NOD mi hlasi virus, ale nevie ho liecit Vyřešeno

[Bubo3]

Prosim o pomoc - pri scane PC mi NOD vyhodil hlasku i infikobani virusom Win32\Mebroot trojan. Problem je, ze ho nevie liecit ani zmazat...
Prikladam Printscreen ako aj log HJT. Vopred dakujem za kazdu radu.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:58, on 3. 2. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Motherboard Monitor 5\MBM5.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MBM 5 Core EXE] C:\Program Files\Motherboard Monitor 5\MBM5.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (NOXLATE) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4691787000
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file:///D:/Program/AcDcToday.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{14684203-4A4B-418F-839C-4D133BFF2440}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{14684203-4A4B-418F-839C-4D133BFF2440}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{14684203-4A4B-418F-839C-4D133BFF2440}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{14684203-4A4B-418F-839C-4D133BFF2440}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9380 bytes

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (NOXLATE) -
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) -


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Bubo3]

Dik za venovany cas a pomoc. Pripajam Log ...

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3701
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7. 2. 2009 17:33:16
mbam-log-2009-02-07 (17-33-09).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 171700
Uplynulý čas: 11 minute(s), 30 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 6
Infikované hodnoty registru: 4
Infikované datové položky registru: 0
Infikované adresáře: 1
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_CLASSES_ROOT\totalvid (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TDSSserv.sys (Rootkit.TDSS) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\resycled (Trojan.DNSChanger) -> No action taken.

Infikované soubory:
C:\WINDOWS\system32\TDSSosvn.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.TDSS) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u NOD32.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Bubo3]

