SVCHOST - 100% CPU s procesem siszyd32.exe

[prceksu]

Dobrý den.
Chtěl bych moc poprosit o řešení problému se 100% vytížením CPU procesem svchost.exe ve Win XP prof. Ten měl v sobě puštěný soubor siszyd32.exe, který jsem našel v /Po spuštění/.
V konzoli DOSu jsem ten exe soubor odsunul jinam,aby WinXP vůbec fungovaly. Soubor jsem otestoval pomocí virustotal.com:
http://www.virustotal.com/cs/analisis/f ... 1260732930

Můžete mi prosím pomoct?

Přikládám log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by prcek at 2009-12-13 22:56:57
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (22%) free of 67 GB
Total RAM: 2047 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:30, on 13.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\__Sdilet\RSIT.exe
C:\Program Files\trend micro\prcek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

--
End of file - 4988 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-13 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2009-10-11 2582288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS\zHotkey.exe [2003-07-29 515584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2002-02-19 74240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regedit32]
C:\WINDOWS\system32\regedit.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
C:\WINDOWS\ShowWnd.exe [2003-09-19 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2
"Nero BackItUp Scheduler 4.0"=2
"ABBYY.Licensing.FineReader.Professional.9.0"=2
"RichVideo"=2
"ose"=3
"odserv"=3
"Microsoft Office Groove Audit Service"=3
"ServiceLayer"=3
"SQLWriter"=3
"MSSQL$SQLEXPRESS"=2
"idsvc"=3
"iPod Service"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-08-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\HRY\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\HRY\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\Program Files\HRY\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\HRY\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\Program Files\HRY\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\HRY\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\Program Files\HRY\Unreal Tournament 3\Binaries\UT3.exe"="C:\Program Files\HRY\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\Program Files\HRY\Soldier of Fortune Payback\sof3.exe"="C:\Program Files\HRY\Soldier of Fortune Payback\sof3.exe:*:Disabled:sof3"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\obchodnisystem\apache2\bin\Apache.exe"="C:\obchodnisystem\apache2\bin\Apache.exe:*:Disabled:Apache HTTP Server"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-12-13 22:56:57 ----D---- C:\rsit
2009-12-13 22:56:57 ----D---- C:\Program Files\trend micro
2009-12-13 20:45:56 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-13 01:23:43 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2009-12-06 14:28:52 ----HDC---- C:\WINDOWS\$NtUninstallWudf01007$
2009-12-06 14:27:12 ----D---- C:\Program Files\Common Files\PCSuite
2009-12-06 14:26:56 ----D---- C:\Program Files\PC Connectivity Solution
2009-12-06 14:26:51 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-12-06 14:26:51 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2009-12-05 17:10:53 ----A---- C:\WINDOWS\system32\EBAPI2.dll
2009-12-05 17:10:52 ----D---- C:\Program Files\Common Files\EPSON
2009-12-05 17:10:36 ----A---- C:\WINDOWS\system32\PICSDK2.dll
2009-12-05 17:10:36 ----A---- C:\WINDOWS\system32\PICSDK.ini
2009-12-05 17:10:36 ----A---- C:\WINDOWS\system32\PICSDK.dll
2009-12-05 17:10:36 ----A---- C:\WINDOWS\system32\PICEntry.dll
2009-12-05 17:10:36 ----A---- C:\WINDOWS\system32\EpPicPrt.dll
2009-12-05 17:10:36 ----A---- C:\WINDOWS\system32\EPPicMgr.dll
2009-12-05 17:10:32 ----D---- C:\Documents and Settings\prcek\Data aplikací\InstallShield
2009-12-05 17:08:41 ----D---- C:\Program Files\EPSON
2009-12-05 17:08:41 ----A---- C:\WINDOWS\system32\ECBTEG.DLL
2009-12-05 17:08:41 ----A---- C:\WINDOWS\system32\EBPMON2.DLL
2009-12-05 17:08:41 ----A---- C:\WINDOWS\system32\EBPCHP.DLL
2009-12-05 17:08:35 ----A---- C:\WINDOWS\EPSTPLOG.TXT
2009-12-05 17:08:35 ----A---- C:\WINDOWS\EPSTPLOG.BAK
2009-12-05 17:08:31 ----D---- C:\EPSON
