Rootkit-gen [RtK]

Zpráva

lordbrutus · #1 Příspěvek od **lordbrutus** » 17 úno 2010 23:56

Dobrý den, mohl by mi prosím někdo pomoct s tímto virem (Rootkit-gen [RtK])?
Combofix mi vyskenoval (pomocí návodu v nějakém tématu) tento log.

ComboFix 10-02-12.01 - Radim 17.02.2010 23:23:38.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1557 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100217-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\system32\Dvbpws.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-17 do 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-17 22:18 . 2010-02-17 22:25 -------- d-----w- c:\windows\LastGood
2010-02-17 18:08 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-17 18:08 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-17 18:08 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-17 18:08 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-17 18:06 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-17 18:06 . 2008-04-13 23:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-07 18:20 . 2010-02-07 18:20 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-07 18:19 . 2010-02-07 18:21 -------- d-----w- c:\program files\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 22:26 . 2004-08-03 20:59 792064 ----a-w- c:\windows\system32\drivers\Sfloppy.sys
2010-02-17 22:25 . 2009-04-01 12:55 -------- d-----w- c:\program files\pdfforge Toolbar
2010-02-17 22:17 . 2008-09-19 00:46 16608 ----a-w- c:\windows\gdrv.sys
2010-02-17 16:18 . 2008-09-25 19:23 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-07 18:19 . 2008-09-19 16:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-15 14:10 . 2010-01-15 14:10 -------- d-----w- c:\program files\Application Updater
2010-01-08 14:38 . 2008-09-19 00:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 14:32 . 2009-10-31 18:18 8590 ----a-w- c:\windows\hh.dat
2010-01-05 14:31 . 2009-12-21 15:34 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-01-05 14:31 . 2010-01-05 13:40 -------- d-----w- c:\program files\WinFast
2010-01-05 13:56 . 2010-01-05 13:56 -------- d-----w- c:\program files\Windows Sidebar
2010-01-04 20:08 . 2010-01-04 20:08 -------- d-----w- c:\program files\MSECache
2009-12-30 14:56 . 2009-06-20 07:00 -------- d-----w- c:\program files\ICQ6.5
2009-12-21 17:17 . 2009-12-21 16:49 -------- d-----w- c:\program files\Popisovač CD-DVD
2009-12-21 15:34 . 2009-12-21 15:34 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-11-24 23:54 . 2008-09-19 00:51 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-09-19 00:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-09-19 00:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-09-19 00:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-09-19 00:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-09-19 00:51 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-09-19 00:51 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-09-19 00:51 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-09-19 00:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-22 12:17 . 2009-08-22 12:17 8192 --sha-w- c:\windows\o2cLicStore.bin
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2010-01-08 02:17 700416 ----a-w- c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"SystemExplorer"="c:\program files\System Explorer\SystemExplorer.exe" [2008-08-25 1833472]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"GEST"="c:\program files\GIGABYTE\GEST\run.exe" [2008-09-24 236040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"bgsmsnd.exe"="c:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe" [2006-06-01 106496]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\
monnid32.exe [2008-4-14 28160]