OK - posielam LOG ComboFix

ComboFix 10-02-07.01 - Otec . 02. 2009 19:50:19.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1023.717 [GMT 1:00]
Running from: E:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-12-06 09:22 . 2009-12-06 09:25 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-12-04 17:39 . 2009-12-06 08:59 -------- d-----w- C:\Downloads
2009-12-03 21:19 . 2009-12-04 18:13 -------- d-----w- c:\program files\FlashGet
2009-11-05 19:06 . 2009-11-05 19:06 -------- d-----w- c:\program files\NOS
2009-09-27 12:45 . 2009-09-27 12:45 -------- d-----w- c:\program files\Adobe Media Player
2009-09-27 12:43 . 2009-09-27 12:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-27 12:37 . 2009-09-27 12:37 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-14 16:17 . 2009-09-14 16:17 -------- d-----w- c:\program files\VideoLAN
2009-09-14 09:15 . 2009-02-02 19:16 -------- d-----w- c:\program files\URUSoft
2009-09-12 12:12 . 2009-09-12 12:12 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-08-30 10:38 . 2008-04-16 04:05 729088 ----a-r- c:\windows\system32\hposwia_p01a.dll
2009-08-30 10:38 . 2008-04-16 04:05 974848 ----a-r- c:\windows\system32\hpost_p01a.dll
2009-08-30 10:38 . 2008-04-16 04:05 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-08-30 10:38 . 2008-04-16 04:05 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-08-30 10:38 . 2008-02-28 10:08 303104 ----a-r- c:\windows\system32\hposc_p01a.dll
2009-08-30 10:33 . 2009-08-30 10:33 -------- d-----w- c:\program files\Common Files\HP
2009-08-30 10:28 . 2009-08-30 10:41 166130 ----a-w- c:\windows\hpoins30.dat
2009-08-30 10:28 . 2008-06-18 06:22 844 ------w- c:\windows\hpomdl30.dat
2009-07-14 21:00 . 2009-02-07 18:22 -------- d-----w- c:\program files\ICQ6.5
2009-07-09 12:21 . 2006-09-28 14:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-07-09 12:21 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-07-09 12:21 . 2006-09-28 14:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2009-07-09 12:21 . 2006-09-28 14:03 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-07-09 12:21 . 2006-07-28 07:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2009-07-09 12:21 . 2006-07-28 07:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2009-07-08 18:56 . 2009-07-08 18:56 -------- d-----w- c:\windows\system32\LogFiles
2009-06-30 20:45 . 2009-07-14 19:14 -------- d-----w- C:\Tento počítač
2009-06-20 11:09 . 1999-06-03 10:05 170496 ----a-w- c:\windows\system32\awrtl30.dll
2009-06-20 11:09 . 1998-08-04 09:22 111616 ----a-w- c:\windows\system32\Ltih30tb.dll
2009-06-20 11:09 . 2009-06-20 11:09 -------- d-----w- c:\program files\Common Files\WexTech Shared
2009-06-20 11:09 . 2009-06-20 11:09 -------- d-----w- c:\program files\WexTech
2009-06-20 11:09 . 2009-06-20 11:09 -------- d-----w- c:\program files\Common Files\LHSPF
2009-06-20 11:08 . 2009-06-20 11:08 -------- d-----w- c:\windows\occache
2009-06-14 15:32 . 2001-10-24 10:02 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-06-14 15:32 . 2001-10-24 10:02 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-06-14 14:49 . 2008-04-16 04:05 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-06-14 14:48 . 2008-04-16 04:05 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-06-14 14:48 . 2008-06-06 18:49 302592 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp692.dll
2009-06-14 14:48 . 2008-06-06 18:49 118272 ----a-w- c:\windows\system32\hpz3l692.dll
2009-06-14 14:48 . 2008-04-16 04:05 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-06-14 14:48 . 2008-04-16 04:05 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-06-14 14:47 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-14 14:47 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-14 14:40 . 2009-06-14 14:40 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-06-14 14:37 . 2008-04-13 17:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-06-14 14:37 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-14 14:35 . 2009-06-14 14:45 -------- d-----w- c:\program files\HP
2009-05-28 12:25 . 2009-05-28 12:25 -------- d-----w- c:\windows\Sun
2009-05-28 11:21 . 2009-05-28 11:21 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-28 11:21 . 2009-05-28 11:21 -------- d-----w- c:\program files\Java
2009-05-16 14:46 . 2009-05-16 14:46 -------- d-----w- c:\program files\Conduit
2009-05-16 14:37 . 2009-05-16 14:39 -------- d-----w- c:\program files\Crystal Player
2009-04-30 08:53 . 2009-04-30 08:53 -------- d-----w- c:\program files\MSECache
2009-02-18 18:19 . 2009-02-18 18:19 -------- d-----w- c:\program files\CCleaner
2009-02-15 15:21 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-02-15 15:15 . 2009-02-04 17:54 -------- d-----w- c:\windows\system32\XPSViewer
2009-02-15 15:15 . 2009-02-15 15:15 -------- d-----w- c:\program files\MSBuild
2009-02-15 15:15 . 2009-02-15 15:15 -------- d-----w- c:\program files\Reference Assemblies
2009-02-15 15:15 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-02-15 15:14 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-15 15:14 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-15 15:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-02-15 15:14 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-15 15:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-02-15 15:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-02-15 15:14 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-15 15:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-02-15 14:40 . 2009-02-15 14:41 -------- d-----w- c:\program files\QuickTime
2009-02-15 13:46 . 2008-12-20 23:03 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-15 13:46 . 2008-12-20 23:03 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-02-15 13:46 . 2008-12-20 23:03 267776 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-02-15 13:46 . 2008-12-20 23:03 383488 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-15 13:46 . 2008-12-19 09:10 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-02-15 13:46 . 2007-04-17 09:32 2455488 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-15 13:46 . 2008-12-20 23:03 6066688 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-02-15 13:46 . 2008-12-20 23:03 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-02-15 13:26 . 2009-02-15 13:26 -------- d-----w- c:\windows\system32\cs
2009-02-15 13:26 . 2009-02-15 13:26 -------- d-----w- c:\windows\l2schemas
2009-02-15 13:26 . 2009-02-04 17:54 -------- d-----w- c:\windows\system32\cs-cz
2009-02-15 13:26 . 2009-02-15 13:26 -------- d-----w- c:\windows\system32\bits
2009-02-15 13:25 . 2009-02-15 13:26 -------- d-----w- c:\windows\ServicePackFiles
2009-02-15 11:00 . 2008-09-15 15:27 1846400 -c----w- c:\windows\system32\dllcache\win32k.sys
