:47 ----D---- C:\WINDOWS\Temp
2011-12-09 17:58:12 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Skype
2011-12-09 17:55:38 ----D---- C:\WINDOWS
2011-12-09 14:03:11 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-09 14:02:00 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Spyware Terminator
2011-12-09 13:55:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2011-12-08 22:11:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-06 20:23:31 ----D---- C:\WINDOWS\system32\drivers
2011-12-02 20:31:41 ----D---- C:\WINDOWS\system32
2011-12-02 20:31:36 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-11-29 00:17:20 ----D---- C:\WINDOWS\system32\config
2011-11-26 12:40:42 ----D---- C:\WINDOWS\system32\DirectX
2011-11-26 12:40:41 ----RSD---- C:\WINDOWS\assembly
2011-11-15 20:21:45 ----HD---- C:\WINDOWS\inf
2011-11-15 20:06:46 ----SD---- C:\Documents and Settings\Uživatel\Data aplikací\Microsoft
2011-11-11 22:31:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-11-11 13:27:17 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-06-26 218688]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]
R2 MLPTDR_N;MLPTDR_N; \??\C:\WINDOWS\system32\MLPTDR_N.SYS []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-01-10 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-05-25 6554624]
R3 azvusb;Virtual USB Hub; C:\WINDOWS\system32\DRIVERS\azvusb.sys [2009-08-24 44544]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-04-07 105088]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 aswMBR;aswMBR; \??\C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\aswMBR.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-29 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-29 21568]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB28xxBGA;PCTV 330e/800e/880e Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2010-09-01 583552]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2010-09-01 840960]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-05-25 643072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-06-17 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; E:\Program Files\Spyware Terminator\sp_rsser.exe [2011-09-17 496128]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-09-19 75136]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Rootkit MBR:Whistler-C
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Rootkit MBR:Whistler-C
Napsalo mi to, že mám buď nestandartní nebo infikovanou MBR a ptá se mě to, jestli chci více možnosti (y) nebo konec (n). Nevím, co mám udělat.
Omlouvám se. Už sem ten log našel.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fd
Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F11000 fltMgr.sys
0xB9EFA000 KSecDD.sys
0xB9E6D000 Ntfs.sys
0xB9E40000 NDIS.sys
0xB9E26000 Mup.sys
0xBA128000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB974D000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB9739000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9711000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA378000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB96ED000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA380000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB96D3000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xB969D000 \SystemRoot\system32\drivers\smwdm.sys
0xB9679000 \SystemRoot\system32\drivers\portcls.sys
0xBA138000 \SystemRoot\system32\drivers\drmk.sys
0xB9656000 \SystemRoot\system32\drivers\ks.sys
0xB9636000 \SystemRoot\system32\drivers\aeaudio.sys
0xB95D6000 \SystemRoot\system32\drivers\senfilt.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA148000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA548000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB95C2000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA158000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA168000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA3C8000 \SystemRoot\System32\Drivers\ASAPIW2K.sys
0xBA178000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA188000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA7BC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA198000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA55C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB95AB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB959A000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA400000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA410000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA418000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5B6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB953C000 \SystemRoot\system32\DRIVERS\update.sys
0xBA570000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9501000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\azvusb.sys
0xBA5BA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA1F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA218000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA440000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA5C4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6A5000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5C8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA460000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA468000 \SystemRoot\System32\drivers\vga.sys
0xBA5CC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA478000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA488000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9DDE000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAB25F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAB206000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA248000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAB1E0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA258000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAB190000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA4A0000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xAB16E000 \SystemRoot\System32\drivers\afd.sys
0xBA268000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAB14B000 \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
0xAB120000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB7320000 \??\C:\WINDOWS\system32\drivers\pclepci.sys
0xAB0B0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA278000 \SystemRoot\System32\Drivers\Fips.SYS