c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\SystemExplorerDisabled
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-9-23 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-21 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.9.2008 1:51 114768]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 11:07 61424]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.9.2008 1:51 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.9.2008 21:21 222968]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [19.9.2008 17:29 3712]
R3 WFLR6654;WinFast DTV1800 H (XC4000);c:\windows\system32\drivers\wfeaglxt.sys [5.1.2010 14:35 433792]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.9.2008 17:18 691696]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [19.9.2008 17:08 55816]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [21.9.2008 13:13 98488]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - Sfloppy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.aukro.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\2tmh8x2b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://novinky.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\2tmh8x2b.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll
AddRemove-FileZilla Client - g:\fillezilla\FileZilla FTP Client\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 23:26
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\windows\TEMP\_avast4_\unp118727595.tmp 2166 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="C146BB61E77C5FC83796352E606A39D7A1CC810C5081B3BDA567DA21D24A39391E1486BC18D13255953F14208C49AF760C416AD7C7B2DD05160F23A949214599BC04368A8C06E5C23E37F72EE80F16D58FE2E69CC19837D039D8446186263F507F0D83BF85758710D9278606091AF3F9382BA861483167CFA2311EC6AB9708571FAB1BF5D93F549EE2BA587B180C8550E61857CFFBBE469639860400EC78B708A35F1F69F249C0B1AA25FC03D4483C25512A8D3810C6639AB24ABED3129216256C2B24FA4C3B75FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC7933A6A0AC4980AC793323B1E68A5BD76C4D628781584B6F0B53D66B79BBF8A65BEBBAE29FB02D5E7EDF1A93B1F9396F796803A823437042FC404612732A3028C80ECE889501808F17938167E47136019DB32CD3AB6533F41B4590383B433271F3BC6C09107F9978639A265F0BF1704CB8B3F8E1B6894E7CA543367B9C416ECA1F531E66AB7245D7C5EB3E0233702CA4EC9DE27C64F11E62A14D1DCA68D07C15CEE2D2F40B95F1036437DF2770535373A15BCCA1D65323C2562A0FEA731696C04BAFDADDD318B05EAA5D06FDD7776FB4818C7AA4B6D7035150563A7216A5195422336E1D2F9DBA6744F31088842D3279FC8493AC301C0651DE012DCC2D8908EAA598A884C9BB6A2CA444421C17B76D654648A434712F1A9C170E5FBA1AC008316A410538D67E3ED0824BC3622FCE9BB054939E89AF98CE1FD0142B50C03CE1EBC8C169310CE4598C573B9FD8F5A0D62762D3555122CF595D28DF4B74896285EEDE62193BA1608229617AC55115CA5E2970AB810004431369FD70E3E3E00E84A50E1F41F857DA248823A00A723AE1982C41F1BF6114D1F86E75F8F82DB90B938E7A2A6DDD6CACCD1BE17D2235996E0CB7DAB110939753AB29F6617334859E8DBA8C6692B3A8A6326929112AE769EC64E68AA8D70B568EEF6BAE4521323FFB7052F3EC8696D48AA98F4611A1ABE34C71EC5D49DD0D1BC1AE998D73B3B1E2CE5D0E208A82F53E102C3C4B666D7747F1A70BA73B4FB5B51DF5ACC56FC013EF349ABC46BE269936625A328D30529358B4201B01583DF17A4574B2D172C109EC3E9241E0BFF29893A0F7C82ABEFD1E5B609309432F1B06BF55814DEB66139DE1F35211AA74CF5FAFDCE96CFA97FD099CB5E3D48E81C10761D89331956B772ADA4E0D36277A872FE71FBC1BA675471BE9E8159345C6ED6240504A281354145FE7BC17D01A22479C1E629E6810C3B0EC95A14FEC8E29BED43F32640E6BAAF0C0209EEB908EEEA3103894E17C6227756CF67BDC1D57083AF1C5E6C655EB277C279ACCA73D4E1B10481F9A7E110CF134DBE80830F4CCF4C7"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Celkový čas: 2010-02-17 23:27:03
ComboFix-quarantined-files.txt 2010-02-17 22:26

Před spuštěním: Volných bajtů: 21 871 284 224
Po spuštění: Volných bajtů: 21 834 153 984

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D4698F9DF3CF6120A63F93E6B56254A8

#2 Příspěvek od **JaRon** » 18 úno 2010 07:59

pouzi CFScript:

Kód: Vybrat vše

File::
c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\monnid32.exe

lordbrutus · #3 Příspěvek od **lordbrutus** » 18 úno 2010 14:18

tak jsem udelal vse podle pokynu a zde je vysledek...

ComboFix 10-02-17.01 - Radim 18.02.2010 14:09:23.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1555 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Radim\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100218-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\monnid32.exe"
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-18 do 2010-02-18 )))))))))))))))))))))))))))))))
.

2010-02-18 12:55 . 2010-02-18 13:12 -------- d-----w- c:\windows\LastGood
2010-02-17 18:08 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-17 18:08 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-17 18:08 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-17 18:08 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-17 18:06 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-17 18:06 . 2008-04-13 23:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-07 18:20 . 2010-02-07 18:20 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-07 18:19 . 2010-02-07 18:21 -------- d-----w- c:\program files\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 13:12 . 2008-09-19 00:46 16608 ----a-w- c:\windows\gdrv.sys
2010-02-18 13:12 . 2004-08-03 20:59 792064 ----a-w- c:\windows\system32\drivers\Sfloppy.sys
2010-02-17 23:05 . 2008-09-25 19:23 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-17 22:25 . 2009-04-01 12:55 -------- d-----w- c:\program files\pdfforge Toolbar
2010-02-07 18:19 . 2008-09-19 16:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-15 14:10 . 2010-01-15 14:10 -------- d-----w- c:\program files\Application Updater
2010-01-08 14:38 . 2008-09-19 00:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 14:32 . 2009-10-31 18:18 8590 ----a-w- c:\windows\hh.dat
2010-01-05 14:31 . 2009-12-21 15:34 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-01-05 14:31 . 2010-01-05 13:40 -------- d-----w- c:\program files\WinFast
2010-01-05 13:56 . 2010-01-05 13:56 -------- d-----w- c:\program files\Windows Sidebar
2010-01-04 20:08 . 2010-01-04 20:08 -------- d-----w- c:\program files\MSECache
2009-12-30 14:56 . 2009-06-20 07:00 -------- d-----w- c:\program files\ICQ6.5
2009-12-21 17:17 . 2009-12-21 16:49 -------- d-----w- c:\program files\Popisovač CD-DVD
2009-12-21 15:34 . 2009-12-21 15:34 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-11-24 23:54 . 2008-09-19 00:51 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-09-19 00:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-09-19 00:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-09-19 00:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-09-19 00:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-09-19 00:51 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-09-19 00:51 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-09-19 00:51 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-09-19 00:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-22 12:17 . 2009-08-22 12:17 8192 --sha-w- c:\windows\o2cLicStore.bin
.

