VIRY.CZ

Vše je v pořádku. Děkuji Vám moc za Váš čas a ochotu. Děláte tady skvělou práci. Přeji dobrou noc.

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp ...

Malwarebytes' Anti-Malware 1.44
Database version: 3527
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/9/2010 7:04:19 PM
mbam-log-2010-01-09 (19-04-08).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 318491
Time elapsed: 1 hour(s), 38 minute(s), 17 second(s)

Memory ...

počítač se už chová normálně, všechno je v pohodě :)


Logfile of random's system information tool 1.06 (written by random/random)
Run by Ivanhoe at 2010-01-09 17:17:57
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 7 GB (4%) free of 179 GB
Total RAM: 3006 MB (58% free ...

tady je zatím log ze systemlooku

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 17:13 on 09/01/2010 by Ivanhoe (Administrator - Elevation successful)

========== filefind ==========

Searching for "kejnn.sys"
No files found.

========== regfind ==========

Searching for "kejnn.sys"
No ...

Noťas je trošku zpomalený,hlavně u toho skenování gmerem se několikrát totálně zasekl, nevím jestli je to těmi viry. Každopádně podle toho nového logu z combofixu se nám podařilo ten rootkit smazat. :)


ComboFix 10-01-04.01 - Ivanhoe 01/09/2010 3:10.2.2 - x86
Microsoft® Windows Vista™ Home Premium ...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-07 23:29:02
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\Ivanhoe\AppData\Local\Temp\kxlciaob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable ...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-07 21:57:36
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\Ivanhoe\AppData\Local\Temp\kxlciaob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver ...

gmer spuštěn

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script ...

log MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR

bohužel mi kejnn.sys nejde otestovat, háže to hlášku " A device attached to the system is not functioning". drží se to opravdu zuby nehty :wink:

tady je první log z gmer

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-07 18:09:59
Windows 6.0.6001 Service Pack 1
Running: gmer ...

link z výsledkama z virustotalu

http://www.virustotal.com/cs/analisis/c ... 1262820469

zdravim, už tu mám avasta :D

tady je zatím log z combofixu

ComboFix 10-01-04.01 - Ivanhoe 01/06/2010 23:59:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.1857 [GMT 1:00]
Running from: c:\users\Ivanhoe\Desktop\ComboFix.exe
Command switches used :: c:\users ...

tady ještě log scanu z programu sophos anti-rootkit


Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 1/6/2010 at 0:54:50 AM
User "Ivanhoe" on computer "TRAFFICMOU"
Windows version 6.0 SP 1.0 Service Pack 1 build 6001 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info ...