0xAB063000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB7304000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA288000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAAFF3000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xAB2B6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA388000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBA2C8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAAFB3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5E4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAB1CC000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3D0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA707000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF060000 \SystemRoot\System32\ati2cqag.dll
0xBF131000 \SystemRoot\System32\atikvmag.dll
0xBF1E0000 \SystemRoot\System32\atiok3x2.dll
0xBF260000 \SystemRoot\System32\ati3duag.dll
0xBF9C6000 \SystemRoot\System32\ativvaxx.dll
0xBF640000 \SystemRoot\System32\ATMFD.DLL
0xA84D6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA845E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8179000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA7C8C000 \SystemRoot\system32\drivers\wdmaud.sys
0xA840A000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7A19000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA7C0F000 \??\C:\WINDOWS\system32\MLPTDR_N.SYS
0xBA5DC000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA77AF000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7016000 \SystemRoot\System32\Drivers\HTTP.sys
0x9E908000 \SystemRoot\system32\drivers\kmixer.sys
0x9EBF7000 \??\C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\aswMBR.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 55):
0 System Idle Process
4 System
628 C:\WINDOWS\system32\smss.exe
688 csrss.exe
728 C:\WINDOWS\system32\winlogon.exe
772 C:\WINDOWS\system32\services.exe
784 C:\WINDOWS\system32\lsass.exe
956 C:\WINDOWS\system32\ati2evxx.exe
976 C:\WINDOWS\system32\svchost.exe
1048 svchost.exe
1152 C:\WINDOWS\system32\svchost.exe
1248 svchost.exe
1396 svchost.exe
1404 C:\WINDOWS\system32\ati2evxx.exe
1592 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1748 C:\WINDOWS\explorer.exe
396 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
404 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
428 C:\WINDOWS\system32\MSTMON_N.EXE
436 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
452 C:\Program Files\AVAST Software\Avast\AvastUI.exe
496 E:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe
536 C:\WINDOWS\system32\ctfmon.exe
672 C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe
684 C:\Program Files\Messenger\msmsgs.exe
1112 E:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe
1192 E:\Program Files\Skype\Phone\Skype.exe
1264 E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1580 C:\WINDOWS\system32\spoolsv.exe
2696 svchost.exe
2708 C:\Program Files\OpenOffice.org 3\program\soffice.exe
2836 C:\Program Files\OpenOffice.org 3\program\soffice.bin
2884 C:\WINDOWS\system32\svchost.exe
2896 C:\WINDOWS\system32\svchost.exe
2912 C:\Program Files\Java\jre6\bin\jqs.exe
2948 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3024 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
3256 C:\WINDOWS\system32\svchost.exe
3272 C:\WINDOWS\system32\svchost.exe
3432 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3688 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
3792 E:\Program Files\Spyware Terminator\sp_rsser.exe
3856 C:\WINDOWS\system32\svchost.exe
3992 C:\WINDOWS\system32\searchindexer.exe
2384 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2068 alg.exe
3384 E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3448 E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
2740 E:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
4248 C:\Program Files\Internet Explorer\iexplore.exe
4616 E:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
6132 C:\Program Files\Internet Explorer\iexplore.exe
6072 C:\WINDOWS\system32\searchprotocolhost.exe
5492 searchfilterhost.exe
2776 C:\Documents and Settings\U
\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000018`69e61600 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000030`d3cbae00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000 (NTFS)
PhysicalDrive1 Model Number: SAMSUNGHD103SJ, Rev: 1AJ10001
PhysicalDrive0 Model Number: WDCWD1600JS-00NCB1, Rev: 10.02E02
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: 5F8A245D8AEE2B0224D1DB99B318C20EBA237D5A
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 2112DEB97137CBCC5710EFED18ADC8F308731CFF
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Omlouvám se. Už sem ten log našel.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fd
Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F11000 fltMgr.sys
0xB9EFA000 KSecDD.sys
0xB9E6D000 Ntfs.sys
0xB9E40000 NDIS.sys
0xB9E26000 Mup.sys
0xBA128000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB974D000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB9739000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9711000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA378000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB96ED000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA380000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB96D3000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xB969D000 \SystemRoot\system32\drivers\smwdm.sys
0xB9679000 \SystemRoot\system32\drivers\portcls.sys
0xBA138000 \SystemRoot\system32\drivers\drmk.sys
0xB9656000 \SystemRoot\system32\drivers\ks.sys
0xB9636000 \SystemRoot\system32\drivers\aeaudio.sys
0xB95D6000 \SystemRoot\system32\drivers\senfilt.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA148000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA548000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB95C2000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA158000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA168000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA3C8000 \SystemRoot\System32\Drivers\ASAPIW2K.sys
0xBA178000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA188000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA7BC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA198000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA55C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB95AB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB959A000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA400000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA410000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA418000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5B6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB953C000 \SystemRoot\system32\DRIVERS\update.sys