((((((((((((((((((((((((((((( SnapShot@2010-02-17_22.26.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-18 12:35 . 2010-02-18 12:35 16384 c:\windows\Temp\Perflib_Perfdata_4a0.dat
+ 2010-02-18 12:54 . 2010-02-18 12:54 16384 c:\windows\Temp\Perflib_Perfdata_144.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2010-01-08 02:17 700416 ----a-w- c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"SystemExplorer"="c:\program files\System Explorer\SystemExplorer.exe" [2008-08-25 1833472]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="c:\program files\GIGABYTE\GEST\run.exe" [2008-09-24 236040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"bgsmsnd.exe"="c:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe" [2006-06-01 106496]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\
monnid32.exe [2008-4-14 28160]

c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\SystemExplorerDisabled
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-9-23 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-21 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.9.2008 1:51 114768]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 11:07 61424]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.9.2008 1:51 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.9.2008 21:21 222968]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [19.9.2008 17:29 3712]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [19.9.2008 17:08 55816]
R3 WFLR6654;WinFast DTV1800 H (XC4000);c:\windows\system32\drivers\wfeaglxt.sys [5.1.2010 14:35 433792]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.9.2008 17:18 691696]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [21.9.2008 13:13 98488]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - Sfloppy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.aukro.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\2tmh8x2b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://novinky.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\2tmh8x2b.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="C146BB61E77C5FC83796352E606A39D7A1CC810C5081B3BDA567DA21D24A39391E1486BC18D13255953F14208C49AF760C416AD7C7B2DD05160F23A949214599BC04368A8C06E5C23E37F72EE80F16D58FE2E69CC19837D039D8446186263F507F0D83BF85758710D9278606091AF3F9382BA861483167CFA2311EC6AB9708571FAB1BF5D93F549EE2BA587B180C8550E61857CFFBBE469639860400EC78B708A35F1F69F249C0B1AA25FC03D4483C25512A8D3810C6639AB24ABED3129216256C2B24FA4C3B75FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC7933A6A0AC4980AC793323B1E68A5BD76C4D628781584B6F0B53D66B79BBF8A65BEBBAE29FB02D5E7EDF1A93B1F9396F796803A823437042FC404612732A3028C80ECE889501808F17938167E47136019DB32CD3AB6533F41B4590383B433271F3BC6C09107F9978639A265F0BF1704CB8B3F8E1B6894E7CA543367B9C416ECA1F531E66AB7245D7C5EB3E0233702CA4EC9DE27C64F11E62A14D1DCA68D07C15CEE2D2F40B95F1036437DF2770535373A15BCCA1D65323C2562A0FEA731696C04BAFDADDD318B05EAA5D06FDD7776FB4818C7AA4B6D7035150563A7216A5195422336E1D2F9DBA6744F31088842D3279FC8493AC301C0651DE012DCC2D8908EAA598A884C9BB6A2CA444421C17B76D654648A434712F1A9C170E5FBA1AC008316A410538D67E3ED0824BC3622FCE9BB054939E89AF98CE1FD0142B50C03CE1EBC8C169310CE4598C573B9FD8F5A0D62762D3555122CF595D28DF4B74896285EEDE62193BA1608229617AC55115CA5E2970AB810004431369FD70E3E3E00E84A50E1F41F857DA248823A00A723AE1982C41F1BF6114D1F86E75F8F82DB90B938E7A2A6DDD6CACCD1BE17D2235996E0CB7DAB110939753AB29F6617334859E8DBA8C6692B3A8A6326929112AE769EC64E68AA8D70B568EEF6BAE4521323FFB7052F3EC8696D48AA98F4611A1ABE34C71EC5D49DD0D1BC1AE998D73B3B1E2CE5D0E208A82F53E102C3C4B666D7747F1A70BA73B4FB5B51DF5ACC56FC013EF349ABC46BE269936625A328D30529358B4201B01583DF17A4574B2D172C109EC3E9241E0BFF29893A0F7C82ABEFD1E5B609309432F1B06BF55814DEB66139DE1F35211AA74CF5FAFDCE96CFA97FD099CB5E3D48E81C10761D89331956B772ADA4E0D36277A872FE71FBC1BA675471BE9E8159345C6ED6240504A281354145FE7BC17D01A22479C1E629E6810C3B0EC95A14FEC8E29BED43F32640E6BAAF0C0209EEB908EEEA3103894E17C6227756CF67BDC1D57083AF1C5E6C655EB277C279ACCA73D4E1B10481F9A7E110CF134DBE80830F4CCF4C7"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2788)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Celkový čas: 2010-02-18 14:13:39
ComboFix-quarantined-files.txt 2010-02-18 13:13
ComboFix2.txt 2010-02-17 22:27

Před spuštěním: Volných bajtů: 21 839 540 224
Po spuštění: Volných bajtů: 21 803 761 664

- - End Of File - - 3DF081D4DB71C9594E59BBF781842AD0

#4 Příspěvek od **JaRon** » 18 úno 2010 14:21

vycisti PC s MBAM

lordbrutus · #5 Příspěvek od **lordbrutus** » 18 úno 2010 14:33

existuje prosim nejaky link a navod na MBAM? Bohuzel s timto neumim pracovat...