2009-12-02 12:06:25 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-12-02 12:06:21 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-12-02 12:06:10 ----D---- C:\Program Files\Windows Media Connect 2
2009-12-02 12:06:03 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-12-02 12:05:31 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-12-02 12:05:15 ----A---- C:\WINDOWS\imsins.BAK
2009-12-02 12:05:14 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-02 12:05:08 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-12-02 12:04:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2009-11-30 22:59:57 ----SHD---- C:\Config.Msi
2009-11-30 00:04:56 ----A---- C:\ComboFix.txt
2009-11-29 23:42:00 ----D---- C:\WINDOWS\temp
2009-11-29 23:19:15 ----A---- C:\WINDOWS\zip.exe
2009-11-29 23:19:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-29 23:19:15 ----A---- C:\WINDOWS\SWSC.exe
2009-11-29 23:19:15 ----A---- C:\WINDOWS\SWREG.exe
2009-11-29 23:19:15 ----A---- C:\WINDOWS\sed.exe
2009-11-29 23:19:15 ----A---- C:\WINDOWS\PEV.exe
2009-11-29 23:19:15 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-29 23:19:15 ----A---- C:\WINDOWS\grep.exe
2009-11-29 23:18:43 ----D---- C:\WINDOWS\ERDNT
2009-11-29 23:17:33 ----D---- C:\Qoobox
2009-11-29 22:06:36 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-11-29 22:06:36 ----A---- C:\WINDOWS\system32\wups2.dll
2009-11-29 22:06:35 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-11-29 22:06:35 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-11-29 22:06:33 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-11-29 20:51:28 ----RASHD---- C:\cmdcons
2009-11-29 20:50:32 ----A---- C:\WINDOWS\MBR.exe
2009-11-29 15:43:36 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-11-28 11:20:01 ----D---- C:\WINDOWS\Temporary Internet Files
2009-11-28 11:20:01 ----D---- C:\WINDOWS\History
2009-11-28 11:20:01 ----D---- C:\WINDOWS\Cookies
2009-11-28 11:20:01 ----D---- C:\KPCMS
2009-11-28 11:20:01 ----A---- C:\WINDOWS\system32\pcdlib32.dll
2009-11-28 11:20:01 ----A---- C:\WINDOWS\system32\MSVCRT10.DLL
2009-11-28 11:20:01 ----A---- C:\WINDOWS\sprof32.dll
2009-11-28 11:20:01 ----A---- C:\WINDOWS\pfpick.dll
2009-11-28 11:20:01 ----A---- C:\WINDOWS\kpsys32.dll
2009-11-28 11:20:01 ----A---- C:\WINDOWS\kpcp32.dll
2009-11-28 11:20:01 ----A---- C:\WINDOWS\KPCMS.INI
2009-11-28 11:20:01 ----A---- C:\WINDOWS\icccodes.dll
2009-11-28 11:19:48 ----D---- C:\WINDOWS\system32\COLOR
2009-11-28 11:18:55 ----A---- C:\WINDOWS\unin0405.exe
2009-11-22 00:04:59 ----RA---- C:\WINDOWS\system32\MafiaSetup.exe
2009-11-20 19:25:29 ----D---- C:\Documents and Settings\prcek\Data aplikací\Creative
2009-11-19 23:36:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-11-19 23:29:13 ----D---- C:\Program Files\Any Flv Player
2009-11-19 23:29:13 ----D---- C:\Documents and Settings\prcek\Data aplikací\Video Converter for Any Flv Player
2009-11-19 22:38:01 ----D---- C:\Program Files\Realtek AC97
2009-11-17 22:44:53 ----D---- C:\Documents and Settings\prcek\Data aplikací\Help
2009-11-17 22:15:50 ----A---- C:\WINDOWS\cdplayer.ini
2009-11-17 21:48:56 ----D---- C:\Program Files\audiograbber
2009-11-17 17:35:00 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-11-17 17:33:57 ----D---- C:\Program Files\Hewlett-Packard
2009-11-15 22:59:22 ----A---- C:\WINDOWS\system32\vbar332.dll
2009-11-15 22:48:00 ----D---- C:\Program Files\MagicISO
2009-11-15 22:40:18 ----D---- C:\Program Files\PowerISO
2009-11-14 23:51:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Synetic
2009-11-14 22:57:19 ----A---- C:\WINDOWS\system32\wmv9vcm.dll
2009-11-14 22:57:18 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2009-11-14 00:45:06 ----D---- C:\Documents and Settings\prcek\Data aplikací\ProtectDisc
2009-11-14 00:03:31 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-11-14 00:03:30 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-11-14 00:03:30 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-11-14 00:03:30 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-11-14 00:03:29 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-11-14 00:03:29 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-11-14 00:03:28 ----A---- C:\WINDOWS\system32\D3DX9_42.dll