0xBA570000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9501000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\azvusb.sys
0xBA5BA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA1F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA218000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA440000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA5C4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6A5000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5C8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA460000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA468000 \SystemRoot\System32\drivers\vga.sys
0xBA5CC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA478000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA488000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9DDE000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAB25F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAB206000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA248000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAB1E0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA258000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAB190000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA4A0000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xAB16E000 \SystemRoot\System32\drivers\afd.sys
0xBA268000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAB14B000 \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
0xAB120000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB7320000 \??\C:\WINDOWS\system32\drivers\pclepci.sys
0xAB0B0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA278000 \SystemRoot\System32\Drivers\Fips.SYS
0xAB063000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB7304000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA288000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAAFF3000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xAB2B6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA388000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBA2C8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAAFB3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5E4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAB1CC000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3D0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA707000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF060000 \SystemRoot\System32\ati2cqag.dll
0xBF131000 \SystemRoot\System32\atikvmag.dll
0xBF1E0000 \SystemRoot\System32\atiok3x2.dll
0xBF260000 \SystemRoot\System32\ati3duag.dll
0xBF9C6000 \SystemRoot\System32\ativvaxx.dll
0xBF640000 \SystemRoot\System32\ATMFD.DLL
0xA84D6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA845E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8179000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA7C8C000 \SystemRoot\system32\drivers\wdmaud.sys
0xA840A000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7A19000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA7C0F000 \??\C:\WINDOWS\system32\MLPTDR_N.SYS
0xBA5DC000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA77AF000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7016000 \SystemRoot\System32\Drivers\HTTP.sys
0x9E908000 \SystemRoot\system32\drivers\kmixer.sys
0x9EBF7000 \??\C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\aswMBR.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 55):
0 System Idle Process
4 System
628 C:\WINDOWS\system32\smss.exe
688 csrss.exe
728 C:\WINDOWS\system32\winlogon.exe
772 C:\WINDOWS\system32\services.exe
784 C:\WINDOWS\system32\lsass.exe
956 C:\WINDOWS\system32\ati2evxx.exe
976 C:\WINDOWS\system32\svchost.exe
1048 svchost.exe
1152 C:\WINDOWS\system32\svchost.exe
1248 svchost.exe
1396 svchost.exe
1404 C:\WINDOWS\system32\ati2evxx.exe
1592 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1748 C:\WINDOWS\explorer.exe
396 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
404 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
428 C:\WINDOWS\system32\MSTMON_N.EXE
436 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
452 C:\Program Files\AVAST Software\Avast\AvastUI.exe
496 E:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.Exe
536 C:\WINDOWS\system32\ctfmon.exe
672 C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe
684 C:\Program Files\Messenger\msmsgs.exe
1112 E:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe
1192 E:\Program Files\Skype\Phone\Skype.exe
1264 E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1580 C:\WINDOWS\system32\spoolsv.exe
2696 svchost.exe
2708 C:\Program Files\OpenOffice.org 3\program\soffice.exe
2836 C:\Program Files\OpenOffice.org 3\program\soffice.bin
2884 C:\WINDOWS\system32\svchost.exe
2896 C:\WINDOWS\system32\svchost.exe
2912 C:\Program Files\Java\jre6\bin\jqs.exe
2948 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3024 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
3256 C:\WINDOWS\system32\svchost.exe
3272 C:\WINDOWS\system32\svchost.exe
3432 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3688 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
3792 E:\Program Files\Spyware Terminator\sp_rsser.exe
3856 C:\WINDOWS\system32\svchost.exe
3992 C:\WINDOWS\system32\searchindexer.exe
2384 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2068 alg.exe
3384 E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3448 E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
2740 E:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
4248 C:\Program Files\Internet Explorer\iexplore.exe
4616 E:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
6132 C:\Program Files\Internet Explorer\iexplore.exe
6072 C:\WINDOWS\system32\searchprotocolhost.exe
5492 searchfilterhost.exe
2776 C:\Documents and Settings\U
\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000018`69e61600 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000030`d3cbae00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000 (NTFS)
PhysicalDrive1 Model Number: SAMSUNGHD103SJ, Rev: 1AJ10001
PhysicalDrive0 Model Number: WDCWD1600JS-00NCB1, Rev: 10.02E02
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: 5F8A245D8AEE2B0224D1DB99B318C20EBA237D5A
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 2112DEB97137CBCC5710EFED18ADC8F308731CFF
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Re: Rootkit MBR:Whistler-C
Je to stolní počítač.