#6 Příspěvek od **JaRon** » 18 úno 2010 14:34

ano, po kliknuti na fialove MBAM v mojom podpise

lordbrutus · #7 Příspěvek od **lordbrutus** » 18 úno 2010 14:52

tak jsem provedl scan a ulozil zaznam jehoz zneni je zde :
asi mam smazat oznacene, ze?

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3754
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

18.2.2010 14:49:20
mbam-log-2010-02-18 (14-49-15).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 111985
Uplynulý čas: 3 minute(s), 7 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\WINDOWS\system32\drivers\Sfloppy.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\Radim\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

#8 Příspěvek od **JaRon** » 18 úno 2010 14:53

ano ZMAZ - po restarte dalsia komtrola s MBAM

lordbrutus · #9 Příspěvek od **lordbrutus** » 18 úno 2010 15:13

tak jsem to smazal a udelal dalsi test, no a naslo to dalsi infikovane soubory (viz zaznam)
pokazde kdyz restartuju PC, tak musim aspon 7 minut cekat nez muzu zacit pracovat - spodni lista nevyjede a nelze v OS pracovat....

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3754
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

18.2.2010 15:12:51
mbam-log-2010-02-18 (15-12-37).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 112150
Uplynulý čas: 3 minute(s), 48 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\WINDOWS\system32\drivers\OLD12.tmp (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\OLD18.tmp (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\OLDE.tmp (Rootkit.Agent) -> No action taken.

lordbrutus · #10 Příspěvek od **lordbrutus** » 18 úno 2010 17:01

tak jsem to risknul a opet smazal, po restarte jsem opet spustil MBAM a ten uz nenasel nic (vypis nize), nicmene problem pretrvava - po restartu resp. najeti do OS, nelze nic delat aspon 7 - 10minut, pote uz jede normalne (teda aspon myslim), co to muze byt? Navic, kdyz se nekde zaloguju (napr. na tomto serveru), tak se dost casto stava, ze jak napisu neco do fora, tak pri odeslani chce opet prihlaseni....Uz jsem z toho celkem smutny

Prosim slo by to nejak opravit? Dekuji.

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3754
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

18.2.2010 16:52:38
mbam-log-2010-02-18 (16-52-38).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 112186
Uplynulý čas: 3 minute(s), 2 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

#11 Příspěvek od **JaRon** » 19 úno 2010 07:30

nebud smutny ,,, vloz aktualny log z ComboFix-u

lordbrutus · #12 Příspěvek od **lordbrutus** » 19 úno 2010 08:22

tak zde je.... radeji jsem odinstaloval i Daemon Tool.

ComboFix 10-02-17.01 - Radim 19.02.2010 8:14.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1564 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100218-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-19 do 2010-02-19 )))))))))))))))))))))))))))))))
.

2010-02-18 13:59 . 2008-04-13 23:10 11392 -c--a-w- c:\windows\system32\dllcache\sfloppy.sys
2010-02-18 13:59 . 2008-04-13 23:10 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys
2010-02-18 13:58 . 2010-02-18 13:58 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-02-18 13:43 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 13:43 . 2010-02-18 14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 13:43 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-17 18:08 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-17 18:08 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-17 18:08 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-17 18:08 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-17 18:06 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-17 18:06 . 2008-04-13 23:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-07 18:20 . 2010-02-07 18:20 -------- d-----w- c:\program files\DAEMON Tools Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 07:12 . 2008-09-19 00:46 16608 ----a-w- c:\windows\gdrv.sys
2010-02-18 16:28 . 2008-09-25 19:23 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-17 22:25 . 2009-04-01 12:55 -------- d-----w- c:\program files\pdfforge Toolbar
2010-02-07 18:19 . 2008-09-19 16:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-15 14:10 . 2010-01-15 14:10 -------- d-----w- c:\program files\Application Updater
2010-01-08 14:38 . 2008-09-19 00:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 14:32 . 2009-10-31 18:18 8590 ----a-w- c:\windows\hh.dat
2010-01-05 14:31 . 2009-12-21 15:34 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-01-05 14:31 . 2010-01-05 13:40 -------- d-----w- c:\program files\WinFast
2010-01-05 13:56 . 2010-01-05 13:56 -------- d-----w- c:\program files\Windows Sidebar
2010-01-04 20:08 . 2010-01-04 20:08 -------- d-----w- c:\program files\MSECache
2009-12-30 14:56 . 2009-06-20 07:00 -------- d-----w- c:\program files\ICQ6.5
2009-12-21 17:17 . 2009-12-21 16:49 -------- d-----w- c:\program files\Popisovač CD-DVD
2009-12-21 15:34 . 2009-12-21 15:34 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-11-24 23:54 . 2008-09-19 00:51 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-09-19 00:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-09-19 00:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-09-19 00:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-09-19 00:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-09-19 00:51 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-09-19 00:51 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-09-19 00:51 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-09-19 00:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-22 12:17 . 2009-08-22 12:17 8192 --sha-w- c:\windows\o2cLicStore.bin
.