2009-02-15 11:00 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-02-15 11:00 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-15 11:00 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-02-15 11:00 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-02-15 10:59 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-02-15 10:34 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-02-15 10:34 . 2008-08-14 13:26 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-15 10:34 . 2008-08-14 13:26 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-15 10:34 . 2008-08-14 13:26 2191360 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-15 10:34 . 2008-08-14 13:26 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-15 10:33 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-02-15 10:33 . 2008-09-04 17:17 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-02-15 10:08 . 2004-08-03 21:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-02-15 09:59 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-02-15 09:59 . 2009-02-15 15:31 -------- d--h--w- c:\windows\$hf_mig$
2009-02-07 16:19 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 16:19 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-02-07 16:19 . 2009-02-07 16:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-02-07 16:12 . 2009-02-07 16:12 -------- d-----w- c:\program files\Trend Micro
2009-02-06 20:17 . 2009-02-06 20:22 -------- d-----w- c:\program files\AutoCAD 2008
2009-02-06 20:16 . 2009-06-20 11:08 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-02-06 20:16 . 2009-02-06 20:16 -------- d-----w- c:\program files\Autodesk
2009-02-04 18:12 . 2009-02-04 18:12 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-02-04 18:12 . 2009-02-04 18:12 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-02-04 18:12 . 2009-02-04 18:12 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-02-04 18:12 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2009-02-04 18:12 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2009-02-04 18:12 . 2009-02-04 18:12 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-02-03 22:01 . 2009-02-03 22:01 -------- d-----w- c:\documents and settings\Otec\DoctorWeb
2009-02-03 21:14 . 2009-02-03 21:14 396288 ----a-w- C:\HijackThis.exe
2009-02-03 19:38 . 2009-02-03 19:38 -------- d-----w- c:\program files\ESET
2009-02-02 20:09 . 2009-02-02 20:09 -------- d-----w- c:\program files\Windows Sidebar
2009-02-01 10:42 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-02-01 10:42 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-01-24 14:03 . 2009-05-17 14:22 -------- d-----w- c:\program files\MagicISO
2009-01-10 11:30 . 2009-01-10 11:30 -------- d-----w- c:\program files\Driver-Soft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 09:18 . 2007-06-17 13:02 717296 ----a-w- c:\windows\system32\drivers\sptd.sys.12957712
2009-09-27 12:47 . 2007-06-17 17:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-14 09:00 . 2007-06-28 18:11 -------- d-----w- c:\program files\Mv2Player
2009-09-06 11:24 . 2007-06-15 13:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 21:01 . 2007-12-24 19:42 -------- d-----w- c:\program files\ICQ6
2009-07-14 16:56 . 2008-01-13 14:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-20 11:02 . 2007-06-17 06:32 -------- d-----w- c:\program files\Hewlett-Packard
2009-02-15 13:28 . 2007-06-15 12:53 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-15 13:28 . 2007-06-15 12:53 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-02-07 18:51 . 2001-10-25 14:00 431984 ----a-w- c:\windows\system32\perfh005.dat
2009-02-07 18:51 . 2001-10-25 14:00 79066 ----a-w- c:\windows\system32\perfc005.dat
2009-02-06 20:07 . 2007-06-17 12:49 -------- d-----w- c:\program files\AutoCAD LT 2000i Cz
2009-02-02 19:15 . 2007-06-17 16:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-02-02 19:14 . 2008-08-06 14:32 -------- d-----w- c:\program files\Free Audio Pack
2008-12-20 23:03 . 2004-08-17 13:49 826368 ------w- c:\windows\system32\wininet.dll
2008-12-18 17:17 . 2008-12-18 17:17 796672 ----a-w- c:\windows\GPInstall.exe
2008-12-11 10:57 . 2004-08-03 21:14 333952 ----a-w- c:\windows\system32\drivers\srv.sys
2004-07-22 08:51 . 2004-07-22 08:51 3432656 -c--a-w- c:\program files\ManagedDX.CAB
2004-07-19 20:58 . 2004-07-19 20:58 1156363 -c--a-w- c:\program files\BDANT.cab
2004-07-19 20:53 . 2004-07-19 20:53 976020 -c--a-w- c:\program files\BDAXP.cab
2004-07-16 12:30 . 2004-07-16 12:30 3858 -c--a-w- c:\program files\directx redist.txt
2004-07-09 12:17 . 2004-07-09 12:17 13265040 -c--a-w- c:\program files\dxnt.cab
2004-07-09 07:13 . 2004-07-09 07:13 15493481 -c--a-w- c:\program files\DirectX.cab
2004-07-09 07:13 . 2004-07-09 07:13 703080 -c--a-w- c:\program files\BDA.cab
2004-07-09 02:08 . 2004-07-09 02:08 472576 -c--a-w- c:\program files\dxsetup.exe
2004-07-09 02:08 . 2004-07-09 02:08 2242560 -c--a-w- c:\program files\dsetup32.dll
2004-07-09 01:03 . 2004-07-09 01:03 62976 -c--a-w- c:\program files\DSETUP.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-07_18.29.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-07 18:47 . 2009-02-07 18:47 16384 c:\windows\Temp\Perflib_Perfdata_6c8.dat
+ 2001-10-25 14:00 . 2009-02-07 18:51 68156 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2009-02-07 18:17 68156 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2009-02-07 18:51 435260 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2009-02-07 18:17 435260 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBM 5 Core EXE"="c:\program files\Motherboard Monitor 5\MBM5.exe" [2004-06-12 594944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2002-12-27 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP2\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP2\\RpcSandraSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)
"9100:TCP"= 9100:TCP:LPT
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"24078:TCP"= 24078:TCP:BitComet 24078 TCP
"24078:UDP"= 24078:UDP:BitComet 24078 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [5. 4. 2008 19:39 5248]
R2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [29. 4. 2008 18:01 99840]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [10. 1. 2003 12:57 9728]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [5. 4. 2008 19:39 160640]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [17. 6. 2007 19:25 3712]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-10-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: csob.sk\ib24
TCP: {14684203-4A4B-418F-839C-4D133BFF2440} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\Otec\Data aplikací\Mozilla\Firefox\Profiles\k15rtopz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - BS_Player Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\documents and settings\Otec\Data aplikací\Mozilla\Firefox\Profiles\k15rtopz.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 19:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys >>UNKNOWN [0x86578F3A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8657cfba
\Driver\ACPI -> ACPI.sys @ 0xf7565cb8
\Driver\atapi -> sfsync02.sys @ 0xf75cf8b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e6686
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e6686
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
PE file found in sector at 0x02542D6C1 !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-362288127-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1844237615-362288127-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ba,20,70,93,0a,d6,cc,a9,96,2a,90,88,6b,9c,74,2d,ac,ca,10,c3,45,57,5a,
0c,3d,e4,2e,9c,dd,2d,95,90,af,17,ae,b6,b0,82,98,bd,2f,b2,27,62,70,79,37,7a,\
"??"=hex:53,82,8d,d3,3c,01,a3,1c,03,0c,a5,ee,45,5a,bd,da