======List of files/folders modified in the last 1 months======

2009-12-13 22:56:57 ----D---- C:\Program Files
2009-12-13 22:56:46 ----A---- C:\WINDOWS\wincmd.ini
2009-12-13 22:51:29 ----D---- C:\WINDOWS\Prefetch
2009-12-13 22:43:43 ----D---- C:\Program Files\Mozilla Firefox
2009-12-13 22:09:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-13 20:59:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-13 20:53:06 ----A---- C:\WINDOWS\win.ini
2009-12-13 20:53:06 ----A---- C:\WINDOWS\system.ini
2009-12-13 20:53:06 ----A---- C:\Boot.ini
2009-12-13 20:46:11 ----D---- C:\Documents and Settings
2009-12-13 20:45:56 ----D---- C:\WINDOWS
2009-12-13 20:43:16 ----D---- C:\WINDOWS\system32\drivers
2009-12-13 20:34:53 ----D---- C:\WINDOWS\system32\Restore
2009-12-13 01:55:42 ----D---- C:\Documents and Settings\prcek\Data aplikací\Skype
2009-12-13 01:25:18 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-12-13 01:24:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-13 01:23:43 ----D---- C:\WINDOWS\system32
2009-12-13 00:04:43 ----D---- C:\Documents and Settings\prcek\Data aplikací\skypePM
2009-12-12 15:10:10 ----D---- C:\Documents and Settings\prcek\Data aplikací\uTorrent
2009-12-06 15:16:32 ----D---- C:\NOKIA_BACKUPS
2009-12-06 14:29:06 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-12-06 14:29:02 ----HD---- C:\WINDOWS\inf
2009-12-06 14:28:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2009-12-06 14:27:22 ----SHD---- C:\WINDOWS\Installer
2009-12-06 14:27:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-06 14:27:12 ----D---- C:\Program Files\Common Files
2009-12-06 14:27:09 ----D---- C:\Program Files\Nokia
2009-12-06 14:27:09 ----D---- C:\Program Files\Common Files\Nokia
2009-12-04 23:53:04 ----D---- C:\WINDOWS\Debug
2009-12-03 13:58:14 ----D---- C:\WINDOWS\system32\config
2009-12-02 12:06:10 ----D---- C:\Program Files\Windows Media Player
2009-12-02 12:06:08 ----D---- C:\WINDOWS\Help
2009-11-30 23:02:55 ----SD---- C:\WINDOWS\Tasks
2009-11-30 23:02:02 ----D---- C:\Program Files\Common Files\Apple
2009-11-29 23:59:39 ----D---- C:\WINDOWS\AppPatch
2009-11-29 22:15:57 ----D---- C:\WINDOWS\SoftwareDistribution
2009-11-29 22:14:22 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-29 21:37:01 ----SHD---- C:\System Volume Information
2009-11-29 20:51:33 ----RASH---- C:\boot_none.ini
2009-11-29 01:39:50 ----N---- C:\WINDOWS\Sof2.INI
2009-11-29 01:39:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-29 01:37:04 ----AD---- C:\osagrobet
2009-11-29 00:22:02 ----D---- C:\Documents and Settings\prcek\Data aplikací\ICQ
2009-11-28 11:20:01 ----D---- C:\Program Files\Common Files\Adobe
2009-11-28 11:19:43 ----D---- C:\Program Files\Adobe
2009-11-27 20:46:08 ----D---- C:\Documents and Settings\prcek\Data aplikací\MySQL
2009-11-25 00:54:29 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-11-23 21:51:07 ----AD---- C:\obchodnisystem
2009-11-22 21:10:14 ----D---- C:\Documents and Settings\prcek\Data aplikací\TeamViewer
2009-11-22 17:42:16 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-20 00:23:24 ----D---- C:\WINDOWS\WinSxS
2009-11-20 00:22:41 ----D---- C:\WINDOWS\system32\DirectX
2009-11-20 00:22:15 ----RSD---- C:\WINDOWS\assembly
2009-11-20 00:16:01 ----D---- C:\Program Files\HRY
2009-11-19 22:38:05 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-19 22:38:03 ----D---- C:\Program Files\AvRack
2009-11-19 22:26:30 ----D---- C:\Program Files\AGEIA Technologies
2009-11-19 22:23:21 ----D---- C:\Program Files\uTorrent
2009-11-19 21:16:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-15 278728]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-15 25416]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-08-14 4485632]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [1980-01-01 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 V0260VID;Live! Cam Vista IM; C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 178913]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-04-01 93184]
S3 atirage;atirage; C:\WINDOWS\system32\DRIVERS\atiragem.sys [2001-10-24 70528]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-12-02 70912]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-08-14 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2009-10-11 1382672]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2001-10-25 90112]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-08-13 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S4 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-10-15 243056]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]