((((((((((((((((((((((((((((( SnapShot@2010-02-17_22.26.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-19 07:13 . 2010-02-19 07:13 16384 c:\windows\Temp\Perflib_Perfdata_7dc.dat
+ 2010-02-19 07:13 . 2010-02-19 07:13 16384 c:\windows\Temp\Perflib_Perfdata_41c.dat
+ 2008-09-19 00:50 . 2008-04-13 23:15 26368 c:\windows\system32\drivers\usbstor.sys
- 2008-09-19 00:50 . 2008-04-13 22:15 26368 c:\windows\system32\drivers\usbstor.sys
+ 2008-09-19 00:50 . 2008-04-13 23:15 26368 c:\windows\system32\dllcache\usbstor.sys
- 2008-09-19 00:44 . 2010-02-17 18:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-19 00:44 . 2010-02-18 13:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-19 00:44 . 2010-02-17 18:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-19 00:44 . 2010-02-18 13:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-18 13:58 . 2010-02-18 13:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-09-19 00:44 . 2010-02-17 18:04 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-19 02:35 . 2008-04-13 23:09 4992 c:\windows\system32\drivers\mspqm.sys
- 2008-09-19 02:35 . 2008-04-13 22:09 4992 c:\windows\system32\drivers\mspqm.sys
+ 2008-09-19 02:35 . 2008-04-13 23:09 4992 c:\windows\system32\dllcache\mspqm.sys
+ 2008-09-19 02:35 . 2008-04-13 23:15 172416 c:\windows\system32\drivers\kmixer.sys
- 2008-09-19 02:35 . 2008-04-13 22:15 172416 c:\windows\system32\drivers\kmixer.sys
+ 2008-09-19 02:35 . 2008-04-13 23:15 172416 c:\windows\system32\dllcache\kmixer.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2010-01-08 02:17 700416 ----a-w- c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"SystemExplorer"="c:\program files\System Explorer\SystemExplorer.exe" [2008-08-25 1833472]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="c:\program files\GIGABYTE\GEST\run.exe" [2008-09-24 236040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"bgsmsnd.exe"="c:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe" [2006-06-01 106496]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\
monnid32.exe [2008-4-14 28160]

c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\SystemExplorerDisabled
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-9-23 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-21 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.9.2008 1:51 114768]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 11:07 61424]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.9.2008 1:51 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.9.2008 21:21 222968]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [19.9.2008 17:29 3712]
R3 WFLR6654;WinFast DTV1800 H (XC4000);c:\windows\system32\drivers\wfeaglxt.sys [5.1.2010 14:35 433792]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.9.2008 17:18 691696]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [19.9.2008 17:08 55816]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [21.9.2008 13:13 98488]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.aukro.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\2tmh8x2b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://novinky.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\2tmh8x2b.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 08:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="C146BB61E77C5FC83796352E606A39D7A1CC810C5081B3BDA567DA21D24A39391E1486BC18D13255953F14208C49AF760C416AD7C7B2DD05160F23A949214599BC04368A8C06E5C23E37F72EE80F16D58FE2E69CC19837D039D8446186263F507F0D83BF85758710D9278606091AF3F9382BA861483167CFA2311EC6AB9708571FAB1BF5D93F549EE2BA587B180C8550E61857CFFBBE469639860400EC78B708A35F1F69F249C0B1AA25FC03D4483C25512A8D3810C6639AB24ABED3129216256C2B24FA4C3B75FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC7933A6A0AC4980AC793323B1E68A5BD76C4D628781584B6F0B53D66B79BBF8A65BEBBAE29FB02D5E7EDF1A93B1F9396F796803A823437042FC404612732A3028C80ECE889501808F17938167E47136019DB32CD3AB6533F41B4590383B433271F3BC6C09107F9978639A265F0BF1704CB8B3F8E1B6894E7CA543367B9C416ECA1F531E66AB7245D7C5EB3E0233702CA4EC9DE27C64F11E62A14D1DCA68D07C15CEE2D2F40B95F1036437DF2770535373A15BCCA1D65323C2562A0FEA731696C04BAFDADDD318B05EAA5D06FDD7776FB4818C7AA4B6D7035150563A7216A5195422336E1D2F9DBA6744F31088842D3279FC8493AC301C0651DE012DCC2D8908EAA598A884C9BB6A2CA444421C17B76D654648A434712F1A9C170E5FBA1AC008316A410538D67E3ED0824BC3622FCE9BB054939E89AF98CE1FD0142B50C03CE1EBC8C169310CE4598C573B9FD8F5A0D62762D3555122CF595D28DF4B74896285EEDE62193BA1608229617AC55115CA5E2970AB810004431369FD70E3E3E00E84A50E1F41F857DA248823A00A723AE1982C41F1BF6114D1F86E75F8F82DB90B938E7A2A6DDD6CACCD1BE17D2235996E0CB7DAB110939753AB29F6617334859E8DBA8C6692B3A8A6326929112AE769EC64E68AA8D70B568EEF6BAE4521323FFB7052F3EC8696D48AA98F4611A1ABE34C71EC5D49DD0D1BC1AE998D73B3B1E2CE5D0E208A82F53E102C3C4B666D7747F1A70BA73B4FB5B51DF5ACC56FC013EF349ABC46BE269936625A328D30529358B4201B01583DF17A4574B2D172C109EC3E9241E0BFF29893A0F7C82ABEFD1E5B609309432F1B06BF55814DEB66139DE1F35211AA74CF5FAFDCE96CFA97FD099CB5E3D48E81C10761D89331956B772ADA4E0D36277A872FE71FBC1BA675471BE9E8159345C6ED6240504A281354145FE7BC17D01A22479C1E629E6810C3B0EC95A14FEC8E29BED43F32640E6BAAF0C0209EEB908EEEA3103894E17C6227756CF67BDC1D57083AF1C5E6C655EB277C279ACCA73D4E1B10481F9A7E110CF134DBE80830F4CCF4C7"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Celkový čas: 2010-02-19 08:19:34
ComboFix-quarantined-files.txt 2010-02-19 07:19
ComboFix2.txt 2010-02-18 13:13
ComboFix3.txt 2010-02-17 22:27