[HKEY_USERS\S-1-5-21-1844237615-362288127-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:cd,f4,04,7b,ea,5c,e1,13,3f,75,00,5e,4c,e1,f5,a0,1c,40,64,0c,7a,
09,4f,d5,f5,29,f4,ce,70,0e,28,37,6a,9a,56,24,ed,6b,5d,05,d1,8f,15,cf,b0,26,\
"rkeysecu"=hex:2e,54,44,38,3f,ef,43,0f,83,0e,6b,4b,f4,8d,b5,50
.
Completion time: 2009-02-07 19:56:27
ComboFix-quarantined-files.txt 2009-02-07 18:56
ComboFix2.txt 2009-02-07 18:34

Pre-Run: Volných bajtů: 18 372 661 248
Post-Run: Volných bajtů: 18 333 351 936

- - End Of File - - DBA2B29612C247EAC7C9CA9AD7DA564C

[jaro3]

Jsem jen na skok , budu až ve čtvrtek , pokud zde bude Damned či pitimir , mohou pokračovat oni.

[Bubo3]

Takže všetko je už inak - PC mi odmietol pracovat, tak sa sa vytočil a preinštaloval WIN. Následne som použil Dr.WEB a hláška na vírus zmizla... Preskenoval som PC cez MWAM a MBR a nenašlo nič. NOD je tiež bez hlášky... Žeby to už bolo OK? Pre istotu pripájam Log GMERu a HTJ a prosím o kontrolu.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:32, on 10. 2. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6661 bytes

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-10 21:20:19
Windows 5.1.2600 Service Pack 3
Running: 2rl03lbd.exe; Driver: C:\DOCUME~1\Tatino\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT 85F558A0 ZwAssignProcessToJobObject
SSDT 85F54CB0 ZwOpenProcess
SSDT 85F550D0 ZwOpenThread
SSDT 85F556D0 ZwSuspendProcess
SSDT 85F554F0 ZwSuspendThread
SSDT 85F54EE0 ZwTerminateProcess
SSDT 85F55310 ZwTerminateThread

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6F75380, 0x2FF527, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[620] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2996] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:508] 85F53930

---- EOF - GMER 1.0.15 ----

[jaro3]

logy ok ,pokud není nález z MbAM, tak to bude vše.

můžeš ještě fixnout:
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[Bubo3]

Takže je to OK. Ďakujem za pomoc.