-----------------EOF-----------------

[miso1999]

Zdravým. No neviem, spusť MBAM a daj sem log. Ale nič nemaž, môže mať falošné detekcie.
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

[motji]

Hezké odpoledne
Zatím udělejte ten mbam a uvidíme co dál

[prceksu]

Tak jsem provedl scan pomocí MBAM, nic to nenašlo

Avast po startu WinXP píše:
Byl nalezen podezřelý soubor pomocí heuristických metod.
C:\WINDOWS\System32\Drivers\uxnrf.sys
typ: skryté služby.

Nicméně včera večer mi PC začalo SPAMovat a UPC mi dnes ráno provedlo blokaci portu 25 pro odchozí poštu, z důvodu, že dne 2009-12-14 00:11:03 prostednictvm Vašeho počítače dolo k rozeslání nevyžádané pošty.Dokud si to nevyřeším,port 25 blokován.

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3357
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

14.12.2009 16:08:30
mbam-log-2009-12-14 (16-08-30).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 118493
Uplynulý čas: 3 minute(s), 37 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[motji]

Budete tam mít rootkita

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

[prceksu]

Logy z Gmer:

Log1 z quick scan:

GMER 1.0.15.15279 - http://www.gmer.net
Rootkit quick scan 2009-12-14 20:29:33
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\prcek\LOCALS~1\Temp\pgtdqpog.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89D7F248

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] uxnrf <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Log 2 Full C:
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-14 22:03:39
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\prcek\LOCALS~1\Temp\pgtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xACA786B8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xACA78574] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xACA78A52] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xACA7814C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xACA7864E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xACA7808C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xACA780F0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xACA7876E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xACA7872E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xACA788AE] <-- ROOTKIT !!!

---- Kernel code sections - GMER 1.0.15 ----

.pak2 C:\WINDOWS\system32\drivers\uxnrf.sys entry point in ".pak2" section [0xB9EBE48A]
? C:\WINDOWS\system32\drivers\uxnrf.sys Zařízení připojené k systému nefunguje.
PAGE Ntfs.sys B9D43E55 4 Bytes CALL 89E225E1
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8F09000, 0x238E77, 0xE8000020]
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xA95F2300, 0x25D4C, 0xE0000060]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9593300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA3A0300, 0x1B7E, 0xE8000020]
C:\Program Files\CyberLink\PowerDVD\000.fcl entry point in "" section [0xA93D7000]
.clc C:\Program Files\CyberLink\PowerDVD\000.fcl unknown last section [0xA93D8000, 0x1000, 0x00000000]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89D7F248

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] uxnrf <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1A 0xB3 0x86 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0x26 0x9A 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE1 0x3D 0x02 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA9 0x55 0xA3 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\uxnrf@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\uxnrf@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\uxnrf@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\uxnrf@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1A 0xB3 0x86 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0x26 0x9A 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE1 0x3D 0x02 0xBB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA9 0x55 0xA3 0xAE ...
Reg HKLM\SYSTEM\ControlSet003\Services\uxnrf@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\uxnrf@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\uxnrf@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\uxnrf@Group Boot Bus Extender

---- EOF - GMER 1.0.15 ----

[motji]

Ještě se zeptám, kam jstee ten soubor siszyd32.exe odsunul, že bychom ho také smazali. Je ještě v pc nebo jste ho smazal?