Před spuštěním: Volných bajtů: 21 773 156 352
Po spuštění: Volných bajtů: 21 736 914 944

- - End Of File - - ECA5A3E9AAAF6CFB036162E92F0AFF51

#13 Příspěvek od **JaRon** » 19 úno 2010 08:28

pouzi CFScript:

Kód: Vybrat vše

Driver::
Sfloppy


File::
c:\windows\system32\dllcache\sfloppy.sys
c:\windows\system32\drivers\sfloppy.sys
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\dllcache\lbrtfdc.sys
c:\windows\system32\drivers\lbrtfdc.sys
c:\windows\system32\dllcache\i2omgmt.sys
c:\windows\system32\drivers\i2omgmt.sys
c:\windows\system32\dllcache\changer.sys
c:\windows\system32\drivers\changer.sys
c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\monnid32.exe 

Folder::
c:\program files\pdfforge Toolbar

lordbrutus · #14 Příspěvek od **lordbrutus** » 19 úno 2010 08:54

zde je report.
kdyz vkladam CFScript do Com... jsem si mysle, ze se PC restartuje ale to je asi v poradku

ComboFix 10-02-17.01 - Radim 19.02.2010 8:40.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1650 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Radim\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100218-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\monnid32.exe"
"c:\windows\system32\dllcache\changer.sys"
"c:\windows\system32\dllcache\i2omgmt.sys"
"c:\windows\system32\dllcache\lbrtfdc.sys"
"c:\windows\system32\dllcache\sfloppy.sys"
"c:\windows\system32\drivers\changer.sys"
"c:\windows\system32\drivers\i2omgmt.sys"
"c:\windows\system32\drivers\lbrtfdc.sys"
"c:\windows\system32\drivers\sfloppy.sys"
"c:\windows\system32\fjhdyfhsn.bat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\FF\components\config.ini
c:\program files\pdfforge Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\pdfforge Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
c:\program files\pdfforge Toolbar\FF\chrome.manifest
c:\program files\pdfforge Toolbar\FF\chrome\content\chevron.js
c:\program files\pdfforge Toolbar\FF\chrome\content\chevron.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\login.js
c:\program files\pdfforge Toolbar\FF\chrome\content\login.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\parser.js
c:\program files\pdfforge Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\pdfforge Toolbar\FF\chrome\content\searchbox.js
c:\program files\pdfforge Toolbar\FF\chrome\content\searchbox.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\widgicomm.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgihandling.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgichevron.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\widgiui.js
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\amazon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\ebay.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\chevron.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_branding.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_icon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-button.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\searchbox.css
c:\program files\pdfforge Toolbar\FF\chrome\skin\separator.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\pdfforge Toolbar\FF\install.rdf
c:\program files\pdfforge Toolbar\IE\1.1.2\config.ini
c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
c:\program files\pdfforge Toolbar\Res\amazon.gif
c:\program files\pdfforge Toolbar\Res\ebay.gif
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\SearchSettings.exe
c:\program files\pdfforge Toolbar\SearchSettingsRes409.dll
c:\program files\pdfforge Toolbar\sscfg.ini
c:\program files\pdfforge Toolbar\SSFF\components\IFBHOSearch.xpt
c:\program files\pdfforge Toolbar\SSFF\components\IFBHOSearchHelperEngine.xpt
c:\program files\pdfforge Toolbar\SSFF\components\IFHelperPreferences.xpt
c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
c:\program files\pdfforge Toolbar\SSFF\components\sscfg.ini
c:\program files\pdfforge Toolbar\SSFF\chrome.manifest
c:\program files\pdfforge Toolbar\SSFF\chrome\content\plugin.js
c:\program files\pdfforge Toolbar\SSFF\chrome\content\plugin.xul
c:\program files\pdfforge Toolbar\SSFF\chrome\content\protection.js
c:\program files\pdfforge Toolbar\SSFF\chrome\content\utils.js
c:\program files\pdfforge Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\pdfforge Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\pdfforge Toolbar\SSFF\chrome\skin\yahoo.xml
c:\program files\pdfforge Toolbar\SSFF\install.rdf
c:\program files\pdfforge Toolbar\WidgiHelper.exe
c:\windows\system32\dllcache\changer.sys
c:\windows\system32\dllcache\i2omgmt.sys
c:\windows\system32\dllcache\lbrtfdc.sys
c:\windows\system32\dllcache\sfloppy.sys
c:\windows\system32\drivers\changer.sys
c:\windows\system32\drivers\i2omgmt.sys
c:\windows\system32\drivers\lbrtfdc.sys
c:\windows\system32\drivers\sfloppy.sys
c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SFLOPPY
-------\Service_Sfloppy

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-19 do 2010-02-19 )))))))))))))))))))))))))))))))
.