Systém je na instalován pouze na samsungu. Na wd nebyl. Je to značené drive0 protože dříve byl systém na jiném disku, který se po té vyndal. A koupil se samsung.
PC se kupovalo sestavené. Sám sem si ho nesestavoval. Už si nepamatuji, jestli sme si komponenty vybírali my, nebo byly určeny výrobcem.
Od té doby se stejně změnily některé komponenty, takže už je to asi jedno.
Systém je na instalován pouze na samsungu. Na wd nebyl. Je to značené drive0 protože dříve byl systém na jiném disku, který se po té vyndal. A koupil se samsung.
PC se kupovalo sestavené. Sám sem si ho nesestavoval. Už si nepamatuji, jestli sme si komponenty vybírali my, nebo byly určeny výrobcem.
Od té doby se stejně změnily některé komponenty, takže už je to asi jedno.
Re: Rootkit MBR:Whistler-C
Disk 1 je systém. Doufám, že když mi přeinstalovávali systém na samsung, že není něco potřebného pro start systému na tom WD.
Re: Rootkit MBR:Whistler-C
Tímhle postupem si smažu co. Já jen aby se mi nesmázla MBR a nepřišel jsem o data.
Edit. Jak si ověřím, jestli je to doopravdy Hard disk 2.
Podle toho drive0 a drive1?
Edit. Jak si ověřím, jestli je to doopravdy Hard disk 2.
Podle toho drive0 a drive1?
Re: Rootkit MBR:Whistler-C
Kód: Vybrat vše
90 31 C0 90 8E D8 8E C0 90 8E D0 BC 00 7C BE 00 7C 90 BF 00 06 90 B9 80 00 90 FC F3 66 A5 90 EA 26 06 00 00 90 90 66 31 C0 90 BE BE 07 B1 04 66 39 44 08 90 72 08 66 8B 44 08 66 03 44 0C 83 C6 10 90 83 2E 8B 06 04 E2 E6 66 09 C0 74 40 66 83 C0 02 90 B9 40 00 BB 00 7C BF 12 07 90 83 2E 8B 06 04 E8 71 00 72 27 66 68 83 C4 14 90 90 66 68 04 46 E2 F9 90 66 68 80 FF D7 30 90 66 68 89 C3 B9 00 90 66 68 BE 00 7C 66 0F 83 73 75 E8 BE BE 07 B1 04 80 3C 80 74 0F 38 2C 0F 85 96 00 83 C6 10 E2 F0 90 CD 18 90 66 8B 44 08 89 E3 B9 01 00 90 E8 22 00 73 0E 8B 4C 02 B8 01 02 90 CD 13 0F 82 8B 00 90 81 3E FE 7D 55 AA 90 0F 85 A0 00 90 EA 00 7C 00 00 90 66 60 90 BB AA 55 B4 41 CD 13 90 73 04 F9 66 61 C3 81 FB 55 AA 75 F6 90 F6 C1 01 74 F0 66 61 90 66 60 6A 00 90 6A 00 66 50 06 90 53 51 90 6A 10 B4 42 90 89 E6 CD 13 61 90 66 61 C3 66 69 DB FD 43 03 00 90 66 81 C3 C3 9E 26 00 90 66 89 D8 90 66 C1 E8 10 90 66 25 FF 00 00 00 90 C3 90 49 6E 76 61 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 62 6C 65 00 90 90 45 72 72 6F 72 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65 6D 00 90 90 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1E 82 69 2A 00 00 00 00 01 01 0F FE FF FF C1 3E 00 00 00 4C A1 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AARe: Rootkit MBR:Whistler-C
Ještě jedna věc, kde najdu start-offset a end-offset?
Re: Rootkit MBR:Whistler-C
Vypadá to, že je ten rootkit pryč. Jenom se chce ještě zeptat, jestli ten vir byl aktivní, nebo jestli tam jenom ležel a nic nedělal.
Re: Rootkit MBR:Whistler-C
Vše se zdá být v pořádku.
Omlouvám se, ale obrázek sem musel ořezat, nechtělo mě to pustit dál.
Omlouvám se, ale obrázek sem musel ořezat, nechtělo mě to pustit dál.
- Přílohy
-
- spravcedisku.JPG (33.34 KiB) Zobrazeno 2478 x
Re: Rootkit MBR:Whistler-C
Jinak Vám děkuji za Váš čas.
Přispějete na provoz fóra?