[prceksu]

Ještě je v PC, D:\Chyba\siszyd32.exe.txt

[motji]

Stáhněte Avenger
http://swandog46.geekstogo.com/avenger.exe

-spustíte program a potvrdíte kliknutím na ok,tím potvrzujete, že všechny činnosti s tím spojené činíte na vlastní riziko.
-Po odkliknutí se objeví hlavní okno programu,do bílého okna něj zkopírujte tento skript:

Kód: Vybrat vše

drivers to delete:
uxnrf 

Files to delete:
D:\Chyba\siszyd32.exe.txt
C:\WINDOWS\system32\drivers\uxnrf.sys

-zaškrtněte políčko scan for rootkits

a klikněte na tlačítko Execute.
-Potom se objeví okno,kde kliknutím Yes potvrdíte spuštění skriptu. Pak znovu tlačítkem yes potvrdíte restart počítače.
-Po restartu by se měl otevřít poznámkový blok s logem o vykonání skriptu, bude také uložený v C:\avenger.txt.
-Log vložte sem


Avast přeinstalujte

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde


Z mého podpisu stahněte Ccleaner
-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy udělat zálohu registrů - nemusíte
-kliknete opravit všechny problémy ok zavřít

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky


Já už dnes končím, proto jsem Vám dala víc ukolů, skeny dělejte postupně v pořadí jak je to napsáno, zítra kouknu na logy

Dobrou noc

[prceksu]

1) Avenger log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "uxnrf" deleted successfully.
File "D:\__CHYBA\siszyd32.exe.txt" deleted successfully.
File "C:\WINDOWS\system32\drivers\uxnrf.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

2) AVAST: a) uninstall, b) znovu instalace,aktualizace všeho i programu.

3) Gmer logy:
3a) Log1:
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit quick scan 2009-12-14 23:38:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\prcek\LOCALS~1\Temp\pgtdqpog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

3b) Log2
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-15 01:08:38
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\prcek\LOCALS~1\Temp\pgtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xACAF16B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xACAF1574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xACAF1A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xACAF114C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xACAF164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xACAF108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xACAF10F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xACAF176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xACAF172E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xACAF18AE]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8FC6000, 0x238E77, 0xE8000020]
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xA9733300, 0x25D4C, 0xE0000060]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA96D4300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA390300, 0x1B7E, 0xE8000020]
C:\Program Files\CyberLink\PowerDVD\000.fcl entry point in "" section [0xA9478000]
.clc C:\Program Files\CyberLink\PowerDVD\000.fcl unknown last section [0xA9479000, 0x1000, 0x00000000]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1A 0xB3 0x86 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0x26 0x9A 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE1 0x3D 0x02 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA9 0x55 0xA3 0xAE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1A 0xB3 0x86 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0x26 0x9A 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE1 0x3D 0x02 0xBB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA9 0x55 0xA3 0xAE ...

---- EOF - GMER 1.0.15 ----


4) MBR ajeho log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

5) Ccleaner
Podle návodu, u Registry: 54 problémů registru opraveno vše.

6) AVPTOOL
Spuštěno, ráno než půjdu do práce sem dám log.
Moc moc děkuji a dobrou noc.

[prceksu]

Dobré ráno.
Tak AVPTool se zastavil hned na Ccleaner.exe,tak jsem dal pokračovat,takže výsledek dodák až odpoledne

[motji]

Uvidíme co najde Avptool, ale logy už vypadají dobře . Jak se tváří počítač?

[prceksu]

Dobrý den.
Pecko jede svižně, už se mi nezasekávají aplikace,jako před tím.
Ale stejně mi nejde na rozum,odkud se mi to tam dostalo.
Proto bych měl dotaz: jaké preventivní opatření přijmout,aby se to neopakovalo?
Hmmm, teď koukám v práci do Po spuštění a je zde algqeh32 a taky siszyd32.exe.
No já se picnu,to tu havěť mám i v pracovním PC. Ale tady to sám opravit nesmím,takže na správce, ach jo

[motji]

Ten Avptool pak ale raději udělejte a poprosím i o nový log ze Rsitu.
Nakazit jste mohl pc bud z infikovaných stránek, nebo stažením nějakého souboru z nedůvěryhodného zdroje, nejčastěji cracky a keygeny.
Nepoužíváte flešku na obou počítačích?

Havět kterou máte v pracovním pc doprovází i další viry, správce bude mít asi radost

[prceksu]

Ano,jak budu doma,dojedu ty další úkoly i Rsit.
To bude ono,Flash na obou PC,tak tu musím pro jistotu pročistit taky.Mrknu na web,jak na to.
Ten správce mě asi rovnou zastřelí,to je pech.