2010-02-18 13:43 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 13:43 . 2010-02-18 14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 13:43 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-07 18:20 . 2010-02-07 18:20 -------- d-----w- c:\program files\DAEMON Tools Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 07:44 . 2008-09-19 00:46 16608 ----a-w- c:\windows\gdrv.sys
2010-02-18 16:28 . 2008-09-25 19:23 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-07 18:19 . 2008-09-19 16:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-15 14:10 . 2010-01-15 14:10 -------- d-----w- c:\program files\Application Updater
2010-01-08 14:38 . 2008-09-19 00:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 14:32 . 2009-10-31 18:18 8590 ----a-w- c:\windows\hh.dat
2010-01-05 14:31 . 2009-12-21 15:34 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-01-05 14:31 . 2010-01-05 13:40 -------- d-----w- c:\program files\WinFast
2010-01-05 13:56 . 2010-01-05 13:56 -------- d-----w- c:\program files\Windows Sidebar
2010-01-04 20:08 . 2010-01-04 20:08 -------- d-----w- c:\program files\MSECache
2009-12-30 14:56 . 2009-06-20 07:00 -------- d-----w- c:\program files\ICQ6.5
2009-12-21 17:17 . 2009-12-21 16:49 -------- d-----w- c:\program files\Popisovač CD-DVD
2009-12-21 15:34 . 2009-12-21 15:34 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-11-24 23:54 . 2008-09-19 00:51 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-09-19 00:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-09-19 00:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-09-19 00:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-09-19 00:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-09-19 00:51 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-09-19 00:51 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-09-19 00:51 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-09-19 00:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-22 12:17 . 2009-08-22 12:17 8192 --sha-w- c:\windows\o2cLicStore.bin
.

((((((((((((((((((((((((((((( SnapShot@2010-02-17_22.26.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-19 07:44 . 2010-02-19 07:44 16384 c:\windows\Temp\Perflib_Perfdata_a8.dat
+ 2010-02-19 07:44 . 2010-02-19 07:44 16384 c:\windows\Temp\Perflib_Perfdata_434.dat
+ 2010-02-19 07:13 . 2010-02-19 07:13 16384 c:\windows\Temp\Perflib_Perfdata_41c.dat
+ 2008-09-19 00:50 . 2008-04-13 23:15 26368 c:\windows\system32\drivers\usbstor.sys
- 2008-09-19 00:50 . 2008-04-13 22:15 26368 c:\windows\system32\drivers\usbstor.sys
+ 2008-09-19 00:50 . 2008-04-13 23:15 26368 c:\windows\system32\dllcache\usbstor.sys
+ 2008-09-19 00:44 . 2010-02-18 13:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-19 00:44 . 2010-02-17 18:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-19 00:44 . 2010-02-17 18:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-19 00:44 . 2010-02-18 13:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-19 02:35 . 2008-04-13 22:09 4992 c:\windows\system32\drivers\mspqm.sys
+ 2008-09-19 02:35 . 2008-04-13 23:09 4992 c:\windows\system32\drivers\mspqm.sys
+ 2008-09-19 02:35 . 2008-04-13 23:09 4992 c:\windows\system32\dllcache\mspqm.sys
- 2008-09-19 02:35 . 2008-04-13 22:15 172416 c:\windows\system32\drivers\kmixer.sys
+ 2008-09-19 02:35 . 2008-04-13 23:15 172416 c:\windows\system32\drivers\kmixer.sys
+ 2008-09-19 02:35 . 2008-04-13 23:15 172416 c:\windows\system32\dllcache\kmixer.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"SystemExplorer"="c:\program files\System Explorer\SystemExplorer.exe" [2008-08-25 1833472]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="c:\program files\GIGABYTE\GEST\run.exe" [2008-09-24 236040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"bgsmsnd.exe"="c:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe" [2006-06-01 106496]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\
monnid32.exe [2008-4-14 28160]

c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\SystemExplorerDisabled
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-9-23 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-21 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.9.2008 17:18 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.9.2008 1:51 114768]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 11:07 61424]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.9.2008 1:51 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.9.2008 21:21 222968]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [19.9.2008 17:29 3712]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [19.9.2008 17:08 55816]
R3 WFLR6654;WinFast DTV1800 H (XC4000);c:\windows\system32\drivers\wfeaglxt.sys [5.1.2010 14:35 433792]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [21.9.2008 13:13 98488]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.aukro.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\2tmh8x2b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://novinky.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\2tmh8x2b.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
HKLM-Run-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 08:44
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys speg.sys >>UNKNOWN [0x89E04938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28
\Driver\ACPI -> ACPI.sys @ 0xba674cb8
\Driver\atapi -> atapi.sys @ 0xba609b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba512bb0
PacketIndicateHandler -> NDIS.sys @ 0xba51fa21
SendHandler -> NDIS.sys @ 0xba4fd87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="C146BB61E77C5FC83796352E606A39D7A1CC810C5081B3BDA567DA21D24A39391E1486BC18D13255953F14208C49AF760C416AD7C7B2DD05160F23A949214599BC04368A8C06E5C23E37F72EE80F16D58FE2E69CC19837D039D8446186263F507F0D83BF85758710D9278606091AF3F9382BA861483167CFA2311EC6AB9708571FAB1BF5D93F549EE2BA587B180C8550E61857CFFBBE469639860400EC78B708A35F1F69F249C0B1AA25FC03D4483C25512A8D3810C6639AB24ABED3129216256C2B24FA4C3B75FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC7933A6A0AC4980AC793323B1E68A5BD76C4D628781584B6F0B53D66B79BBF8A65BEBBAE29FB02D5E7EDF1A93B1F9396F796803A823437042FC404612732A3028C80ECE889501808F17938167E47136019DB32CD3AB6533F41B4590383B433271F3BC6C09107F9978639A265F0BF1704CB8B3F8E1B6894E7CA543367B9C416ECA1F531E66AB7245D7C5EB3E0233702CA4EC9DE27C64F11E62A14D1DCA68D07C15CEE2D2F40B95F1036437DF2770535373A15BCCA1D65323C2562A0FEA731696C04BAFDADDD318B05EAA5D06FDD7776FB4818C7AA4B6D7035150563A7216A5195422336E1D2F9DBA6744F31088842D3279FC8493AC301C0651DE012DCC2D8908EAA598A884C9BB6A2CA444421C17B76D654648A434712F1A9C170E5FBA1AC008316A410538D67E3ED0824BC3622FCE9BB054939E89AF98CE1FD0142B50C03CE1EBC8C169310CE4598C573B9FD8F5A0D62762D3555122CF595D28DF4B74896285EEDE62193BA1608229617AC55115CA5E2970AB810004431369FD70E3E3E00E84A50E1F41F857DA248823A00A723AE1982C41F1BF6114D1F86E75F8F82DB90B938E7A2A6DDD6CACCD1BE17D2235996E0CB7DAB110939753AB29F6617334859E8DBA8C6692B3A8A6326929112AE769EC64E68AA8D70B568EEF6BAE4521323FFB7052F3EC8696D48AA98F4611A1ABE34C71EC5D49DD0D1BC1AE998D73B3B1E2CE5D0E208A82F53E102C3C4B666D7747F1A70BA73B4FB5B51DF5ACC56FC013EF349ABC46BE269936625A328D30529358B4201B01583DF17A4574B2D172C109EC3E9241E0BFF29893A0F7C82ABEFD1E5B609309432F1B06BF55814DEB66139DE1F35211AA74CF5FAFDCE96CFA97FD099CB5E3D48E81C10761D89331956B772ADA4E0D36277A872FE71FBC1BA675471BE9E8159345C6ED6240504A281354145FE7BC17D01A22479C1E629E6810C3B0EC95A14FEC8E29BED43F32640E6BAAF0C0209EEB908EEEA3103894E17C6227756CF67BDC1D57083AF1C5E6C655EB277C279ACCA73D4E1B10481F9A7E110CF134DBE80830F4CCF4C7"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\matlab6p5\webserver\bin\win32\matlabserver.exe
c:\matlab6p5\bin\win32\matlab.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\GIGABYTE\GEST\gest.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-02-19 08:46:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-19 07:46
ComboFix2.txt 2010-02-19 07:19
ComboFix3.txt 2010-02-18 13:13
ComboFix4.txt 2010-02-17 22:27

Před spuštěním: Volných bajtů: 21 746 003 968
Po spuštění: Volných bajtů: 21 627 940 864

- - End Of File - - 9E5C65BAD663F40F75E448205C8F6686

#15 Příspěvek od **JaRon** » 19 úno 2010 09:14

c:\documents and settings\Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\monnid32.exe
existuje tento subor na disku ?

VIRY.CZ

Rootkit-gen [RtK]

Rootkit-gen [RtK]

Re: Rootkit-gen [RtK]

Re: Rootkit-gen [RtK]

Re: Rootkit-gen [RtK]

Re: Rootkit-gen [RtK]

Re: Rootkit-gen [RtK]

Re: Rootkit-gen [RtK]

Re: Rootkit-gen [RtK]

Re: Rootkit-gen [RtK]

Re: Rootkit-gen [RtK]

Re: Rootkit-gen [RtK]

Re: Rootkit-gen [RtK]

Re: Rootkit-gen [RtK]

Re: Rootkit-gen [RtK]

Re: Rootkit-gen [RtK]